pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / profiles / installation-device.nix
at 18.09-beta 3.2 kB view raw
1# Provide a basic configuration for installation devices like CDs. 2{ config, pkgs, lib, ... }: 3 4with lib; 5 6{ 7 imports = 8 [ # Enable devices which are usually scanned, because we don't know the 9 # target system. 10 ../installer/scan/detected.nix 11 ../installer/scan/not-detected.nix 12 13 # Allow "nixos-rebuild" to work properly by providing 14 # /etc/nixos/configuration.nix. 15 ./clone-config.nix 16 17 # Include a copy of Nixpkgs so that nixos-install works out of 18 # the box. 19 ../installer/cd-dvd/channel.nix 20 ]; 21 22 config = { 23 24 # Enable in installer, even if the minimal profile disables it. 25 services.nixosManual.enable = mkForce true; 26 27 # Show the manual. 28 services.nixosManual.showManual = true; 29 30 # Let the user play Rogue on TTY 8 during the installation. 31 #services.rogue.enable = true; 32 33 # Disable some other stuff we don't need. 34 security.sudo.enable = mkDefault false; 35 services.udisks2.enable = mkDefault false; 36 37 # Automatically log in at the virtual consoles. 38 services.mingetty.autologinUser = "root"; 39 40 # Some more help text. 41 services.mingetty.helpLine = 42 '' 43 44 The "root" account has an empty password. ${ 45 optionalString config.services.xserver.enable 46 "Type `systemctl start display-manager' to\nstart the graphical user interface."} 47 ''; 48 49 # Allow sshd to be started manually through "systemctl start sshd". 50 services.openssh = { 51 enable = true; 52 # Allow password login to the installation, if the user sets a password via "passwd" 53 # It is safe as root doesn't have a password by default and SSH is disabled by default 54 permitRootLogin = "yes"; 55 }; 56 systemd.services.sshd.wantedBy = mkOverride 50 []; 57 58 # Enable wpa_supplicant, but don't start it by default. 59 networking.wireless.enable = mkDefault true; 60 systemd.services.wpa_supplicant.wantedBy = mkOverride 50 []; 61 62 # Tell the Nix evaluator to garbage collect more aggressively. 63 # This is desirable in memory-constrained environments that don't 64 # (yet) have swap set up. 65 environment.variables.GC_INITIAL_HEAP_SIZE = "100000"; 66 67 # Make the installer more likely to succeed in low memory 68 # environments. The kernel's overcommit heustistics bite us 69 # fairly often, preventing processes such as nix-worker or 70 # download-using-manifests.pl from forking even if there is 71 # plenty of free memory. 72 boot.kernel.sysctl."vm.overcommit_memory" = "1"; 73 74 # To speed up installation a little bit, include the complete 75 # stdenv in the Nix store on the CD. 76 system.extraDependencies = with pkgs; 77 [ 78 stdenv 79 stdenvNoCC # for runCommand 80 busybox 81 jq # for closureInfo 82 ]; 83 84 # Show all debug messages from the kernel but don't log refused packets 85 # because we have the firewall enabled. This makes installs from the 86 # console less cumbersome if the machine has a public IP. 87 networking.firewall.logRefusedConnections = mkDefault false; 88 89 environment.systemPackages = [ pkgs.vim ]; 90 91 92 # Allow the user to log in as root without a password. 93 users.users.root.initialHashedPassword = ""; 94 }; 95}