6c3d21aff9
It's been 8.5 years since NixOS used mingetty, but the option was never renamed (despite the file definining the module being renamed in 9f5051b76c1 ("Rename mingetty module to agetty")). I've chosen to rename it to services.getty here, rather than services.agetty, because getty is implemantation-neutral and also the name of the unit that is generated.
104 lines
3.5 KiB
Nix
104 lines
3.5 KiB
Nix
# Provide a basic configuration for installation devices like CDs.
|
|
{ config, pkgs, lib, ... }:
|
|
|
|
with lib;
|
|
|
|
{
|
|
imports =
|
|
[ # Enable devices which are usually scanned, because we don't know the
|
|
# target system.
|
|
../installer/scan/detected.nix
|
|
../installer/scan/not-detected.nix
|
|
|
|
# Allow "nixos-rebuild" to work properly by providing
|
|
# /etc/nixos/configuration.nix.
|
|
./clone-config.nix
|
|
|
|
# Include a copy of Nixpkgs so that nixos-install works out of
|
|
# the box.
|
|
../installer/cd-dvd/channel.nix
|
|
];
|
|
|
|
config = {
|
|
|
|
# Enable in installer, even if the minimal profile disables it.
|
|
documentation.enable = mkForce true;
|
|
|
|
# Show the manual.
|
|
documentation.nixos.enable = mkForce true;
|
|
|
|
# Use less privileged nixos user
|
|
users.users.nixos = {
|
|
isNormalUser = true;
|
|
extraGroups = [ "wheel" "networkmanager" "video" ];
|
|
# Allow the graphical user to login without password
|
|
initialHashedPassword = "";
|
|
};
|
|
|
|
# Allow the user to log in as root without a password.
|
|
users.users.root.initialHashedPassword = "";
|
|
|
|
# Allow passwordless sudo from nixos user
|
|
security.sudo = {
|
|
enable = mkDefault true;
|
|
wheelNeedsPassword = mkForce false;
|
|
};
|
|
|
|
# Automatically log in at the virtual consoles.
|
|
services.getty.autologinUser = "nixos";
|
|
|
|
# Some more help text.
|
|
services.getty.helpLine = ''
|
|
The "nixos" and "root" accounts have empty passwords.
|
|
|
|
An ssh daemon is running. You then must set a password
|
|
for either "root" or "nixos" with `passwd` or add an ssh key
|
|
to /home/nixos/.ssh/authorized_keys be able to login.
|
|
'' + optionalString config.services.xserver.enable ''
|
|
Type `sudo systemctl start display-manager' to
|
|
start the graphical user interface.
|
|
'';
|
|
|
|
# We run sshd by default. Login via root is only possible after adding a
|
|
# password via "passwd" or by adding a ssh key to /home/nixos/.ssh/authorized_keys.
|
|
# The latter one is particular useful if keys are manually added to
|
|
# installation device for head-less systems i.e. arm boards by manually
|
|
# mounting the storage in a different system.
|
|
services.openssh = {
|
|
enable = true;
|
|
permitRootLogin = "yes";
|
|
};
|
|
|
|
# Enable wpa_supplicant, but don't start it by default.
|
|
networking.wireless.enable = mkDefault true;
|
|
systemd.services.wpa_supplicant.wantedBy = mkOverride 50 [];
|
|
|
|
# Tell the Nix evaluator to garbage collect more aggressively.
|
|
# This is desirable in memory-constrained environments that don't
|
|
# (yet) have swap set up.
|
|
environment.variables.GC_INITIAL_HEAP_SIZE = "1M";
|
|
|
|
# Make the installer more likely to succeed in low memory
|
|
# environments. The kernel's overcommit heustistics bite us
|
|
# fairly often, preventing processes such as nix-worker or
|
|
# download-using-manifests.pl from forking even if there is
|
|
# plenty of free memory.
|
|
boot.kernel.sysctl."vm.overcommit_memory" = "1";
|
|
|
|
# To speed up installation a little bit, include the complete
|
|
# stdenv in the Nix store on the CD.
|
|
system.extraDependencies = with pkgs;
|
|
[
|
|
stdenv
|
|
stdenvNoCC # for runCommand
|
|
busybox
|
|
jq # for closureInfo
|
|
];
|
|
|
|
# Show all debug messages from the kernel but don't log refused packets
|
|
# because we have the firewall enabled. This makes installs from the
|
|
# console less cumbersome if the machine has a public IP.
|
|
networking.firewall.logRefusedConnections = mkDefault false;
|
|
};
|
|
}
|