From 62e723f5aa0c1f2b37f62d685330213846c284c7 Mon Sep 17 00:00:00 2001 From: Matthew Bauer Date: Tue, 24 Nov 2020 18:10:41 -0600 Subject: [PATCH] installers/tools: add system.disableInstallerTools option This option can be set to disable installer tools like nixos-rebuild, nixos-install, and nixos-generate-config (as well as more). This is nice when a system is not expected to be rebuild or reconfigure itself such as in a stateless PXE setup, as well as other embedded scenarios. Note, that the system can still be updated, but it must either get nixos-rebuild from another source, or, for embedded systems, be upgraded by another machine like: nix copy "$system" --to "ssh://root@" && ssh "root@" "nix-env -p /nix/var/nix/profiles/system --set $system && $system/bin/switch-to-configuration switch". Along with other options, this allows removing Perl from a closure. For example: { boot.enableContainers = false; environment.defaultPackages = []; system.disableInstallerTools = true; } should not include Perl. --- nixos/modules/installer/tools/tools.nix | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/nixos/modules/installer/tools/tools.nix b/nixos/modules/installer/tools/tools.nix index 0582812f92d2..008435a1af3d 100644 --- a/nixos/modules/installer/tools/tools.nix +++ b/nixos/modules/installer/tools/tools.nix @@ -113,7 +113,20 @@ in }; }; - config = { + options.system.disableInstallerTools = mkOption { + internal = true; + type = types.bool; + default = false; + description = '' + Disable nixos-rebuild, nixos-generate-config, nixos-installer + and other NixOS tools. This is useful to shrink embedded, + read-only systems which are not expected to be rebuild or + reconfigure themselves. Use at your own risk! + ''; + }; + + config = lib.mkIf (!config.system.disableInstallerTools) { + system.nixos-generate-config.configuration = mkDefault '' # Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page