2011-11-08 15:58:59 +00:00
|
|
|
# Provide a basic configuration for installation devices like CDs.
|
2015-06-10 11:04:26 +01:00
|
|
|
{ config, pkgs, lib, ... }:
|
2010-09-25 10:32:43 +01:00
|
|
|
|
2014-04-14 15:26:48 +01:00
|
|
|
with lib;
|
2010-09-25 10:32:43 +01:00
|
|
|
|
2010-09-25 10:32:48 +01:00
|
|
|
{
|
2013-07-03 12:58:38 +01:00
|
|
|
imports =
|
|
|
|
[ # Enable devices which are usually scanned, because we don't know the
|
|
|
|
# target system.
|
|
|
|
../installer/scan/detected.nix
|
|
|
|
../installer/scan/not-detected.nix
|
2010-09-25 10:32:52 +01:00
|
|
|
|
2013-07-03 12:58:38 +01:00
|
|
|
# Allow "nixos-rebuild" to work properly by providing
|
|
|
|
# /etc/nixos/configuration.nix.
|
|
|
|
./clone-config.nix
|
2015-06-10 11:04:26 +01:00
|
|
|
|
|
|
|
# Include a copy of Nixpkgs so that nixos-install works out of
|
|
|
|
# the box.
|
|
|
|
../installer/cd-dvd/channel.nix
|
2013-07-03 12:58:38 +01:00
|
|
|
];
|
2010-09-25 10:32:48 +01:00
|
|
|
|
|
|
|
config = {
|
2023-01-04 17:14:12 +00:00
|
|
|
system.nixos.variant_id = lib.mkDefault "installer";
|
2010-09-25 10:32:48 +01:00
|
|
|
|
2015-06-10 11:04:26 +01:00
|
|
|
# Enable in installer, even if the minimal profile disables it.
|
2022-08-14 17:13:04 +01:00
|
|
|
documentation.enable = mkImageMediaOverride true;
|
2015-06-10 11:04:26 +01:00
|
|
|
|
2010-09-25 10:32:48 +01:00
|
|
|
# Show the manual.
|
2022-08-14 17:13:04 +01:00
|
|
|
documentation.nixos.enable = mkImageMediaOverride true;
|
2010-09-25 10:32:48 +01:00
|
|
|
|
2019-08-08 04:34:41 +01:00
|
|
|
# Use less privileged nixos user
|
|
|
|
users.users.nixos = {
|
|
|
|
isNormalUser = true;
|
|
|
|
extraGroups = [ "wheel" "networkmanager" "video" ];
|
|
|
|
# Allow the graphical user to login without password
|
|
|
|
initialHashedPassword = "";
|
|
|
|
};
|
|
|
|
|
|
|
|
# Allow the user to log in as root without a password.
|
|
|
|
users.users.root.initialHashedPassword = "";
|
|
|
|
|
2024-01-23 15:10:31 +00:00
|
|
|
# Don't require sudo/root to `reboot` or `poweroff`.
|
|
|
|
security.polkit.enable = true;
|
|
|
|
|
2019-08-08 04:34:41 +01:00
|
|
|
# Allow passwordless sudo from nixos user
|
|
|
|
security.sudo = {
|
|
|
|
enable = mkDefault true;
|
2022-08-14 17:13:04 +01:00
|
|
|
wheelNeedsPassword = mkImageMediaOverride false;
|
2019-08-08 04:34:41 +01:00
|
|
|
};
|
|
|
|
|
2015-04-14 10:48:09 +01:00
|
|
|
# Automatically log in at the virtual consoles.
|
2021-01-05 08:25:53 +00:00
|
|
|
services.getty.autologinUser = "nixos";
|
2015-04-14 10:48:09 +01:00
|
|
|
|
2010-09-25 10:32:48 +01:00
|
|
|
# Some more help text.
|
2021-01-05 08:25:53 +00:00
|
|
|
services.getty.helpLine = ''
|
2019-06-25 15:08:58 +01:00
|
|
|
The "nixos" and "root" accounts have empty passwords.
|
|
|
|
|
2023-04-01 11:33:27 +01:00
|
|
|
To log in over ssh you must set a password for either "nixos" or "root"
|
|
|
|
with `passwd` (prefix with `sudo` for "root"), or add your public key to
|
|
|
|
/home/nixos/.ssh/authorized_keys or /root/.ssh/authorized_keys.
|
2021-08-14 14:35:18 +01:00
|
|
|
|
|
|
|
If you need a wireless connection, type
|
|
|
|
`sudo systemctl start wpa_supplicant` and configure a
|
|
|
|
network using `wpa_cli`. See the NixOS manual for details.
|
2019-06-25 15:08:58 +01:00
|
|
|
'' + optionalString config.services.xserver.enable ''
|
2021-08-14 14:35:18 +01:00
|
|
|
|
2019-06-25 15:08:58 +01:00
|
|
|
Type `sudo systemctl start display-manager' to
|
|
|
|
start the graphical user interface.
