diff --git a/modules/profiles/headless.nix b/modules/profiles/headless.nix
index 0a2bfa80c47c..9693e36d9ebd 100644
--- a/modules/profiles/headless.nix
+++ b/modules/profiles/headless.nix
@@ -17,4 +17,7 @@ with pkgs.lib;
 
   # Since we can't manually respond to a panic, just reboot.
   boot.kernelParams = [ "panic=1" "boot.panic_on_fail" ];
+
+  # Don't allow emergency mode, because we don't have a console.
+  systemd.enableEmergencyMode = false;
 }
diff --git a/modules/system/boot/systemd.nix b/modules/system/boot/systemd.nix
index b76367021206..d33409880922 100644
--- a/modules/system/boot/systemd.nix
+++ b/modules/system/boot/systemd.nix
@@ -36,11 +36,9 @@ let
       #"cryptsetup.target"
       "sigpwr.target"
 
-      # Rescue/emergency.
+      # Rescue mode.
       "rescue.target"
       "rescue.service"
-      "emergency.target"
-      "emergency.service"
 
       # Udev.
       "systemd-udevd-control.socket"
@@ -133,6 +131,11 @@ let
       "systemd-ask-password-console.service"
       "systemd-ask-password-wall.path"
       "systemd-ask-password-wall.service"
+    ]
+
+    ++ optionals cfg.enableEmergencyMode [
+      "emergency.target"
+      "emergency.service"
     ];
 
   upstreamWants =
@@ -456,6 +459,19 @@ in
       '';
     };
 
+    systemd.enableEmergencyMode = mkOption {
+      default = true;
+      type = types.bool;
+      description = ''
+        Whether to enable emergency mode, which is an
+        <command>sulogin</command> shell started on the console if
+        mounting a filesystem fails.  Since some machines (like EC2
+        instances) have no console of any kind, emergency mode doesn't
+        make sense, and it's better to continue with the boot insofar
+        as possible.
+      '';
+    };
+
   };