-
-
Notifications
You must be signed in to change notification settings - Fork 43
/
noninteractive.nix
97 lines (81 loc) · 3.02 KB
/
noninteractive.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
# This module optimizes for non-interactive deployments by remove some store paths
# which are primarily useful for interactive installations.
{ lib, pkgs, modulesPath, options, ... }:
{
disabledModules = [
# This module adds values to multiple lists (systemPackages, supportedFilesystems)
# which are impossible/unpractical to remove, so we disable the entire module.
"profiles/base.nix"
];
imports = [
./zfs-minimal.nix
./python-minimal.nix
./noveau-workaround.nix
# reduce closure size by removing perl
"${modulesPath}/profiles/perlless.nix"
# FIXME: we still are left with nixos-generate-config due to nixos-install-tools
{ system.forbiddenDependenciesRegexes = lib.mkForce []; }
];
config = {
# nixos-option is mainly useful for interactive installations
system.tools.nixos-option.enable = false;
# among others, this prevents carrying a stdenv with gcc in the image
system.extraDependencies = lib.mkForce [ ];
# prevents shipping nixpkgs, unnecessary if system is evaluated externally
nix.registry = lib.mkForce { };
# would pull in nano
programs.nano.enable = false;
# prevents strace
environment.defaultPackages = lib.mkForce [
pkgs.parted
pkgs.gptfdisk
pkgs.e2fsprogs
];
# included in systemd anyway
systemd.sysusers.enable = true;
services.userborn.enable = false;
# normal users are not allowed with sys-users
# see https://github.com/NixOS/nixpkgs/pull/328926
users.users.nixos = {
isSystemUser = true;
isNormalUser = lib.mkForce false;
shell = "/run/current-system/sw/bin/bash";
group = "nixos";
};
users.groups.nixos = {};
# we have still run0 from systemd and most of the time we just use root
security.sudo.enable = false;
security.polkit.enable = lib.mkForce false;
documentation.man.enable = false;
# no dependency on x11
services.dbus.implementation = "broker";
# introduces x11 dependencies
security.pam.services.su.forwardXAuth = lib.mkForce false;
# Don't install the /lib/ld-linux.so.2 stub. This saves one instance of nixpkgs.
environment.ldso32 = null;
# we prefer root as this is also what we use in nixos-anywhere
services.getty.autologinUser = lib.mkForce "root";
# we are missing this from base.nix
boot.supportedFilesystems = [
"ext4"
"btrfs"
# probably not needed but does not seem to increase closure size
"cifs"
"f2fs"
## anyone still using this over ext4?
#"jfs"
"ntfs"
## no longer seems to be maintained, anyone still using it?
#"reiserfs"
"vfat"
"xfs"
];
boot.kernelModules = [
# we have to explicitly enable this, otherwise it is not loaded even when creating a raid:
# https://github.com/nix-community/nixos-anywhere/issues/249
"dm-raid"
];
} // lib.optionalAttrs (options.hardware ? firmwareCompression) {
hardware.firmwareCompression = "xz";
};
}