|
|
|
|
'';
|
2010-09-25 10:32:43 +01:00
|
|
|
|
2023-04-01 11:45:26 +01:00
|
|
|
# We run sshd by default. Login is only possible after adding a
|
|
|
|
# password via "passwd" or by adding a ssh key to ~/.ssh/authorized_keys.
|
2020-09-03 04:00:53 +01:00
|
|
|
# The latter one is particular useful if keys are manually added to
|
|
|
|
# installation device for head-less systems i.e. arm boards by manually
|
|
|
|
# mounting the storage in a different system.
|
2017-01-23 21:15:59 +00:00
|
|
|
services.openssh = {
|
|
|
|
enable = true;
|
2023-01-15 15:32:46 +00:00
|
|
|
settings.PermitRootLogin = "yes";
|
2017-01-23 21:15:59 +00:00
|
|
|
};
|
2010-09-25 10:32:43 +01:00
|
|
|
|
2010-09-25 10:32:48 +01:00
|
|
|
# Enable wpa_supplicant, but don't start it by default.
|
2015-06-10 11:04:26 +01:00
|
|
|
networking.wireless.enable = mkDefault true;
|
2021-08-14 14:35:18 +01:00
|
|
|
networking.wireless.userControlled.enable = true;
|
2016-01-06 03:52:56 +00:00
|
|
|
systemd.services.wpa_supplicant.wantedBy = mkOverride 50 [];
|
2012-04-23 01:41:37 +01:00
|
|
|
|
|
|
|
# Tell the Nix evaluator to garbage collect more aggressively.
|
|
|
|
# This is desirable in memory-constrained environments that don't
|
|
|
|
# (yet) have swap set up.
|
2018-10-28 09:48:00 +00:00
|
|
|
environment.variables.GC_INITIAL_HEAP_SIZE = "1M";
|
2013-09-18 04:18:34 +01:00
|
|
|
|
2015-06-10 11:04:26 +01:00
|
|
|
# Make the installer more likely to succeed in low memory
|
|
|
|
# environments. The kernel's overcommit heustistics bite us
|
|
|
|
# fairly often, preventing processes such as nix-worker or
|
|
|
|
# download-using-manifests.pl from forking even if there is
|
|
|
|
# plenty of free memory.
|
|
|
|
boot.kernel.sysctl."vm.overcommit_memory" = "1";
|
|
|
|
|
|
|
|
# To speed up installation a little bit, include the complete
|
2017-01-23 19:56:00 +00:00
|
|
|
# stdenv in the Nix store on the CD.
|
2018-02-27 19:20:37 +00:00
|
|
|
system.extraDependencies = with pkgs;
|
|
|
|
[
|
|
|
|
stdenv
|
|
|
|
stdenvNoCC # for runCommand
|
|
|
|
busybox
|
|
|
|
jq # for closureInfo
|
2022-04-17 22:24:13 +01:00
|
|
|
# For boot.initrd.systemd
|
|
|
|
makeInitrdNGTool
|
2018-02-27 19:20:37 +00:00
|
|
|
];
|
2015-06-10 11:04:26 +01:00
|
|
|
|
2023-07-10 19:20:08 +01:00
|
|
|
boot.swraid.enable = true;
|
2023-12-10 10:00:02 +00:00
|
|
|
# remove warning about unset mail
|
|
|
|
boot.swraid.mdadmConf = "PROGRAM ${pkgs.coreutils}/bin/true";
|
2022-07-28 13:34:44 +01:00
|
|
|
|
2017-01-09 09:59:37 +00:00
|
|
|
# Show all debug messages from the kernel but don't log refused packets
|
|
|
|
# because we have the firewall enabled. This makes installs from the
|
|
|
|
# console less cumbersome if the machine has a public IP.
|
|
|
|
networking.firewall.logRefusedConnections = mkDefault false;
|
2020-12-01 23:54:35 +00:00
|
|
|
|
|
|
|
# Prevent installation media from evacuating persistent storage, as their
|
|
|
|
# var directory is not persistent and it would thus result in deletion of
|
|
|
|
# those entries.
|
|
|
|
environment.etc."systemd/pstore.conf".text = ''
|
|
|
|
[PStore]
|
|
|
|
Unlink=no
|
|
|
|
'';
|
2023-08-07 15:48:37 +01:00
|
|
|
|
|
|
|
# allow nix-copy to live system
|
2024-06-09 21:31:44 +01:00
|
|
|
nix.settings.trusted-users = [ "nixos" ];
|
2024-07-26 14:12:55 +01:00
|
|
|
|
|
|
|
# Install less voices for speechd to save some space
|
2024-09-03 08:51:33 +01:00
|
|
|
nixpkgs.overlays = [
|
|
|
|
(_: prev: {
|
|
|
|
mbrola-voices = prev.mbrola-voices.override {
|
2024-07-26 14:12:55 +01:00
|
|
|
# only ship with one voice per language
|
|
|
|
languages = [ "*1" ];
|
|
|
|
};
|
2024-09-03 08:51:33 +01:00
|
|
|
})
|
|
|
|
];
|
2010-09-25 10:32:48 +01:00
|
|
|
};
|
|
|
|
}
|