NixOS? Ansible and Puppet are just workarounds
#NixOS is a linux distribution that has a very different approach compared to other distributions.
You do not change configuration files of applications.
You just change the build instructions that the package manager Nix uses to build the system.
On NixOS the full system is rebuilt everytime you want to change even a minor detail.
A rebuild means that the Nix package manager reads in NixPKGs, then reads in your local build instructions (e.g. “services.openssh.enable = true”) to complement them and then builds all derivations that are required for this specific configuration.
A derivation is roughly similar to a package in other distributions, but in NixOS even /etc/ssh/sshd_config has its own derivation, meaning that it gets built automatically.
Every derivation that gets built, ends up in a directory in /nix/store, indexed with a checksum over all its version information, build instruction and all its dependencies.
That means when you change the build instructions (even if you just insert an irrelevant space in a field somewhere), change a dependency or update to a newer version, Nix will put it into a different directory in /nix/store.
That in turn means that Nix can easily determine if it has already built a specific configuration or program with its specific dependencies. If the path in /nix/store exist, it has already been built.
Oh, and /nix/store is immutable. You are not supposed to change any files in there and there are many good reasons to just accept that and not even try it. If you want to make a change, edit the build instructions or the system configuration and let Nix rebuild the system.
By following that, you gain the ability to just rollback to older versions (called generations) of your system configuration.
Made a change and noticed that it doesn't work well?
sudo nixos-rebuild --rollback
And you're good.
The system doesn't boot anymore because of a software problem?
Hit space in the boot manager and boot an older generation.
Your harddisk failed and you have to reinstall your system?
With NixOS you still have to partition your drive manually from the installation CD/DVD, that's a bit annoying. But then you just copy /etc/nixos from your backup, tell Nix to install the system (completely non-interactive). Finally restore your /home from the latest backup and your system will be in exactly the same state as before the disk failure. Well ok: it will be in the same state as your last backup.
But there is no question about the packages you had installed or their versions.
Also the system configuration is completely included in /etc/nixos, so just backing up /etc/nixos and /home is sufficient for a desktop or laptop.
For servers you obviously may need other directories as well, but that depends on the applications running on them.
On my systems /etc/nixos is a git repository. That's enough to allow me to share this system configuration on multiple systems. I'm using NixOS since 2015 now and I really don't want to go back. Ansible and Puppet are just workarounds for the package and /etc hell.