There is a similar question on the site which must not be named.

My question still has a little different spin:

It seems to me that one of the biggest selling points of Nix is basically infrastructure as code. (Of course being immutable etc. is nice by itself.)

I wonder now, how big the delta is for people like me: All my desktops/servers are based on Debian stable with heavy customization, but 100% automated via Ansible. It seems to me, that a lot of the vocal Nix user (fans) switched from a pet desktop and discover IaC via Nix, and that they are in the end raving about IaC (which Nix might or might not be a good vehicle for).

When I gave Silverblue a try, I totally loved it, but then to configure it for my needs, I basically would have needed to configure the host system, some containers and overlays to replicate my Debian setup, so for me it seemed like too much effort to arrive nearly at where I started. (And of course I can use distrobox/podman and have containerized environments on Debian w/o trouble.)

Am I missing something?

  • @[email protected]
    link
    fedilink
    89 months ago

    I use Fedora Silverblue and in my experience the updates are very stable. But with Debian and Ansible automation I think you are not missing a much, maybe nothing at all.

    Would you mind sharing how you automated your setup with Ansible or generally how to use Ansible in that way? I use some bash scripts for my automation and it is a bit hacky, so if I could improve that, it would be nice.

    • XenGi
      link
      fedilink
      69 months ago

      The thing about ansible is to always remember that it really is just a backup python script that gets copied to your server and executed. Yes it works quite well, but you have to be careful to not have break on you.

      For me the difference to nix is, that my bud expression will actually always produce the same output or tell me it can’t. Instead of ansible which will fail after some updates went past.

    • @[email protected]OP
      link
      fedilink
      English
      3
      edit-2
      9 months ago

      Yes, I really love the Silverblue download in the background, reboot and you are up to date updates. So much better than watching the package manager do its thing. :-)

      I don’t know about your knowledge about Ansible, and when you are already running Silverblue and are happy with it, it might be more worthwhile for you to explore how to automate Silverblue and the containers you are using… and write a blog post for people like me, how you did it, so I can learn. :-P

      Ansible… basically it allows you to install software with the package managers (apt, dnf, …), configure/restart etc. services, clone git repositories, run arbitrary commands, configure stuff with dconf.

      Example for my workflow:

      When Debian 12 got into the alpha stage, I simply set up a virtual machine, install git, ansible and vim, and then I start from a known starting place (like Gnome Desktop for desktops, minimal for servers). First, I clone my git repository with my dotfiles, and link all the relevant dotfiles. After that I simply use Ansible to install all packages I will use from that distribution, run dconf to configure Gnome for my needs, configure/download software from 3rd party package repositories or just download tarballs and install them to /opt or ~/opt. Of course also flatpaks can be configured/downloaded via Ansible.

      Once, everything works great in the virtual machine I will work in the VM for a few days or even weeks. If everything works stable I’ll just make a clean install of the operating system, add some hardware specific tweaks (change grub config, tweak WIFI drivers power mode) and then I am up and running. Thanks to Debian, my Ansible configs are mostly stable with minor tweaks for around 2 years, and when time is due for Debian 13, I’ll repeat the cycle.

      The way I do things with Ansible have grown for a long time and are tailored to my private/professional use cases. I simply like having the same setup on every desktop/server I deploy, because I never have to wonder, if my software is configured in the way I like it, if a hotkey works or if something I use is installed or not. (And if my hardware dies or I do an SSD upgrade, I am up and running within minutes, same is true if I get new hardware.)

      Still, it is a tradeoff. I really like Fedora, but one year of updates is too short for me and my initial investment to setup a new version of Debian. Further, I only use dconf based desktops like Mate or Gnome, because I can simply configure them painless 100% via Ansible. OTOH I have MY Debian desktop setup running on multiple AMD64 and AARCH64 physical and virtual machines. If I want to experiment with software, I just create a VM, start Ansible, get a cup of tea and I have a disposable machine to play around. Further I have my setup 100% documented, if I wonder, what strange power settings tweak I needed in which file to make Debian 11 work on my netbook, I know were to find the 100% correct answer…

      Excuse the wall of text, hope that gave you an idea, don’t hesitate to reach out if any questions are left. Obviously, you have to decide for yourself if such a setup is worthwhile for you. In case you use only one Desktop, this would be total overkill. :-P

      • @[email protected]
        link
        fedilink
        29 months ago

        Reading this, I find myself really, REALLY wanting to replicate that sort of setup, especially the docs part which is something I’ve been neglecting. I always say to myself, “The next Arch install, I’ll document the setup” and it never happens!

        • @[email protected]OP
          link
          fedilink
          English
          19 months ago

          “The next Arch install, I’ll document the setup” - Famous last words! :-)

          Seriously, I wonder how good my approach would work with a rolling distribution like Arch. I would be afraid, that pacman updates would drift/change the system and over time the delta to my assumed setup grows… OTOH if you keep your scripts in sync with Archs updates, you might simply distribute the maintenance of your Ansible script. If you go full Ansible with Arch, please give an experience report in 6 months!

          • @[email protected]
            link
            fedilink
            29 months ago

            I don’t think I will. I switch between Arch and NixOS constantly, and this time (I’m on NixOS right now) I intend on remembering distrobox is a thing if I need to compile from source.

      • @[email protected]
        link
        fedilink
        29 months ago

        Thank you for this in depth answer. It makes me want to explore Ansible and setup automation. Sounds really great!

        and write a blog post for people like me, how you did it, so I can learn.

        I am thinking about that … 🤔

        • @[email protected]OP
          link
          fedilink
          English
          19 months ago

          Really, Ansible doesn’t matter, the IaC part is the killer.

          Just start to put your config into code and learn, over time it will grow!

          I cannot go back to setting desktops/servers up by hand, IaC just solves too many problems and gives me peace of mind.