I recently had a painful migration from Fedora -> Debian (temporary) -> NixOS on my primary workstation. My git/Ansible workflow is currently executed locally; it turns out Ansible/Python/NixOS can be a painful combination. There are a few others with similar issues. PEBCAK is not entirely ruled out in this scenario.

From what I could tell, the core issue was getting Ansible to recognize the Python binary who could import the correct packages (installed via Nix config).

Solution / Workaround

Rather than continue to fight the three headed beast of Ansible, NixOS, and Python, I took a page from a different pseudo-immutable operating systems. It absolutely flies in the face of NixOS in terms of not being truly reproducable (in the current iteration) but is functionally acceptable. It’s also an effort to my end state to get Ansible execution into CI.

With respect to my preferred local execution workflow, auilding a podman image with the necessary dependencies works well as a “one-liner” to run Ansible playbooks with podman run. The incantation is not pretty, but it works.

Implementation

1. Create Containerfile
2. Build image: podman build -t ansible $containerfilepathhere
3. Create podman network: podman network create -d macvlan -o parent=$interfacename --subnet $subnetcidr podmannet
4. Run terrifying podman command: podman run --network podmannet --mount type=bind,source=$absoluteplaybookdir,destination=/opt/ansible,ro=true --mount type=bind,source=$absolutesshdir,destination=/opt/ssh -ti --rm $containername ansible-playbook --ask-become-pass -u ansible --private-key /opt/ssh/$key -i /opt/ansible/hosts $absoluteplaybookpathincontainer