# Provide a basic configuration for installation devices like CDs. { config, pkgs, lib, ... }: with lib; { imports = [ # Enable devices which are usually scanned, because we don't know the # target system. ../installer/scan/detected.nix ../installer/scan/not-detected.nix # Allow "nixos-rebuild" to work properly by providing # /etc/nixos/configuration.nix. ./clone-config.nix # Include a copy of Nixpkgs so that nixos-install works out of # the box. ../installer/cd-dvd/channel.nix ]; config = { # Enable in installer, even if the minimal profile disables it. documentation.enable = mkForce true; # Show the manual. documentation.nixos.enable = mkForce true; services.nixosManual.showManual = true; # Let the user play Rogue on TTY 8 during the installation. #services.rogue.enable = true; # Disable some other stuff we don't need. services.udisks2.enable = mkDefault false; # Use less privileged nixos user users.users.nixos = { isNormalUser = true; extraGroups = [ "wheel" "networkmanager" "video" ]; # Allow the graphical user to login without password initialHashedPassword = ""; }; # Allow the user to log in as root without a password. users.users.root.initialHashedPassword = ""; # Allow passwordless sudo from nixos user security.sudo = { enable = mkDefault true; wheelNeedsPassword = mkForce false; }; # Automatically log in at the virtual consoles. services.mingetty.autologinUser = "nixos"; # Some more help text. services.mingetty.helpLine = '' The "nixos" and "root" account have empty passwords. ${ optionalString config.services.xserver.enable "Type `sudo systemctl start display-manager' to\nstart the graphical user interface."} ''; # Allow sshd to be started manually through "systemctl start sshd". services.openssh = { enable = true; # Allow password login to the installation, if the user sets a password via "passwd" # It is safe as root doesn't have a password by default and SSH is disabled by default permitRootLogin = "yes"; }; systemd.services.sshd.wantedBy = mkOverride 50 []; # Enable wpa_supplicant, but don't start it by default. networking.wireless.enable = mkDefault true; systemd.services.wpa_supplicant.wantedBy = mkOverride 50 []; # Tell the Nix evaluator to garbage collect more aggressively. # This is desirable in memory-constrained environments that don't # (yet) have swap set up. environment.variables.GC_INITIAL_HEAP_SIZE = "1M"; # Make the installer more likely to succeed in low memory # environments. The kernel's overcommit heustistics bite us # fairly often, preventing processes such as nix-worker or # download-using-manifests.pl from forking even if there is # plenty of free memory. boot.kernel.sysctl."vm.overcommit_memory" = "1"; # To speed up installation a little bit, include the complete # stdenv in the Nix store on the CD. system.extraDependencies = with pkgs; [ stdenv stdenvNoCC # for runCommand busybox jq # for closureInfo ]; # Show all debug messages from the kernel but don't log refused packets # because we have the firewall enabled. This makes installs from the # console less cumbersome if the machine has a public IP. networking.firewall.logRefusedConnections = mkDefault false; }; }