Ansible

There are several ways to pass the Ansible Vault password. classic CLI prompt which requires manual intervention password file which should be stored somewhere accessible to the Ansible environment variable Today I will tell about my latest approach. I am using tool called Direnv which loads and unloads different environment variables when you enter the directory. Direnv uses .envrc files to read the variables from. Typically, this file should be in your .gitignore so that you don’t leak any secrets. ...

My opinion on this is still not stable or true and I might change my mind later when I will really try NixOS. I see the constant hype around the NixOS and one of the main selling points is its reproducibility. Under the Ansible, you configure only whats in your playbooks. And it’s easy to mess around the system bypassing the Ansible. In NixOS that’s not the case. If you make any ad hoc changes on NixOS and then run nixos-rebuild all your crafted changes will be gone because they are not in your NixOS config. But this is what I like about the Ansible. I can mess around the system, use/evaluate my tweaks until the next OS reinstall or to put in my playbooks only those parts which I really like. Next time I will install OS I will get only my particular features. I don’t need to be afraid to loose some of my temporary tweaks by accidental nixos-rebuild. I believe, you could do the same with NixOS, but… nixos-rebuild sounds too dangerous to have there (as of my current understanding). As of my understanding now, NixOS is more suitable for server setups, where the all components are well known and you truly need 100% reproducibility. ...