From 996cf6ac56692656f0f0484b5a50ee7df135c23d Mon Sep 17 00:00:00 2001 From: nikstur Date: Thu, 26 Oct 2023 18:15:50 +0200 Subject: nixos/docs: add non-switchable-systems section --- .../development/non-switchable-systems.section.md | 21 +++++++++++++++++++++ .../what-happens-during-a-system-switch.chapter.md | 1 + 2 files changed, 22 insertions(+) create mode 100644 nixos/doc/manual/development/non-switchable-systems.section.md (limited to 'nixos/doc') diff --git a/nixos/doc/manual/development/non-switchable-systems.section.md b/nixos/doc/manual/development/non-switchable-systems.section.md new file mode 100644 index 00000000000..87bb46c7890 --- /dev/null +++ b/nixos/doc/manual/development/non-switchable-systems.section.md @@ -0,0 +1,21 @@ +# Non Switchable Systems {#sec-non-switchable-system} + +In certain systems, most notably image based appliances, updates are handled +outside the system. This means that you do not need to rebuild your +configuration on the system itself anymore. + +If you want to build such a system, you can use the `image-based-appliance` +profile: + +```nix +{ modulesPath, ... }: { + imports = [ "${modulesPath}/profiles/image-based-appliance.nix" ] +} +``` + +The most notable deviation of this profile from a standard NixOS configuration +is that after building it, you cannot switch *to* the configuration anymore. +The profile sets `config.system.switch.enable = false;`, which excludes +`switch-to-configuration`, the central script called by `nixos-rebuild`, from +your system. Removing this script makes the image lighter and slightly more +secure. diff --git a/nixos/doc/manual/development/what-happens-during-a-system-switch.chapter.md b/nixos/doc/manual/development/what-happens-during-a-system-switch.chapter.md index 5d6d67f1aa9..7aa84bbdb95 100644 --- a/nixos/doc/manual/development/what-happens-during-a-system-switch.chapter.md +++ b/nixos/doc/manual/development/what-happens-during-a-system-switch.chapter.md @@ -51,4 +51,5 @@ explained in the next sections. ```{=include=} sections unit-handling.section.md activation-script.section.md +non-switchable-systems.section.md ``` -- cgit 1.4.1 From 79eba74561a67d9e5f8a936e9a3a5eede7916cf5 Mon Sep 17 00:00:00 2001 From: nikstur Date: Thu, 26 Oct 2023 17:53:16 +0200 Subject: nixos: release notes for `system.switch.enable` --- nixos/doc/manual/release-notes/rl-2311.section.md | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'nixos/doc') diff --git a/nixos/doc/manual/release-notes/rl-2311.section.md b/nixos/doc/manual/release-notes/rl-2311.section.md index 2368480d045..1087c70729e 100644 --- a/nixos/doc/manual/release-notes/rl-2311.section.md +++ b/nixos/doc/manual/release-notes/rl-2311.section.md @@ -315,6 +315,11 @@ ## Other Notable Changes {#sec-release-23.11-notable-changes} +- A new option `system.switch.enable` was added. By default, this is option is + enabled. Disabling it makes the system unable to be reconfigured via + `nixos-rebuild`. This is good for image based appliances where updates are + handled outside the image. + - The Cinnamon module now enables XDG desktop integration by default. If you are experiencing collisions related to xdg-desktop-portal-gtk you can safely remove `xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-gtk ];` from your NixOS configuration. - GNOME, Pantheon, Cinnamon module no longer forces Qt applications to use Adwaita style since it was buggy and is no longer maintained upstream (specifically, Cinnamon now defaults to the gtk2 style instead, following the default in Linux Mint). If you still want it, you can add the following options to your configuration but it will probably be eventually removed: -- cgit 1.4.1