Hi, I run a little homelab with a couple of servers as a hobby of mine and I have been thinking about adopting Infrastructure as Code for the servers in case anything were to go wrong.
I have seen both Ansible and Nix thrown around as tools to achieve this. I hear the Nix is a much more powerful tool than Ansible, but much harder to learn.
Any suggestions?
Thanks in advance. 
To be precise, it’s not so much nix as it is nixos that can achieve this.
Ansible achieves this in a stateful manner, so how well it locks things down to your specification is a function of how well your (hopefully) idempotent scripts actually control the system. This makes it something one can apply gradually, and mix with stateful management as desired.
Nixos is the radical approach. You lose the capacity to do many system administration tasks outside of the defining code. You can no longer just run a linux binary without getting it through nix or jumping through extra hoops. But in exchange, you actually have a much stronger guarantee of how deterministic the connection between the defining code and the resultant system is.
Obviously this is a nix space, so we’re going to advocate for nix-based solutions, but it’s important to ask yourself if you’re ready to commit to doing things declaratively or just want to dip your toes into the shallow end.
There are good mixes too, with VMs and nspawn containers of your choosing, and system-manager. Doesn’t have to be all-or-nothing
Nix is a build tool, package manager and programming language. By itself nix cannot deploy systems like ansible can.
NixOS in turn is a deployment tool similar to ansible that comes with its own distro.
The main reason I’d use NixOS over ansible is that with ansible you can never be certain that the deployment was applied correctly.
Ansible is what we call “convergent”, i.e., we run some scripts that change the deployment on the system to hopefully be what we intend it to become, assuming that the current state is what we think it is. Unfortunately, state drifts, so eventually things can drift apart and start failing. You end up having to take extreme care writing your scripts to avoid causing issues.
Ansible comes from a time when convergent deployment was still very much considered the state of the art. There’s a reason kubernetes has almost completely displaced it in serious organizations, though.
NixOS on the other hand deploys (mostly, assuming sensible config and software that can handle this) your configurations declaratively. Whatever your configuration declares the state should be will be the state. This is unusual, and it can be difficult to adjust to, but incredibly reassuring.
The exception is data, but we have tools to control that as well.
Obviously you’ll get the answer that NixOS is better asking on the NixOS forums, but I don’t really think there’s a competition here. I would never choose ansible over NixOS; Ansible was neat when we didn’t have better options.
As for the learning curve, there definitely is something to that. Unfortunately, there is very little quality tutorial-style documentation for NixOS. You end up having to cobble together an understanding mostly by yourself.
The community is friendly and helpful, though. If you’re determined, I think it’s far from impossible to learn. Just give it a shot with one or two machines in your homelab, no need to transform everything at once
You’ll run into a lot of papercuts with your first deployment or two, but once you’ve fired every footgun once it’s a pretty smooth experience.
Hello,
Hope you won’t mind some kind of self promotion here but I wrote about this in my thesis. Find it here: Release Release 103 (40746b3a967aa47799daa1692a431a152a96c5ae) · drupol/master-thesis · GitHub
Feedback is welcome.
I’ll just throw this related link here which I found under a post about declarative flatpak here
https://flyingcircus.io/news/detailsansicht/thoughts-on-systems-management-methods/
This is exactly what I wanted to point out in my thesis!
@drupol I’m being a bit off-topic here, but this is awesome! I look forward to reading this 
I’m a PhD student in software engineering and have been continually frustrated by the poor state of reproducibility for research artifacts in my field.
One minor question: your GitHub repo links to https://codeberg.org/p1ld7a/master-thesis which gives me a 404 error. Is that intentional (i.e. the link is to something locked behind authentication) or should the link be fixed or removed?
Ho thanks for letting me know, I was not aware ! I will find a solution for this tomorrow.
edit: I just fixed it, I had to make my profile public.
In the meantime, find a mirror at: GitHub - drupol/master-thesis: Pol Dellaiera's Master Thesis - Reproducibility In Software Engineering
Hope you’ll like it !