I don't really know nix, but have used Ansible to try to have all configuration version-controlled and automated. But if there's any possibility of making changes outside of that, you have to be very disciplined. As soon as someone makes a one-off manual change to a crontab or a systemd unit, you're screwed.

NixOS just doesn’t let you do that in the nominal case, most of /etc consists of symlinks to a read only partition that is managed by nix - it is actually more difficult to do one-off scripts or config changes via files than it is to do so via nix, at least nominally - there are of course software that has it’s own special config format or that keeps its config in a database - but those get snapshot(ed?) and backed up anyway.

Imo, nix is more finnicky but more of a complete solution than ansible.

> but now I use nix, which solves these problems

Um, sorry but what do you mean ?

Everything is configured via nix, I can swap out the hardware and redeploy everything from 0 with a single command invocation.

What if something happens to where you keep your configuration?

It is in git, I have backups. The secrets are not backed up, but those I can recycle if need be.