SELinux provides a strong security measure that can make an SELinux-enabled operating system a type of “fortress”: the so-called “confined users” [1] [2] [3], which add security and isolation capabilities that are in several respects comparable to containers but without many of their restrictions in GUI use cases (this topic is focused on desktop use cases, not server, infra, and such). By default, SELinux does not enforce much within user accounts but only around them. But in graphical desktop...
while i think that ansible is really cool, it’s not the same as Nix.
correct me if i’m wrong, but afaik Ansible just modifies the current state of the System with a declarative configuration.
Nix reverts your system back to install and then applies the configuration. The result is that in Nix if i remove something from the configuration.nix it is as if it never existed, whereas on Ansible it stays unless i manually run a task to uninstall it.
I suggest you check Silverblue + Ansible (or CoreOS/IoT for server stuff).
while i think that ansible is really cool, it’s not the same as Nix.
correct me if i’m wrong, but afaik Ansible just modifies the current state of the System with a declarative configuration.
Nix reverts your system back to install and then applies the configuration. The result is that in Nix if i remove something from the configuration.nix it is as if it never existed, whereas on Ansible it stays unless i manually run a task to uninstall it.