2011-11-08 16:58:59 +01:00
|
|
|
# Provide a basic configuration for installation devices like CDs.
|
2015-06-10 12:04:26 +02:00
|
|
|
{ config, pkgs, lib, ... }:
|
2010-09-25 11:32:43 +02:00
|
|
|
|
2014-04-14 16:26:48 +02:00
|
|
|
with lib;
|
2010-09-25 11:32:43 +02:00
|
|
|
|
2010-09-25 11:32:48 +02:00
|
|
|
{
|
2013-07-03 13:58:38 +02:00
|
|
|
imports =
|
|
|
|
[ # Enable devices which are usually scanned, because we don't know the
|
|
|
|
# target system.
|
|
|
|
../installer/scan/detected.nix
|
|
|
|
../installer/scan/not-detected.nix
|
2010-09-25 11:32:52 +02:00
|
|
|
|
2013-07-03 13:58:38 +02:00
|
|
|
# Allow "nixos-rebuild" to work properly by providing
|
|
|
|
# /etc/nixos/configuration.nix.
|
|
|
|
./clone-config.nix
|
2015-06-10 12:04:26 +02:00
|
|
|
|
|
|
|
# Include a copy of Nixpkgs so that nixos-install works out of
|
|
|
|
# the box.
|
|
|
|
../installer/cd-dvd/channel.nix
|
2013-07-03 13:58:38 +02:00
|
|
|
];
|
2010-09-25 11:32:48 +02:00
|
|
|
|
|
|
|
config = {
|
|
|
|
|
2015-06-10 12:04:26 +02:00
|
|
|
# Enable in installer, even if the minimal profile disables it.
|
2018-09-24 23:01:24 +02:00
|
|
|
documentation.enable = mkForce true;
|
2015-06-10 12:04:26 +02:00
|
|
|
|
2010-09-25 11:32:48 +02:00
|
|
|
# Show the manual.
|
2018-09-25 23:31:43 +02:00
|
|
|
documentation.nixos.enable = mkForce true;
|
2010-09-25 11:32:48 +02:00
|
|
|
services.nixosManual.showManual = true;
|
|
|
|
|
|
|
|
# Let the user play Rogue on TTY 8 during the installation.
|
2017-08-29 16:15:15 +02:00
|
|
|
#services.rogue.enable = true;
|
2010-09-25 11:32:48 +02:00
|
|
|
|
|
|
|
# Disable some other stuff we don't need.
|
2018-08-17 06:43:58 +02:00
|
|
|
security.sudo.enable = mkDefault false;
|
|
|
|
services.udisks2.enable = mkDefault false;
|
2010-09-25 11:32:48 +02:00
|
|
|
|
2015-04-14 11:48:09 +02:00
|
|
|
# Automatically log in at the virtual consoles.
|
|
|
|
services.mingetty.autologinUser = "root";
|
|
|
|
|
2010-09-25 11:32:48 +02:00
|
|
|
# Some more help text.
|
|
|
|
services.mingetty.helpLine =
|
|
|
|
''
|
2011-09-14 20:20:50 +02:00
|
|
|
|
2015-04-14 11:48:09 +02:00
|
|
|
The "root" account has an empty password. ${
|
2013-01-22 12:52:13 +01:00
|
|
|
optionalString config.services.xserver.enable
|
2016-07-04 09:54:17 +02:00
|
|
|
"Type `systemctl start display-manager' to\nstart the graphical user interface."}
|
2010-09-25 11:32:48 +02:00
|
|
|
'';
|
2010-09-25 11:32:43 +02:00
|
|
|
|
2017-01-23 22:25:28 +01:00
|
|
|
# Allow sshd to be started manually through "systemctl start sshd".
|
2017-01-23 22:15:59 +01:00
|
|
|
services.openssh = {
|
|
|
|
enable = true;
|
|
|
|
# Allow password login to the installation, if the user sets a password via "passwd"
|
|
|
|
# It is safe as root doesn't have a password by default and SSH is disabled by default
|
|
|
|
permitRootLogin = "yes";
|
|
|
|
};
|
2013-07-09 16:12:34 +02:00
|
|
|
systemd.services.sshd.wantedBy = mkOverride 50 [];
|
2010-09-25 11:32:43 +02:00
|
|
|
|
2010-09-25 11:32:48 +02:00
|
|
|
# Enable wpa_supplicant, but don't start it by default.
|
2015-06-10 12:04:26 +02:00
|
|
|
networking.wireless.enable = mkDefault true;
|
2016-01-06 04:52:56 +01:00
|
|
|
systemd.services.wpa_supplicant.wantedBy = mkOverride 50 [];
|
2012-04-23 02:41:37 +02:00
|
|
|
|
|
|
|
# Tell the Nix evaluator to garbage collect more aggressively.
|
|
|
|
# This is desirable in memory-constrained environments that don't
|
|
|
|
# (yet) have swap set up.
|
2018-10-28 10:48:00 +01:00
|
|
|
environment.variables.GC_INITIAL_HEAP_SIZE = "1M";
|
2013-09-18 05:18:34 +02:00
|
|
|
|
2015-06-10 12:04:26 +02:00
|
|
|
# Make the installer more likely to succeed in low memory
|
|
|
|
# environments. The kernel's overcommit heustistics bite us
|
|
|
|
# fairly often, preventing processes such as nix-worker or
|
|
|
|
# download-using-manifests.pl from forking even if there is
|
|
|
|
# plenty of free memory.
|
|
|
|
boot.kernel.sysctl."vm.overcommit_memory" = "1";
|
|
|
|
|
|
|
|
# To speed up installation a little bit, include the complete
|
2017-01-23 20:56:00 +01:00
|
|
|
# stdenv in the Nix store on the CD.
|
2018-02-27 20:20:37 +01:00
|
|
|
system.extraDependencies = with pkgs;
|
|
|
|
[
|
|
|
|
stdenv
|
|
|
|
stdenvNoCC # for runCommand
|
|
|
|
busybox
|
|
|
|
jq # for closureInfo
|
|
|
|
];
|
2015-06-10 12:04:26 +02:00
|
|
|
|
2017-01-09 10:59:37 +01:00
|
|
|
# Show all debug messages from the kernel but don't log refused packets
|
|
|
|
# because we have the firewall enabled. This makes installs from the
|
|
|
|
# console less cumbersome if the machine has a public IP.
|
|
|
|
networking.firewall.logRefusedConnections = mkDefault false;
|
|
|
|
|
2018-08-06 21:09:47 +02:00
|
|
|
# Allow the user to log in as root without a password.
|
|
|
|
users.users.root.initialHashedPassword = "";
|
2010-09-25 11:32:48 +02:00
|
|
|
};
|
|
|
|
}
|