| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The wpa_supplicant service in the NixOS installer is unusable because
the control socket is disabled and /etc/wpa_supplicant.conf ignored.
The manual currently recommends manually starting the daemon and using
wpa_passphrase, but this requires figuring out the interface name,
driver and only works for WPA2 personal networks.
By enabling the control socket, instead, a user can configure the
network via wpa_cli (or wpa_gui in the graphical installer), which
support more advanced network configurations.
|
|
|
|
|
| |
As described in issue #81138, the Install section of upstream units is
currently ignored, so we make it part of the sysinit.target manually.
|
|
|
|
|
|
|
|
|
|
| |
It's been 8.5 years since NixOS used mingetty, but the option was
never renamed (despite the file definining the module being renamed in
9f5051b76c1 ("Rename mingetty module to agetty")).
I've chosen to rename it to services.getty here, rather than
services.agetty, because getty is implemantation-neutral and also the
name of the unit that is generated.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Right now the UX for installing NixOS on a headless system is very bad.
To enable sshd without physical steps users have to have either physical
access or need to be very knowledge-able to figure out how to modify the
installation image by hand to put an `sshd.service` symlink in the
right directory in /nix/store. This is in particular a problem on ARM
SBCs (single board computer) but also other hardware where network is
the only meaningful way to access the hardware.
This commit enables sshd by default. This does not give anyone access to
the NixOS installer since by default. There is no user with a non-empty
password or key. It makes it easy however to add ssh keys to the
installation image (usb stick, sd-card on arm boards) by simply mounting
it and adding a keys to `/root/.ssh/authorized_keys`.
Importantly this should not require nix/nixos on the machine that
prepare the installation device and even feasiable on non-linux systems
by using ext4 third party drivers.
Potential new threats: Since this enables sshd by default a
potential bug in openssh could lead to remote code execution. Openssh
has a very good track-record over the last 20 years, which makes it
far more likely that Linux itself would have a remote code execution
vulnerability. It is trusted by millions of servers on many operating
systems to be exposed to the internet by default.
Co-authored-by: Samuel Dionne-Riel <samuel@dionne-riel.com>
|
| |
|
|
|
|
|
|
|
|
| |
Running the manual on a TTY is useless in the graphical ISOs and not
particularly useful in non-graphical ISOs (since you can also run
'nixos-help').
Fixes #83157.
|
|
|
|
|
|
|
|
| |
This reverts commit 571fb74f449aa173e231166515b41feb778524b8.
The dependency on gtk2 was removed.
Co-authored-by: Florian Klink <flokli@flokli.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There's many reason why it is and is going to
continue to be difficult to do this:
1. All display-managers (excluding slim) default PAM rules
disallow root auto login.
2. We can't use wayland
3. We have to use system-wide pulseaudio
4. It could break applications in the session.
This happened to dolphin in plasma5
in the past.
This is a growing technical debt, let's just use
passwordless sudo.
|
|
|
|
| |
100000 (100kB) is too aggressive (too low) and gets ignored by the GC
See issue #43339
|
|
|
|
| |
Other package additions are there as well.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Introduced by 0f3b89bbedc1a33cc1fc3c142e235da2c64614c3.
If services.nixosManual.showManual is enabled and
documentation.nixos.enable is not, there is no
config.system.build.manual available, so evaluation fails. For example
this is the case for the installer tests.
There is however an assertion which should catch exactly this, but it
isn't thrown because the usage of config.system.build.manual is
evaluated earlier than the assertions.
So I split the assertion off into a separate mkIf to make sure it is
shown appropriately and also fixed the installation-device profile to
enable documentation.nixos.
Signed-off-by: aszlig <aszlig@nix.build>
Cc: @oxij
|
| |
|
|
|
|
| |
`documentation.nixos`
|
|
|
|
|
|
| |
I broke it:
in job ‘nixos.iso_graphical.x86_64-linux’:
The option `services.udisks2.enable' has conflicting definitions, in `/nix/store/bwcjw1ddj94q83vbbnq1nnrs5aisaw59-source/nixos/modules/profiles/installation-device.nix' and `/nix/store/bwcjw1ddj94q83vbbnq1nnrs5aisaw59-source/nixos/modules/services/x11/desktop-managers/plasma5.nix'.
|
|
|
|
|
| |
Due to whoever-knows-what, udisks nowadays pulls in GTK+ et al. But it
shouldn't be needed anyway in the installer, so disable it.
|
| |
|
|
|
|
| |
This is required by closureInfo.
|
|
|
|
|
|
|
| |
Add another option for debugging instead. Lots of users have been
complaining about this default behaviour.
This patch also cleans up the EFI bootloader entries in the ISO.
|
|
|
|
|
| |
At least for now. It would increase the ISO size by ~10 MB,
after the fixup in the parent commit.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Allow password login to the installation this allows doing remote installation
via SSH. All that need to be done on the local machine is:
1. Boot from the installation media
2. Set a password with passwd
3. Enable SSH with systemctl start sshd
It is safe as root doesn't have a password by default
and SSH is disabled by default.
Fixes #20718
|
|
|
|
|
| |
And don't include ArchiveCpio as that one is no longer needed after
5a8147479 ("make-initrd: create reproducible initrds").
|
|
|
|
|
|
| |
This moves vim to the install-device profile to add vim to netboot, too.
Fixes #20013 (see discussion there for further information)
|
|
|
|
| |
Fixes #19764.
|
|
|
|
|
| |
[Bjørn: The 'start' alias was removed in commit 1d9651e723
("Remove systemd shell aliases").]
|
|
|
|
|
|
| |
Fixes an occurence of `jobs` usage causing tests to fail to evaluate.
thanks @domenkozar
|
| |
|
|
|
|
|
|
| |
This is already set in profiles/minimal.nix.
Probably fixes #7589.
|
| |
|
|
|
|
|
|
|
|
| |
Using pkgs.lib on the spine of module evaluation is problematic
because the pkgs argument depends on the result of module
evaluation. To prevent an infinite recursion, pkgs and some of the
modules are evaluated twice, which is inefficient. Using ‘with lib’
prevents this problem.
|
|
|
|
|
|
|
| |
user-controlled wpa-cli requires explicit interface setting for some
reason
This reverts commit c6797b373f379f7a7f8a7da01bdf3f6751f11f2e.
|
|
|
|
| |
Fixes #1204
|
|
|