nixos/profiles: add image-based-appliance profile
This commit is contained in:
parent
8dfe8e447e
commit
e8bed1eec9
1 changed files with 26 additions and 0 deletions
26
nixos/modules/profiles/image-based-appliance.nix
Normal file
26
nixos/modules/profiles/image-based-appliance.nix
Normal file
|
@ -0,0 +1,26 @@
|
||||||
|
# This profile sets up a sytem for image based appliance usage. An appliance is
|
||||||
|
# installed as an image, cannot be re-built, has no Nix available, and is
|
||||||
|
# generally not meant for interactive use. Updates to such an appliance are
|
||||||
|
# handled by updating whole partition images via a tool like systemd-sysupdate.
|
||||||
|
|
||||||
|
{ lib, modulesPath, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
|
||||||
|
# Appliances are always "minimal".
|
||||||
|
imports = [
|
||||||
|
"${modulesPath}/profiles/minimal.nix"
|
||||||
|
];
|
||||||
|
|
||||||
|
# The system cannot be rebuilt.
|
||||||
|
nix.enable = false;
|
||||||
|
system.switch.enable = false;
|
||||||
|
|
||||||
|
# The system is static.
|
||||||
|
users.mutableUsers = false;
|
||||||
|
|
||||||
|
# The system avoids interpreters as much as possible to reduce its attack
|
||||||
|
# surface.
|
||||||
|
boot.initrd.systemd.enable = lib.mkDefault true;
|
||||||
|
networking.useNetworkd = lib.mkDefault true;
|
||||||
|
}
|
Loading…
Reference in a new issue