dotfiles/ansible
Tudor Roman d01adfa001
Add a couple more flatpaks
2023-12-07 17:26:53 +01:00
..
collections Managing the underlying non-NixOS system with ansible 2023-11-24 17:04:50 +01:00
playbooks ansible: disable ssh password auth 2023-11-26 23:24:48 +01:00
roles Add a couple more flatpaks 2023-12-07 17:26:53 +01:00
.gitignore Managing the underlying non-NixOS system with ansible 2023-11-24 17:04:50 +01:00
README.md ansible: readme 2023-11-26 23:29:10 +01:00
ansible.cfg ansible: enable pipelining 2023-11-24 18:35:29 +01:00
hosts.yml ansible: connect through ssh 2023-11-26 22:40:50 +01:00

README.md

Ansible roles and playbooks

While I very much love Nix and NixOS, I think NixOS is not suitable for a developer's day-to-day-use machine. On my personal machine, which is now just a laptop, I want to be able to quickly change settings and run random scripts and programs without first adapting them, whereas on a server and/or a VM (either a server VM, or just some tiny one for development and testing) I do prefer having the rigurousness that NixOS provides. For this reason, I prefer running Nix with Home Manager on top of Fedora on my laptop. I actually use Fedora Silverblue, which also gives me a very nice system base that I can version and roll-back if needed, with the advantage of looking very much like a "normal" Linux distro. I even have automatic updates that are applied transparently on next reboot!

I would, however, like to also manage the underlying OS in a declarative way. I am using Ansible to achieve this.

Setup

Because I don't want to litter my Silverblue install with Ansible and Python stuff, I am running it from a container (with either Toolbx or Distrobox). To make that work, I enabled the SSH daemon, added my own SSH key to authorized_keys, and configured the daemon to only allow pubkey authentication.

To prepare the environment:

distrobox create ansible-box [--image whatever]
distrobox enter ansible-box

Running

distrobox enter ansible-box
ansible-playbook playbooks/a_playbook.yml -K # the -K is short for --ask-become-pass

# or even shorter
distrobox enter ansible-box -- ansible-playbook playbooks/a_playbook.yml -K

To lint, run ansible-lint (installation left as an exercise to the reader), or:

nix flake check # this builds EVERYTHING, it will take a while