From e8bed1eec973d79a5af23a9530729e89cb8196e9 Mon Sep 17 00:00:00 2001 From: Julian Stecklina Date: Tue, 17 Oct 2023 16:14:13 +0200 Subject: [PATCH] nixos/profiles: add image-based-appliance profile --- .../profiles/image-based-appliance.nix | 26 +++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 nixos/modules/profiles/image-based-appliance.nix diff --git a/nixos/modules/profiles/image-based-appliance.nix b/nixos/modules/profiles/image-based-appliance.nix new file mode 100644 index 000000000000..7e8b6f696d54 --- /dev/null +++ b/nixos/modules/profiles/image-based-appliance.nix @@ -0,0 +1,26 @@ +# This profile sets up a sytem for image based appliance usage. An appliance is +# installed as an image, cannot be re-built, has no Nix available, and is +# generally not meant for interactive use. Updates to such an appliance are +# handled by updating whole partition images via a tool like systemd-sysupdate. + +{ lib, modulesPath, ... }: + +{ + + # Appliances are always "minimal". + imports = [ + "${modulesPath}/profiles/minimal.nix" + ]; + + # The system cannot be rebuilt. + nix.enable = false; + system.switch.enable = false; + + # The system is static. + users.mutableUsers = false; + + # The system avoids interpreters as much as possible to reduce its attack + # surface. + boot.initrd.systemd.enable = lib.mkDefault true; + networking.useNetworkd = lib.mkDefault true; +}