···

       
1
       
1
       
+
       
# This profile sets up a sytem for image based appliance usage. An appliance is

     

       
2
       
2
       
+
       
# installed as an image, cannot be re-built, has no Nix available, and is

     

       
3
       
3
       
+
       
# generally not meant for interactive use. Updates to such an appliance are

     

       
4
       
4
       
+
       
# handled by updating whole partition images via a tool like systemd-sysupdate.

     

       
5
       
5
       
+
       


     

       
6
       
6
       
+
       
{ lib, modulesPath, ... }:

     

       
7
       
7
       
+
       


     

       
8
       
8
       
+
       
{

     

       
9
       
9
       
+
       


     

       
10
       
10
       
+
       
  # Appliances are always "minimal".

     

       
11
       
11
       
+
       
  imports = [

     

       
12
       
12
       
+
       
    "${modulesPath}/profiles/minimal.nix"

     

       
13
       
13
       
+
       
  ];

     

       
14
       
14
       
+
       


     

       
15
       
15
       
+
       
  # The system cannot be rebuilt.

     

       
16
       
16
       
+
       
  nix.enable = false;

     

       
17
       
17
       
+
       
  system.switch.enable = false;

     

       
18
       
18
       
+
       


     

       
19
       
19
       
+
       
  # The system is static.

     

       
20
       
20
       
+
       
  users.mutableUsers = false;

     

       
21
       
21
       
+
       


     

       
22
       
22
       
+
       
  # The system avoids interpreters as much as possible to reduce its attack

     

       
23
       
23
       
+
       
  # surface.

     

       
24
       
24
       
+
       
  boot.initrd.systemd.enable = lib.mkDefault true;

     

       
25
       
25
       
+
       
  networking.useNetworkd = lib.mkDefault true;

     

       
26
       
26
       
+
       
}