nixos: nixos/doc/configuration/profiles/*.xml to CommonMark

11 files changed, 184 insertions, 0 deletions

diff --git a/nixos/doc/manual/from_md/configuration/profiles/all-hardware.section.xml b/nixos/doc/manual/from_md/configuration/profiles/all-hardware.section.xml
new file mode 100644
index 00000000000..e355ffb752d
--- /dev/null
+++ b/nixos/doc/manual/from_md/configuration/profiles/all-hardware.section.xml
@@ -0,0 +1,16 @@
+<section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="sec-profile-all-hardware">
+  <title>All Hardware</title>
+  <para>
+    Enables all hardware supported by NixOS: i.e., all firmware is
+    included, and all devices from which one may boot are enabled in the
+    initrd. Its primary use is in the NixOS installation CDs.
+  </para>
+  <para>
+    The enabled kernel modules include support for SATA and PATA, SCSI
+    (partially), USB, Firewire (untested), Virtio (QEMU, KVM, etc.),
+    VMware, and Hyper-V. Additionally,
+    <link xlink:href="options.html#opt-hardware.enableAllFirmware"><literal>hardware.enableAllFirmware</literal></link>
+    is enabled, and the firmware for the ZyDAS ZD1211 chipset is
+    specifically installed.
+  </para>
+</section>
diff --git a/nixos/doc/manual/from_md/configuration/profiles/base.section.xml b/nixos/doc/manual/from_md/configuration/profiles/base.section.xml
new file mode 100644
index 00000000000..83d35bd2867
--- /dev/null
+++ b/nixos/doc/manual/from_md/configuration/profiles/base.section.xml
@@ -0,0 +1,10 @@
+<section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="sec-profile-base">
+  <title>Base</title>
+  <para>
+    Defines the software packages included in the <quote>minimal</quote>
+    installation CD. It installs several utilities useful in a simple
+    recovery or install media, such as a text-mode web browser, and
+    tools for manipulating block devices, networking, hardware
+    diagnostics, and filesystems (with their respective kernel modules).
+  </para>
+</section>
diff --git a/nixos/doc/manual/from_md/configuration/profiles/clone-config.section.xml b/nixos/doc/manual/from_md/configuration/profiles/clone-config.section.xml
new file mode 100644
index 00000000000..9430b49ea33
--- /dev/null
+++ b/nixos/doc/manual/from_md/configuration/profiles/clone-config.section.xml
@@ -0,0 +1,16 @@
+<section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="sec-profile-clone-config">
+  <title>Clone Config</title>
+  <para>
+    This profile is used in installer images. It provides an editable
+    configuration.nix that imports all the modules that were also used
+    when creating the image in the first place. As a result it allows
+    users to edit and rebuild the live-system.
+  </para>
+  <para>
+    On images where the installation media also becomes an installation
+    target, copying over <literal>configuration.nix</literal> should be
+    disabled by setting <literal>installer.cloneConfig</literal> to
+    <literal>false</literal>. For example, this is done in
+    <literal>sd-image-aarch64-installer.nix</literal>.
+  </para>
+</section>
diff --git a/nixos/doc/manual/from_md/configuration/profiles/demo.section.xml b/nixos/doc/manual/from_md/configuration/profiles/demo.section.xml
new file mode 100644
index 00000000000..8b8c09118d9
--- /dev/null
+++ b/nixos/doc/manual/from_md/configuration/profiles/demo.section.xml
@@ -0,0 +1,10 @@
+<section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="sec-profile-demo">
+  <title>Demo</title>
+  <para>
+    This profile just enables a <literal>demo</literal> user, with
+    password <literal>demo</literal>, uid <literal>1000</literal>,
+    <literal>wheel</literal> group and
+    <link xlink:href="options.html#opt-services.xserver.displayManager.autoLogin">autologin
+    in the SDDM display manager</link>.
