summary refs log tree commit diff
diff options
context:
space:
mode:
authorEelco Dolstra <eelco.dolstra@logicblox.com>2014-04-16 16:58:06 +0200
committerEelco Dolstra <eelco.dolstra@logicblox.com>2014-04-16 16:58:06 +0200
commit150d3b00951a2f0f1f65a22602422c2e75616c1f (patch)
tree5b28b9dcea6a892f0999d34281930d0d75fcbe59
parentc13d582c782536718c7d62a10c2f83f19f0ce22e (diff)
downloadnixpkgs-150d3b00951a2f0f1f65a22602422c2e75616c1f.tar
nixpkgs-150d3b00951a2f0f1f65a22602422c2e75616c1f.tar.gz
nixpkgs-150d3b00951a2f0f1f65a22602422c2e75616c1f.tar.bz2
nixpkgs-150d3b00951a2f0f1f65a22602422c2e75616c1f.tar.lz
nixpkgs-150d3b00951a2f0f1f65a22602422c2e75616c1f.tar.xz
nixpkgs-150d3b00951a2f0f1f65a22602422c2e75616c1f.tar.zst
nixpkgs-150d3b00951a2f0f1f65a22602422c2e75616c1f.zip
no-x-libs.nix: Disable su xauth forwarding, and X11 dependency in dbus
Diffstat
-rw-r--r--nixos/lib/eval-config.nix2


-rw-r--r--nixos/modules/config/no-x-libs.nix21


-rw-r--r--nixos/modules/profiles/minimal.nix7


3 files changed, 17 insertions, 13 deletions
diff --git a/nixos/lib/eval-config.nix b/nixos/lib/eval-config.nix
index e082b174454..0fa00637a93 100644
--- a/nixos/lib/eval-config.nix
+++ b/nixos/lib/eval-config.nix
@@ -58,7 +58,7 @@ rec {
           inherit system extraArgs modules prefix;
           # For efficiency, leave out most NixOS modules; they don't
           # define nixpkgs.config, so it's pointless to evaluate them.
-          baseModules = [ ../modules/misc/nixpkgs.nix ];
+          baseModules = [ ../modules/misc/nixpkgs.nix ../modules/config/no-x-libs.nix ];
           pkgs = import ./nixpkgs.nix { system = system_; config = {}; };
           check = false;
         }).config.nixpkgs;
diff --git a/nixos/modules/config/no-x-libs.nix b/nixos/modules/config/no-x-libs.nix
index 4b791c109d7..f91dbb4cc28 100644
--- a/nixos/modules/config/no-x-libs.nix
+++ b/nixos/modules/config/no-x-libs.nix
@@ -1,3 +1,6 @@
+# This module gets rid of all dependencies on X11 client libraries
+# (including fontconfig).
+
 { config, lib, pkgs, ... }:
 
 with lib;
@@ -8,18 +11,22 @@ with lib;
       type = types.bool;
       default = false;
       description = ''
-        Switch off the options in the default configuration that require X libraries.
-        Currently this includes: ssh X11 forwarding, dbus, fonts.enableCoreFonts,
-        fonts.enableFontConfig
+        Switch off the options in the default configuration that
+        require X11 libraries. This includes client-side font
+        configuration and SSH forwarding of X11 authentication
+        in. Thus, you probably do not want to enable this option if
+        you want to run X11 programs on this machine via SSH.
       '';
     };
   };
 
   config = mkIf config.environment.noXlibs {
     programs.ssh.setXAuthLocation = false;
-    fonts = {
-      enableCoreFonts = false;
-      enableFontConfig = false;
-    };
+    security.pam.services.su.forwardXAuth = lib.mkForce false;
+
+    fonts.enableFontConfig = false;
+
+    nixpkgs.config.packageOverrides = pkgs:
+      { dbus = pkgs.dbus.override { useX11 = false; }; };
   };
 }
diff --git a/nixos/modules/profiles/minimal.nix b/nixos/modules/profiles/minimal.nix
index 821b9f93465..5067622aaf1 100644
--- a/nixos/modules/profiles/minimal.nix
+++ b/nixos/modules/profiles/minimal.nix
@@ -1,11 +1,8 @@
 # This module defines a small NixOS configuration.  It does not
 # contain any graphical stuff.
 
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
 
 {
-  # Don't include X libraries.
-  programs.ssh.setXAuthLocation = false;
-  fonts.enableFontConfig = false;
-  fonts.enableCoreFonts = false;
+  environment.noXlibs = true;
 }

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-03 21:14:02 +0000