diff options
author | Alyssa Ross <hi@alyssa.is> | 2022-05-31 09:59:33 +0000 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2022-05-31 09:59:57 +0000 |
commit | 9ff36293d1e428cd7bf03e8d4b03611b6d361c28 (patch) | |
tree | 1ab51a42b868c55b83f6ccdb80371b9888739dd9 /nixos/modules/profiles/installation-device.nix | |
parent | 1c4fcd0d4b0541e674ee56ace1053e23e562cc80 (diff) | |
parent | ddc3c396a51918043bb0faa6f676abd9562be62c (diff) | |
download | nixpkgs-9ff36293d1e428cd7bf03e8d4b03611b6d361c28.tar nixpkgs-9ff36293d1e428cd7bf03e8d4b03611b6d361c28.tar.gz nixpkgs-9ff36293d1e428cd7bf03e8d4b03611b6d361c28.tar.bz2 nixpkgs-9ff36293d1e428cd7bf03e8d4b03611b6d361c28.tar.lz nixpkgs-9ff36293d1e428cd7bf03e8d4b03611b6d361c28.tar.xz nixpkgs-9ff36293d1e428cd7bf03e8d4b03611b6d361c28.tar.zst nixpkgs-9ff36293d1e428cd7bf03e8d4b03611b6d361c28.zip |
Last good Nixpkgs for Weston+nouveau? archive
I came this commit hash to terwiz[m] on IRC, who is trying to figure out what the last version of Spectrum that worked on their NUC with Nvidia graphics is.
Diffstat (limited to 'nixos/modules/profiles/installation-device.nix')
-rw-r--r-- | nixos/modules/profiles/installation-device.nix | 117 |
1 files changed, 117 insertions, 0 deletions
diff --git a/nixos/modules/profiles/installation-device.nix b/nixos/modules/profiles/installation-device.nix new file mode 100644 index 00000000000..3c503fba2a3 --- /dev/null +++ b/nixos/modules/profiles/installation-device.nix @@ -0,0 +1,117 @@ +# Provide a basic configuration for installation devices like CDs. +{ config, pkgs, lib, ... }: + +with lib; + +{ + imports = + [ # Enable devices which are usually scanned, because we don't know the + # target system. + ../installer/scan/detected.nix + ../installer/scan/not-detected.nix + + # Allow "nixos-rebuild" to work properly by providing + # /etc/nixos/configuration.nix. + ./clone-config.nix + + # Include a copy of Nixpkgs so that nixos-install works out of + # the box. + ../installer/cd-dvd/channel.nix + ]; + + config = { + + # Enable in installer, even if the minimal profile disables it. + documentation.enable = mkForce true; + + # Show the manual. + documentation.nixos.enable = mkForce true; + + # Use less privileged nixos user + users.users.nixos = { + isNormalUser = true; + extraGroups = [ "wheel" "networkmanager" "video" ]; + # Allow the graphical user to login without password + initialHashedPassword = ""; + }; + + # Allow the user to log in as root without a password. + users.users.root.initialHashedPassword = ""; + + # Allow passwordless sudo from nixos user + security.sudo = { + enable = mkDefault true; + wheelNeedsPassword = mkForce false; + }; + + # Automatically log in at the virtual consoles. + services.getty.autologinUser = "nixos"; + + # Some more help text. + services.getty.helpLine = '' + The "nixos" and "root" accounts have empty passwords. + + An ssh daemon is running. You then must set a password + for either "root" or "nixos" with `passwd` or add an ssh key + to /home/nixos/.ssh/authorized_keys be able to login. + + If you need a wireless connection, type + `sudo systemctl start wpa_supplicant` and configure a + network using `wpa_cli`. See the NixOS manual for details. + '' + optionalString config.services.xserver.enable '' + + Type `sudo systemctl start display-manager' to + start the graphical user interface. + ''; + + # We run sshd by default. Login via root is only possible after adding a + # password via "passwd" or by adding a ssh key to /home/nixos/.ssh/authorized_keys. + # The latter one is particular useful if keys are manually added to + # installation device for head-less systems i.e. arm boards by manually + # mounting the storage in a different system. + services.openssh = { + enable = true; + permitRootLogin = "yes"; + }; + + # Enable wpa_supplicant, but don't start it by default. + networking.wireless.enable = mkDefault true; + networking.wireless.userControlled.enable = true; + systemd.services.wpa_supplicant.wantedBy = mkOverride 50 []; + + # Tell the Nix evaluator to garbage collect more aggressively. + # This is desirable in memory-constrained environments that don't + # (yet) have swap set up. + environment.variables.GC_INITIAL_HEAP_SIZE = "1M"; + + # Make the installer more likely to succeed in low memory + # environments. The kernel's overcommit heustistics bite us + # fairly often, preventing processes such as nix-worker or + # download-using-manifests.pl from forking even if there is + # plenty of free memory. + boot.kernel.sysctl."vm.overcommit_memory" = "1"; + + # To speed up installation a little bit, include the complete + # stdenv in the Nix store on the CD. + system.extraDependencies = with pkgs; + [ + stdenv + stdenvNoCC # for runCommand + busybox + jq # for closureInfo + ]; + + # Show all debug messages from the kernel but don't log refused packets + # because we have the firewall enabled. This makes installs from the + # console less cumbersome if the machine has a public IP. + networking.firewall.logRefusedConnections = mkDefault false; + + # Prevent installation media from evacuating persistent storage, as their + # var directory is not persistent and it would thus result in deletion of + # those entries. + environment.etc."systemd/pstore.conf".text = '' + [PStore] + Unlink=no + ''; + }; +} |