+  </para>
+</section>
diff --git a/nixos/doc/manual/from_md/configuration/profiles/docker-container.section.xml b/nixos/doc/manual/from_md/configuration/profiles/docker-container.section.xml
new file mode 100644
index 00000000000..28dcd2b1a2d
--- /dev/null
+++ b/nixos/doc/manual/from_md/configuration/profiles/docker-container.section.xml
@@ -0,0 +1,12 @@
+<section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="sec-profile-docker-container">
+  <title>Docker Container</title>
+  <para>
+    This is the profile from which the Docker images are generated. It
+    prepares a working system by importing the
+    <link linkend="sec-profile-minimal">Minimal</link> and
+    <link linkend="sec-profile-clone-config">Clone Config</link>
+    profiles, and setting appropriate configuration options that are
+    useful inside a container context, like
+    <link xlink:href="options.html#opt-boot.isContainer"><literal>boot.isContainer</literal></link>.
+  </para>
+</section>
diff --git a/nixos/doc/manual/from_md/configuration/profiles/graphical.section.xml b/nixos/doc/manual/from_md/configuration/profiles/graphical.section.xml
new file mode 100644
index 00000000000..644a8ea590b
--- /dev/null
+++ b/nixos/doc/manual/from_md/configuration/profiles/graphical.section.xml
@@ -0,0 +1,17 @@
+<section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="sec-profile-graphical">
+  <title>Graphical</title>
+  <para>
+    Defines a NixOS configuration with the Plasma 5 desktop. It’s used
+    by the graphical installation CD.
+  </para>
+  <para>
+    It sets
+    <link xlink:href="options.html#opt-services.xserver.enable"><literal>services.xserver.enable</literal></link>,
+    <link xlink:href="options.html#opt-services.xserver.displayManager.sddm.enable"><literal>services.xserver.displayManager.sddm.enable</literal></link>,
+    <link xlink:href="options.html#opt-services.xserver.desktopManager.plasma5.enable"><literal>services.xserver.desktopManager.plasma5.enable</literal></link>,
+    and
+    <link xlink:href="options.html#opt-services.xserver.libinput.enable"><literal>services.xserver.libinput.enable</literal></link>
+    to true. It also includes glxinfo and firefox in the system packages
+    list.
+  </para>
+</section>
diff --git a/nixos/doc/manual/from_md/configuration/profiles/hardened.section.xml b/nixos/doc/manual/from_md/configuration/profiles/hardened.section.xml
new file mode 100644
index 00000000000..a08bc843230
--- /dev/null
+++ b/nixos/doc/manual/from_md/configuration/profiles/hardened.section.xml
@@ -0,0 +1,26 @@
+<section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="sec-profile-hardened">
+  <title>Hardened</title>
+  <para>
+    A profile with most (vanilla) hardening options enabled by default,
+    potentially at the cost of stability, features and performance.
+  </para>
+  <para>
+    This includes a hardened kernel, and limiting the system information
+    available to processes through the <literal>/sys</literal> and
+    <literal>/proc</literal> filesystems. It also disables the User
+    Namespaces feature of the kernel, which stops Nix from being able to
+    build anything (this particular setting can be overriden via
+    <link xlink:href="options.html#opt-security.allowUserNamespaces"><literal>security.allowUserNamespaces</literal></link>).
+    See the
+    <link xlink:href="https://github.com/nixos/nixpkgs/tree/master/nixos/modules/profiles/hardened.nix">profile
+    source</link> for further detail on which settings are altered.
+  </para>
+  <warning>
+    <para>
+      This profile enables options that are known to affect system
+      stability. If you experience any stability issues when using the
+      profile, try disabling it. If you report an issue and use this
+      profile, always mention that you do.
+    </para>
+  </warning>
+</section>
diff --git a/nixos/doc/manual/from_md/configuration/profiles/headless.section.xml b/nixos/doc/manual/from_md/configuration/profiles/headless.section.xml
new file mode 100644
index 00000000000..a89551abd41
--- /dev/null
+++ b/nixos/doc/manual/from_md/configuration/profiles/headless.section.xml
@@ -0,0 +1,18 @@
+<section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="sec-profile-headless">
+  <title>Headless</title>
+  <para>
+    Common configuration for headless machines (e.g., Amazon EC2
+    instances).
