There needs to be a decent way to automate the management of all my computers. Continuing the research from a few days ago I am going to focus on three tools:
- https://saltproject.io/ – Salt (sometimes referred to as SaltStack) is a Python-based, open-source software for event-driven IT automation, remote task execution, and configuration management.
- Here is what Salt looks like:
# https://github.com/discourse/discourse/blob/master/docs/INSTALL-cloud.md
# Rest of the config and install is manual but it's not terrible
{% if not salt.file.file_exists('/var/discourse') %}
https://github.com/discourse/discourse_docker.git:
git.latest:
- target: /var/discourse
{% endif %}
- https://nixos.org/ – Linux distribution based on the purely functional Nix package manager. NixOS is composed using modules and packages defined in the nixpkgs project. NixOS uses an immutable design and an atomic update model. Its use of a declarative configuration allows reproducibility and portability.
{ config, lib, ... }:
let
inherit (config) host;
inherit (lib) mkOption;
inherit (lib.types) str;
identity = import ../resources/identity.nix;
in
{
options.host.name = mkOption { type = str; };
config = {
# Identity
networking.hostName = host.name;
networking.domain = "home.arpa";
networking.networkmanager.wifi.macAddress = "stable" /* hashed */;
# DNS
services.resolved.extraConfig = ''
DNSSEC=no
StaleRetentionSec=3600
'';
# Workaround for `avahi-daemon[1234]: Failed to read /etc/avahi/services.`
# Upstream: https://github.com/lathiat/avahi/blob/v0.8/avahi-daemon/static-services.c#L917-L919
system.activationScripts.etcAvahiServices = "mkdir -p /etc/avahi/services";
# Permissions
users.users.${identity.username}.extraGroups = [ "networkmanager" ];
};
}
- https://guix.gnu.org/ – GNU Guix is a functional cross-platform package manager and a tool to instantiate and manage Unix-like operating systems, based on the Nix package manager. Configuration and package recipes are written in Guile Scheme. GNU Guix is the default package manager of the GNU Guix System distribution. Example (src, src):
(use-modules (gnu) (srfi srfi-1) (guix packages))
(use-package-modules fonts glib certs xdisorg xorg)
(use-service-modules avahi base dbus desktop networking xorg)
(operating-system
(host-name "len")
(locale "en_US.utf8")
(timezone "Europe/Madrid")
(users
(cons*
(user-account
(name "main")
(comment "Main user account")
(group "users")
(supplementary-groups '("wheel" "netdev" "audio" "video" "input")))
%base-user-accounts))
(keyboard-layout
(keyboard-layout "us" "dvorak" #:options '("ctrl:swapcaps_hyper" "compose:ralt")))
(bootloader
(bootloader-configuration
(bootloader grub-bootloader)
(targets '("/dev/sda"))
(keyboard-layout keyboard-layout)))
(file-systems
(cons*
(file-system
(mount-point "/")
(device (file-system-label "system"))
(type "ext4"))
(file-system
(mount-point "/mnt/data")
(device (file-system-label "data"))
(type "ext4"))
%base-file-systems))
(packages
(cons* dbus font-terminus nss-certs sx xhost %base-packages))
(services
(cons*
(service xorg-server-service-type
(xorg-configuration
(keyboard-layout keyboard-layout)))
(service dhcp-client-service-type)
(service avahi-service-type)
(elogind-service)
(dbus-service)
(modify-services %base-services
(console-font-service-type
configuration =>
(map (lambda (tty)
(cons tty (file-append font-terminus "/share/consolefonts/ter-118n.psf.gz")))
'("tty1" "tty2" "tty3" "tty4" "tty5" "tty6")))))))
Michael Lynch’s opinion
(2024-02-22) Michael Lynch - analysis and commentary on Salt vs Ansible vs NixOS: My First Impressions of Nix · mtlynch.io
- used Salt for a decade
- Ansible too slow
- NixOS - many failed attempts - making progress
Salt so far seems like the least intrusive way to achieve automation and management, without changing distros. (I love Slackware).
But I wanted to learn how NixOS compares to GNU Guix so I asked ChatGPT:
ChatGPT’s opinion
NixOS and GNU Guix are both Linux distributions that focus on unique package management and configuration management systems, aiming to improve system reproducibility, reliability, and portability. While they share some underlying principles, they differ significantly in their implementation and ecosystem. Here’s a comparison of the two:
Package Management
- NixOS uses the Nix package manager, which implements a purely functional deployment model. Packages and their dependencies are stored in isolation from each other in the Nix store, identified by unique hashes. This approach allows for atomic upgrades, rollbacks, and side-by-side installation of multiple versions of a package.
- GNU Guix uses Guix System, which is based on the same principles as Nix but uses the Guile Scheme programming language for its package definitions and system configurations. Guix emphasizes the use of free software and is officially endorsed by the Free Software Foundation.
Configuration Management
- NixOS defines system configuration declaratively in Nix expressions. This allows for a highly reproducible system configuration that can be version-controlled and shared among different machines.
- GNU Guix also uses a declarative model for system configuration but leverages Guile Scheme for its configuration scripts. This approach not only facilitates reproducibility and customization but also appeals to users who prefer programming in Scheme.
Philosophy and Community
- NixOS aims to provide a reliable and reproducible platform for both development and production environments, with a strong focus on isolation and atomic upgrades. Its community is centered around practicality and robustness, attracting both developers and system administrators.
- GNU Guix emphasizes freedom and user empowerment, aligning closely with the philosophy of the GNU Project. Its community values include promoting free software and providing tools that empower users to control their computing.
Learning Curve and Documentation
- NixOS has a steep learning curve due to its unique approach to system management and package declaration. However, it is well-documented, with a broad range of tutorials and guides available for beginners and advanced users alike.
- GNU Guix also has a learning curve, particularly for users not familiar with Guile Scheme. However, it offers comprehensive documentation and a supportive community that can help new users get started.
Use Cases
- NixOS is well-suited for environments where reproducibility, reliability, and scalability are critical, such as in DevOps and cloud infrastructure.
- GNU Guix is particularly appealing to enthusiasts of free software and those interested in a system that fully adheres to the principles of the GNU Project. It’s also a good choice for researchers and developers who prefer the expressiveness of Scheme.
In conclusion, the choice between NixOS and GNU Guix often comes down to personal preference, specific project requirements, and philosophy alignment. Both offer powerful tools for managing complex system configurations in a reproducible manner, though they cater to slightly different audiences and use cases.