pyrox.dev
1# Provide a basic configuration for installation devices like CDs.
2{ config, pkgs, lib, ... }:
3
4with lib;
5
6{
7 imports =
8 [ # Enable devices which are usually scanned, because we don't know the
9 # target system.
10 ../installer/scan/detected.nix
11 ../installer/scan/not-detected.nix
12
13 # Allow "nixos-rebuild" to work properly by providing
14 # /etc/nixos/configuration.nix.
15 ./clone-config.nix
16
17 # Include a copy of Nixpkgs so that nixos-install works out of
18 # the box.
19 ../installer/cd-dvd/channel.nix
20 ];
21
22 config = {
23
24 # Enable in installer, even if the minimal profile disables it.
25 documentation.enable = mkImageMediaOverride true;
26
27 # Show the manual.
28 documentation.nixos.enable = mkImageMediaOverride true;
29
30 # Use less privileged nixos user
31 users.users.nixos = {
32 isNormalUser = true;
33 extraGroups = [ "wheel" "networkmanager" "video" ];
34 # Allow the graphical user to login without password
35 initialHashedPassword = "";
36 };
37
38 # Allow the user to log in as root without a password.
39 users.users.root.initialHashedPassword = "";
40
41 # Allow passwordless sudo from nixos user
42 security.sudo = {
43 enable = mkDefault true;
44 wheelNeedsPassword = mkImageMediaOverride false;
45 };
46
47 # Automatically log in at the virtual consoles.
48 services.getty.autologinUser = "nixos";
49
50 # Some more help text.
51 services.getty.helpLine = ''
52 The "nixos" and "root" accounts have empty passwords.
53
54 An ssh daemon is running. You then must set a password
55 for either "root" or "nixos" with `passwd` or add an ssh key
56 to /home/nixos/.ssh/authorized_keys be able to login.
57
58 If you need a wireless connection, type
59 `sudo systemctl start wpa_supplicant` and configure a
60 network using `wpa_cli`. See the NixOS manual for details.
61 '' + optionalString config.services.xserver.enable ''
62
63 Type `sudo systemctl start display-manager' to
64 start the graphical user interface.
65 '';
66
67 # We run sshd by default. Login via root is only possible after adding a
68 # password via "passwd" or by adding a ssh key to /home/nixos/.ssh/authorized_keys.
69 # The latter one is particular useful if keys are manually added to
70 # installation device for head-less systems i.e. arm boards by manually
71 # mounting the storage in a different system.
72 services.openssh = {
73 enable = true;
74 permitRootLogin = "yes";
75 };
76
77 # Enable wpa_supplicant, but don't start it by default.
78 networking.wireless.enable = mkDefault true;
79 networking.wireless.userControlled.enable = true;
80 systemd.services.wpa_supplicant.wantedBy = mkOverride 50 [];
81
82 # Tell the Nix evaluator to garbage collect more aggressively.
83 # This is desirable in memory-constrained environments that don't
84 # (yet) have swap set up.
85 environment.variables.GC_INITIAL_HEAP_SIZE = "1M";
86
87 # Make the installer more likely to succeed in low memory
88 # environments. The kernel's overcommit heustistics bite us
89 # fairly often, preventing processes such as nix-worker or
90 # download-using-manifests.pl from forking even if there is
91 # plenty of free memory.
92 boot.kernel.sysctl."vm.overcommit_memory" = "1";
93
94 # To speed up installation a little bit, include the complete
95 # stdenv in the Nix store on the CD.
96 system.extraDependencies = with pkgs;
97 [
98 stdenv
99 stdenvNoCC # for runCommand
100 busybox
101 jq # for closureInfo
102 # For boot.initrd.systemd
103 makeInitrdNGTool
104 systemdStage1
105 systemdStage1Network
106 ];
107
108 # Show all debug messages from the kernel but don't log refused packets
109 # because we have the firewall enabled. This makes installs from the
110 # console less cumbersome if the machine has a public IP.
111 networking.firewall.logRefusedConnections = mkDefault false;
112
113 # Prevent installation media from evacuating persistent storage, as their
114 # var directory is not persistent and it would thus result in deletion of
115 # those entries.
116 environment.etc."systemd/pstore.conf".text = ''
117 [PStore]
118 Unlink=no
119 '';
120 };
121}