There was a decent discussion in the matrix channel on Salt vs Ansible vs OpenTofu. I’m looking for a new project and I thought it would be a good idea to get some community feedback first.
Would people be interested in a way to use Ansible for user configuration management instead of Salt?
OpenTofu has a better fit for managing the lifecycle of a qubes, excluding the software inside of them. Would you want to use two languages to maintain your setup or do you think it’s better to provide everything within Ansible?
I’d love to see Ansible support. I’ve never seen Salt in use anywhere else, but I’ve used it personally before Qubes. I find Ansible+Puppet intuitively easier to use than Salt+Chef.
OpenTofu - oh cool, someone forked Terraform. I think I’d get more value out of the software/template management side than controlling desktop qubes, but if Qubes Air is still on the cards then I’d want the extra specialized language.
I would love to use ansible for configuration management instead of salt! I gave up on trying to write anything for salt a while back and just use bash scripts instead since then for qubes. (I use ansible for everything but qubes).
Personally I would prefer doing it all in ansible as opposed to using two languages. Note that I’ve never dealt with openTofu, so I cannot say if it has any real advantage. You may want to look at: https://docs.ansible.com/ansible/latest/collections/community/general/terraform_module.html
(which at least at first glance, looks like a way of running terraform from anisble.)
However, note that by installing 2 applications that you increase your attack surface)
Of interest, i believe ansible/qubes stuff has already been started. Examples: