From cc70cdc660ff648772eda78cfd3bfb766b3fa5b3 Mon Sep 17 00:00:00 2001
From: Alex Auvolat <alex@adnab.me>
Date: Wed, 14 Dec 2022 17:52:36 +0100
Subject: [PATCH] write about why not ansible

---
 README.md | 38 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)

diff --git a/README.md b/README.md
index 7dac27b..412ee46 100644
--- a/README.md
+++ b/README.md
@@ -81,6 +81,44 @@ Finally you should see be able to access the production Nomad and Consul by brow
  - Nomad: http://localhost:4646
 
 
+## Why not Ansible?
+
+I often get asked why not use Ansible to deploy to remote machines, as this
+would look like a typical use case.  There are many reasons, which basically
+boil down to "I really don't like Ansible":
+
+- Ansible tries to do declarative system configuration, but doesn't do it
+  correctly at all, like Nix does.  Example: in NixOS, to undo something you've
+  done, just comment the corresponding lines and redeploy.
+
+- Ansible is massive overkill for what we're trying to do here, we're just
+  copying a few small files and running some basic commands, leaving the rest
+  to NixOS.
+
+- YAML is a pain to manipulate as soon as you have more than two or three
+  indentation levels.  Also, why in hell would you want to write loops and
+  conditions in YAML when you could use a proper expression language?
+
+- Ansible's vocabulary is not ours, and it imposes a rigid hierarchy of
+  directories and files which I don't want.
+
+- Ansible is probably not flexible enough to do what we want, at least not
+  without getting a migraine when trying. For example, it's inventory
+  management is too simple to account for the heterogeneity of our cluster
+  nodes while still retaining a level of organization (some configuration
+  options are defined cluster-wide, some are defined for each site - physical
+  location - we deploy on, and some are specific to each node).
+
+- I never remember Ansible's command line flags.
+
+- My distribution's package for Ansible takes almost 400MB once installed,
+  WTF???  By not depending on it, we're reducing the set of tools we need to
+  deploy to a bare minimum: Git, OpenSSH, OpenSSL, socat,
+  [pass](https://www.passwordstore.org/) (and the Consul and Nomad binaries
+  which are, I'll admit, not small).
+
+
 ## More
 
 Please read README.more.md for more detailed information
+