···

       
9
       
9
       
 
       


     

       
10
       
10
       
 
       
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->

     

       
11
       
11
       
 
       


     

       
12
       
12
       
-
       
- Create the first release note entry in this section!

     

       
12
       
12
       
+
       
- The `boot.readOnlyNixStore` has been removed. Control over bind mount options on `/nix/store` is now offered by the `boot.nixStoreMountOpts` option.

     

       
13
       
13
       
 
       


     

       
14
       
14
       
 
       
## Other Notable Changes {#sec-nixpkgs-release-25.11-notable-changes}

     

       
15
       
15
       
 
       


     

···

       
39
       
39
       
 
       
in

     

       
40
       
40
       
 
       


     

       
41
       
41
       
 
       
{

     

       
42
       
42
       
+
       
  imports = [

     

       
43
       
43
       
+
       
    (lib.mkRemovedOptionModule

     

       
44
       
44
       
+
       
      [

     

       
45
       
45
       
+
       
        "boot"

     

       
46
       
46
       
+
       
        "readOnlyNixStore"

     

       
47
       
47
       
+
       
      ]

     

       
48
       
48
       
+
       
      "Please use the `boot.nixStoreMountOpts' option to define mount options for the Nix store, including 'ro'"

     

       
49
       
49
       
+
       
    )

     

       
50
       
50
       
+
       
  ];

     

       
51
       
51
       
+
       


     

       
42
       
52
       
 
       
  options = {

     

       
43
       
53
       
 
       


     

       
44
       
54
       
 
       
    boot = {

     
···

       
49
       
59
       
 
       
        type = types.lines;

     

       
50
       
60
       
 
       
        description = ''

     

       
51
       
61
       
 
       
          Shell commands to be executed just before systemd is started.

     

       
52
       
52
       
-
       
        '';

     

       
53
       
53
       
-
       
      };

     

       
54
       
54
       
-
       


     

       
55
       
55
       
-
       
      readOnlyNixStore = mkOption {

     

       
56
       
56
       
-
       
        type = types.bool;

     

       
57
       
57
       
-
       
        default = true;

     

       
58
       
58
       
-
       
        description = ''

     

       
59
       
59
       
-
       
          If set, NixOS will enforce the immutability of the Nix store

     

       
60
       
60
       
-
       
          by making {file}`/nix/store` a read-only bind

     

       
61
       
61
       
-
       
          mount. Nix will automatically make the store writable when

     

       
62
       
62
       
-
       
          needed.

     

       
63
       
62
       
 
       
        '';

     

       
64
       
63
       
 
       
      };

     

       
65
       
64
       
 
       


     
···

       
103
       
102
       
 
       
  config = {

     

       
104
       
103
       
 
       


     

       
105
       
104
       
 
       
    system.build.bootStage2 = bootStage2;

     

       
106
       
106
       
-
       
    boot.nixStoreMountOpts = [

     

       
107
       
107
       
-
       
      "nodev"

     

       
108
       
108
       
-
       
      "nosuid"

     

       
109
       
109
       
-
       
    ] ++ lib.optional config.boot.readOnlyNixStore "ro";

     

       
110
       
105
       
 
       
  };

     

       
111
       
106
       
 
       
}