diff options
author | Julian Stecklina <js@alien8.de> | 2023-10-17 16:14:13 +0200 |
---|---|---|
committer | nikstur <nikstur@outlook.com> | 2023-10-28 13:26:39 +0200 |
commit | e8bed1eec973d79a5af23a9530729e89cb8196e9 (patch) | |
tree | db6fb1e76b063909b4c49f176751d763fcc3d48e /nixos | |
parent | 8dfe8e447efefcaf2990532114f4b0259ba2eba3 (diff) |
nixos/profiles: add image-based-appliance profile
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/profiles/image-based-appliance.nix | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/nixos/modules/profiles/image-based-appliance.nix b/nixos/modules/profiles/image-based-appliance.nix new file mode 100644 index 0000000000000..7e8b6f696d54f --- /dev/null +++ b/nixos/modules/profiles/image-based-appliance.nix @@ -0,0 +1,26 @@ +# This profile sets up a sytem for image based appliance usage. An appliance is +# installed as an image, cannot be re-built, has no Nix available, and is +# generally not meant for interactive use. Updates to such an appliance are +# handled by updating whole partition images via a tool like systemd-sysupdate. + +{ lib, modulesPath, ... }: + +{ + + # Appliances are always "minimal". + imports = [ + "${modulesPath}/profiles/minimal.nix" + ]; + + # The system cannot be rebuilt. + nix.enable = false; + system.switch.enable = false; + + # The system is static. + users.mutableUsers = false; + + # The system avoids interpreters as much as possible to reduce its attack + # surface. + boot.initrd.systemd.enable = lib.mkDefault true; + networking.useNetworkd = lib.mkDefault true; +} |