f763710065
This was enabled by default in18a7ce76fc
with the reason that it would be "useful regardless of the desktop environment.", which I'm not arguing against. The reason why this should not be enabled by default is that there are a lot of systems that NixOS runs on that are not desktop systems. Users on such systems most likely do not want or need this feature and could even consider this an antifeature. Furthermore, it is surprising to them to find out that they have this enabled on their systems. They might be even more surprised to find that they have polkit enabled by default, which was a default that was flipped ina813be071c
. For some discussion as to why see https://github.com/NixOS/nixpkgs/pull/156858. Evidently, this default is not only surprising to users, but also module developers, as most if not all modules for desktop environments already explicity set services.udisks2.enable = true; which they don't need to right now.
30 lines
809 B
Nix
30 lines
809 B
Nix
{ config, pkgs, lib, ... }:
|
|
|
|
with lib;
|
|
|
|
{
|
|
|
|
config = mkIf config.boot.isContainer {
|
|
|
|
# Disable some features that are not useful in a container.
|
|
nix.optimise.automatic = mkDefault false; # the store is host managed
|
|
powerManagement.enable = mkDefault false;
|
|
documentation.nixos.enable = mkDefault false;
|
|
|
|
networking.useHostResolvConf = mkDefault true;
|
|
|
|
# Containers should be light-weight, so start sshd on demand.
|
|
services.openssh.startWhenNeeded = mkDefault true;
|
|
|
|
# Shut up warnings about not having a boot loader.
|
|
system.build.installBootLoader = lib.mkDefault "${pkgs.coreutils}/bin/true";
|
|
|
|
# Not supported in systemd-nspawn containers.
|
|
security.audit.enable = false;
|
|
|
|
# Use the host's nix-daemon.
|
|
environment.variables.NIX_REMOTE = "daemon";
|
|
|
|
};
|
|
|
|
}
|