Nixos vs Ansible

nixinator · February 14, 2022, 11:53pm

interesting points, it takes a bit of time to ween yourself off the ‘standard’ devops tools, Hercules CI effects might be exactly what your looking for.

If you can build up enough momentum to escape the docker black hole gravity well and avoid the oncoming dockerpocalpyse , then you enter devops rehab… I actually regard docker as operating system in it’s own right, the same as emacs ;-). I’ve got one operating system, i don’t need to run another OS within and OS…unix is already good enough, without these esoteric middle ware wrappers around cgroups (name spaces). My view changed when i saw https://www.youtube.com/watch?v=8fi7uSYlOdc . Liz is truly brilliant and smart and hat off to them…, but you get to learn how shonky these container abstractions can be , especially with tangle of virtual network stacks they employ…

But going from traditional tools to full nix, can be a steep (inverse parabolic) learning curve, so , what ever works now…, then do it… even its an anti pattern, you’ll find new nix patterns to move more systems to a fully declarative nix configuration. You will get more funky with the nix language, you’ll find you need a lot less moving parts to the job.

I find GitHub - purpleidea/mgmt: Next generation distributed, event-driven, parallel config management! a really interesting project, which is a basically a DSL for configuration management, using etcd for shared state. Their talk https://www.youtube.com/watch?v=Kd7FAORFtsc is cool. There are some interesting things about how these cfengine clones can be greatly improved. I feel that these is a connection between mgmt and nix somehow , but i don’t have time to research further at the moment.

What ever you do, keep doing it, the future is nix (maybe) and the future starts with you.
https://www.reddit.com/r/NixOS/comments/ohpi2z/nix_is_the_future_and_the_future_starts_with_you/

matthewcroughan · February 15, 2022, 12:09am

I’ve had great success in pushing websites with Hercules CI + Effects. There’s also docs for deploying machines Deploy a NixOS Machine :: Hercules CI Documentation

I wrote this effect to deploy the Plutonomicon website, and it is really simple. Let me know if you don’t understand it, and I’ll do my best to explain it.

github.com

Plutonomicon/plutonomicon/blob/f4b0e14943f769ffbd26133433138a0a67b42176/flake.nix#L51-L80


      
          effects = { src }: {
            gh-pages = hci-effects.runIf (src.ref == "refs/heads/main") (
              hci-effects.mkEffect {
                src = self;
                buildInputs = with pkgs; [ openssh git ];
                secretsMap = {
                  "ssh" = "ssh";
                };
                effectScript =
                let
                  githubHostKey = "github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==";
                in
                ''
                  writeSSHKey
                  echo ${githubHostKey} >> ~/.ssh/known_hosts
          
          
        export GIT_AUTHOR_NAME="Hercules-CI Effects"
                  export GIT_COMMITTER_NAME="Hercules-CI Effects"
                  export EMAIL="github@croughan.sh"

This file has been truncated. show original

ppenguin · February 15, 2022, 3:15pm

Thanks, looks interesting. I did a first quick check, and noticed currently there’s only github support (I also saw this issue). But that got me thinking, I’m already using gitlab-runner on local nixos hosts, they’re currently executing “normal” container builds submitted by a lan-local gitlab instance, shouldn’t that the a good base to get hercules-ci also working on them somehow?

nixinator · February 15, 2022, 5:33pm

integration of herc-ci and gitlab is on the cards… so that would be a great help for those that want to jump from the microsoft ship to the gitlab ship (im not sure who own’s gitlab) , just watch out you don’t get attacked by the Crimson Permanent Assurance vessel

TLATER · February 19, 2022, 6:24pm

GitLab owns GitLab They’re independent, funded by corporate buyers of the enterprise version of their software. It’s the open-core business model, so you get slightly earlier access to new features and better enterprise-targeted integration for SSO and such if you pay. Also GitLab states they prefer organizations who can afford it pay for the enterprise license, so you go on santa’s “bad” list if you don’t.

gitlab.com is their generous public offering, probably used as a test bed and marketing platform.

I don’t see them selling to Microsoft anytime soon; even if they do, the project is likely to just be maintained as a FOSS fork down the line. Anyway, my point is, go support open core organizations!

saggzz · November 8, 2022, 4:25pm

No, definitely not. We are using Ansible in medium sized project and from my perspective it´s pain. Even though you are supplied with some extra modules from Ansible Galaxy it feels like every time things are getting serious you are doing bash. This plus the strange lexical design and the mixture of describing a desired state and having a sequential stepwise process makes this concept as a language compared to terraform or nixos just painful.