Either my Ansible knowledge is too limited which is entirely possible, or you can’t do stuff there that’s possible with Nix. Let’s stay go with my example that you have something that requires changes in PAM. So you write an Ansible file installing the package (which is distribution-specific, so you’re losing one advantage you had over NixOS), enable the service and add your entries to the respective PAM file (e.g. login because you want to enable user authentication against kanidm on your machine). The ordering in these files matter. Sure you have insertbefore and insertafter for lineinfile and blockinfile, but this basically requires you to know the rest of the file in advance… not a problem if your system is always the same, but you don’t have the flexibility and composability that Nix offers.
I’d say, from my experience with Ansible, that it can absolutely do all of that. Might be able to use a single task for the package install, if the distro supports the generic package module. There’s also a pamd module that would likely cover your needs there. If not, it would still be possible with a custom module or some Xinfile fuckery (if it can be fine programmatically, it can be done in Ansible, more niche things may require writing code, however).
It would not be as terse though. Really wish there was a good middle ground.
It can do that, but it gets more complicated because you are doing this is in an imperative way. For example, in Nix it’s trivial to change the config and remove something.
In ansible there’s no guarantee installing a package and removing it won’t have side effects. You could install a DE and decide to switch back, but it already changed some files on your system
Either my Ansible knowledge is too limited which is entirely possible, or you can’t do stuff there that’s possible with Nix. Let’s stay go with my example that you have something that requires changes in PAM. So you write an Ansible file installing the package (which is distribution-specific, so you’re losing one advantage you had over NixOS), enable the service and add your entries to the respective PAM file (e.g. login because you want to enable user authentication against kanidm on your machine). The ordering in these files matter. Sure you have
insertbeforeandinsertafterforlineinfileandblockinfile, but this basically requires you to know the rest of the file in advance… not a problem if your system is always the same, but you don’t have the flexibility and composability that Nix offers.I’d say, from my experience with Ansible, that it can absolutely do all of that. Might be able to use a single task for the package install, if the distro supports the generic
packagemodule. There’s also a pamd module that would likely cover your needs there. If not, it would still be possible with a custom module or some Xinfile fuckery (if it can be fine programmatically, it can be done in Ansible, more niche things may require writing code, however).It would not be as terse though. Really wish there was a good middle ground.
It can do that, but it gets more complicated because you are doing this is in an imperative way. For example, in Nix it’s trivial to change the config and remove something.
In ansible there’s no guarantee installing a package and removing it won’t have side effects. You could install a DE and decide to switch back, but it already changed some files on your system