diff options
Diffstat (limited to 'nixpkgs/nixos/modules/profiles/installation-device.nix')
| -rw-r--r-- | nixpkgs/nixos/modules/profiles/installation-device.nix | 109 |
1 files changed, 109 insertions, 0 deletions
diff --git a/nixpkgs/nixos/modules/profiles/installation-device.nix b/nixpkgs/nixos/modules/profiles/installation-device.nix new file mode 100644 index 00000000000..fd30220ce1c --- /dev/null +++ b/nixpkgs/nixos/modules/profiles/installation-device.nix @@ -0,0 +1,109 @@ +# Provide a basic configuration for installation devices like CDs. +{ config, pkgs, lib, ... }: + +with lib; + +{ + imports = + [ # Enable devices which are usually scanned, because we don't know the + # target system. + ../installer/scan/detected.nix + ../installer/scan/not-detected.nix + + # Allow "nixos-rebuild" to work properly by providing + # /etc/nixos/configuration.nix. + ./clone-config.nix + + # Include a copy of Nixpkgs so that nixos-install works out of + # the box. + ../installer/cd-dvd/channel.nix + ]; + + config = { + + # Enable in installer, even if the minimal profile disables it. + documentation.enable = mkForce true; + + # Show the manual. + documentation.nixos.enable = mkForce true; + services.nixosManual.showManual = true; + + # Let the user play Rogue on TTY 8 during the installation. + #services.rogue.enable = true; + + # Disable some other stuff we don't need. + services.udisks2.enable = mkDefault false; + + # Use less privileged nixos user + users.users.nixos = { + isNormalUser = true; + extraGroups = [ "wheel" "networkmanager" "video" ]; + # Allow the graphical user to login without password + initialHashedPassword = ""; + }; + + # Allow the user to log in as root without a password. + users.users.root.initialHashedPassword = ""; + + # Allow passwordless sudo from nixos user + security.sudo = { + enable = mkDefault true; + wheelNeedsPassword = mkForce false; + }; + + # Automatically log in at the virtual consoles. + services.mingetty.autologinUser = "nixos"; + + # Some more help text. + services.mingetty.helpLine = '' + The "nixos" and "root" accounts have empty passwords. + + Type `sudo systemctl start sshd` to start the SSH daemon. + You then must set a password for either "root" or "nixos" + with `passwd` to be able to login. + '' + optionalString config.services.xserver.enable '' + Type `sudo systemctl start display-manager' to + start the graphical user interface. + ''; + + # Allow sshd to be started manually through "systemctl start sshd". + services.openssh = { + enable = true; + # Allow password login to the installation, if the user sets a password via "passwd" + # It is safe as root doesn't have a password by default and SSH is disabled by default + permitRootLogin = "yes"; + }; + systemd.services.sshd.wantedBy = mkOverride 50 []; + + # Enable wpa_supplicant, but don't start it by default. + networking.wireless.enable = mkDefault true; + systemd.services.wpa_supplicant.wantedBy = mkOverride 50 []; + + # Tell the Nix evaluator to garbage collect more aggressively. + # This is desirable in memory-constrained environments that don't + # (yet) have swap set up. + environment.variables.GC_INITIAL_HEAP_SIZE = "1M"; + + # Make the installer more likely to succeed in low memory + # environments. The kernel's overcommit heustistics bite us + # fairly often, preventing processes such as nix-worker or + # download-using-manifests.pl from forking even if there is + # plenty of free memory. + boot.kernel.sysctl."vm.overcommit_memory" = "1"; + + # To speed up installation a little bit, include the complete + # stdenv in the Nix store on the CD. + system.extraDependencies = with pkgs; + [ + stdenv + stdenvNoCC # for runCommand + busybox + jq # for closureInfo + ]; + + # Show all debug messages from the kernel but don't log refused packets + # because we have the firewall enabled. This makes installs from the + # console less cumbersome if the machine has a public IP. + networking.firewall.logRefusedConnections = mkDefault false; + }; +} |