+  </para>
+  <para>
+    Disables
+    <link xlink:href="options.html#opt-sound.enable">sound</link>,
+    <link xlink:href="options.html#opt-boot.vesa">vesa</link>, serial
+    consoles,
+    <link xlink:href="options.html#opt-systemd.enableEmergencyMode">emergency
+    mode</link>,
+    <link xlink:href="options.html#opt-boot.loader.grub.splashImage">grub
+    splash images</link> and configures the kernel to reboot
+    automatically on panic.
+  </para>
+</section>
diff --git a/nixos/doc/manual/from_md/configuration/profiles/installation-device.section.xml b/nixos/doc/manual/from_md/configuration/profiles/installation-device.section.xml
new file mode 100644
index 00000000000..8a8265c03c0
--- /dev/null
+++ b/nixos/doc/manual/from_md/configuration/profiles/installation-device.section.xml
@@ -0,0 +1,33 @@
+<section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="sec-profile-installation-device">
+  <title>Installation Device</title>
+  <para>
+    Provides a basic configuration for installation devices like CDs.
+    This enables redistributable firmware, includes the
+    <link linkend="sec-profile-clone-config">Clone Config profile</link>
+    and a copy of the Nixpkgs channel, so
+    <literal>nixos-install</literal> works out of the box.
+  </para>
+  <para>
+    Documentation for
+    <link xlink:href="options.html#opt-documentation.enable">Nixpkgs</link>
+    and
+    <link xlink:href="options.html#opt-documentation.nixos.enable">NixOS</link>
+    are forcefully enabled (to override the
+    <link linkend="sec-profile-minimal">Minimal profile</link>
+    preference); the NixOS manual is shown automatically on TTY 8,
+    udisks is disabled. Autologin is enabled as <literal>nixos</literal>
+    user, while passwordless login as both <literal>root</literal> and
+    <literal>nixos</literal> is possible. Passwordless
+    <literal>sudo</literal> is enabled too.
+    <link xlink:href="options.html#opt-networking.wireless.enable">wpa_supplicant</link>
+    is enabled, but configured to not autostart.
+  </para>
+  <para>
+    It is explained how to login, start the ssh server, and if
+    available, how to start the display manager.
+  </para>
+  <para>
+    Several settings are tweaked so that the installer has a better
+    chance of succeeding under low-memory environments.
+  </para>
+</section>
diff --git a/nixos/doc/manual/from_md/configuration/profiles/minimal.section.xml b/nixos/doc/manual/from_md/configuration/profiles/minimal.section.xml
new file mode 100644
index 00000000000..5653b3f01c3
--- /dev/null
+++ b/nixos/doc/manual/from_md/configuration/profiles/minimal.section.xml
@@ -0,0 +1,15 @@
+<section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="sec-profile-minimal">
+  <title>Minimal</title>
+  <para>
+    This profile defines a small NixOS configuration. It does not
+    contain any graphical stuff. It’s a very short file that enables
+    <link xlink:href="options.html#opt-environment.noXlibs">noXlibs</link>,
+    sets
+    <link xlink:href="options.html#opt-i18n.supportedLocales"><literal>i18n.supportedLocales</literal></link>
+    to only support the user-selected locale,
+    <link xlink:href="options.html#opt-documentation.enable">disables
+    packages’ documentation</link>, and
+    <link xlink:href="options.html#opt-sound.enable">disables
+    sound</link>.
+  </para>
+</section>
diff --git a/nixos/doc/manual/from_md/configuration/profiles/qemu-guest.section.xml b/nixos/doc/manual/from_md/configuration/profiles/qemu-guest.section.xml
new file mode 100644
index 00000000000..f33464f9db4
--- /dev/null
+++ b/nixos/doc/manual/from_md/configuration/profiles/qemu-guest.section.xml
@@ -0,0 +1,11 @@
+<section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="sec-profile-qemu-guest">
+  <title>QEMU Guest</title>
+  <para>
+    This profile contains common configuration for virtual machines
+    running under QEMU (using virtio).
+  </para>
+  <para>
+    It makes virtio modules available on the initrd and sets the system
+    time from the hardware clock to work around a bug in qemu-kvm.
+  </para>
+</section>