From f71fd79ff0759f6e85b386e6ae212b15047a6813 Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Tue, 25 Jun 2019 16:08:58 +0200 Subject: [PATCH 1/4] nixos/installation-device.nix: explain sshd usage --- nixos/modules/profiles/installation-device.nix | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/nixos/modules/profiles/installation-device.nix b/nixos/modules/profiles/installation-device.nix index 1a6e06995603..fd30220ce1c9 100644 --- a/nixos/modules/profiles/installation-device.nix +++ b/nixos/modules/profiles/installation-device.nix @@ -55,13 +55,16 @@ with lib; services.mingetty.autologinUser = "nixos"; # Some more help text. - services.mingetty.helpLine = - '' + services.mingetty.helpLine = '' + The "nixos" and "root" accounts have empty passwords. - The "nixos" and "root" account have empty passwords. ${ - optionalString config.services.xserver.enable - "Type `sudo systemctl start display-manager' to\nstart the graphical user interface."} - ''; + Type `sudo systemctl start sshd` to start the SSH daemon. + You then must set a password for either "root" or "nixos" + with `passwd` to be able to login. + '' + optionalString config.services.xserver.enable '' + Type `sudo systemctl start display-manager' to + start the graphical user interface. + ''; # Allow sshd to be started manually through "systemctl start sshd". services.openssh = { From 0aa5e3165ca074ce55318cfddcf28e96b84828e3 Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Sat, 17 Aug 2019 23:57:52 +0200 Subject: [PATCH 2/4] sd-image.nix: set installer.cloneConfig to false As SD Card images are both installation media and installation target, don't copy over a /etc/nixos/configuration.nix Closes #63576. --- nixos/modules/installer/cd-dvd/sd-image.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/nixos/modules/installer/cd-dvd/sd-image.nix b/nixos/modules/installer/cd-dvd/sd-image.nix index 7f355a132496..07f6f627e6c0 100644 --- a/nixos/modules/installer/cd-dvd/sd-image.nix +++ b/nixos/modules/installer/cd-dvd/sd-image.nix @@ -194,5 +194,9 @@ in rm -f /nix-path-registration fi ''; + + # the installation media is also the installation target, + # so we don't want to provide the installation configuration.nix. + installer.cloneConfig = false; }; } From 1515afe8796c28d9c5ec6bbd359edd60fc5e382e Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Sun, 18 Aug 2019 00:57:19 +0200 Subject: [PATCH 3/4] nixos/doc: update installation-device.nix This got quite outdated. We now have both the nixos and root user available for example. --- .../profiles/installation-device.xml | 42 +++++++++---------- 1 file changed, 20 insertions(+), 22 deletions(-) diff --git a/nixos/doc/manual/configuration/profiles/installation-device.xml b/nixos/doc/manual/configuration/profiles/installation-device.xml index 3dcdf403d89d..192ae955b689 100644 --- a/nixos/doc/manual/configuration/profiles/installation-device.xml +++ b/nixos/doc/manual/configuration/profiles/installation-device.xml @@ -6,33 +6,31 @@ Installation Device - Provides a basic configuration for installation devices like CDs. This means - enabling hardware scans, using the - Clone Config profile to guarantee - /etc/nixos/configuration.nix exists (for - nixos-rebuild to work), a copy of the Nixpkgs channel - snapshot used to create the install media. + Provides a basic configuration for installation devices like CDs. + This enables redistributable firmware, includes the + Clone Config profile + and a copy of the Nixpkgs channel, so nixos-install + works out of the box. - - Additionally, documentation for - Nixpkgs and NixOS - are forcefully enabled (to override the + Documentation for Nixpkgs + and NixOS are + forcefully enabled (to override the Minimal profile preference); the - NixOS manual is shown automatically on TTY 8, sudo and udisks are disabled. - Autologin is enabled as root. + NixOS manual is shown automatically on TTY 8, udisks is disabled. + Autologin is enabled as nixos user, while passwordless + login as both root and nixos is possible. + Passwordless sudo is enabled too. + wpa_supplicant is + enabled, but configured to not autostart. + + + It is explained how to login, start the ssh server, and if available, + how to start the display manager. - A message is shown to the user to start a display manager if needed, ssh with - are enabled (but - doesn't autostart). WPA Supplicant is also enabled without autostart. - - - - Finally, vim is installed, root is set to not have a password, the kernel is - made more silent for remote public IP installs, and several settings are - tweaked so that the installer has a better chance of succeeding under - low-memory environments. + Several settings are tweaked so that the installer has a better chance of + succeeding under low-memory environments. From d6eb5b068fa893a5e5c571d8c94d15d12ebabf63 Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Sun, 18 Aug 2019 02:03:58 +0200 Subject: [PATCH 4/4] nixos/doc/clone-config.xml: add line about installation media = installation target --- nixos/doc/manual/configuration/profiles/clone-config.xml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/nixos/doc/manual/configuration/profiles/clone-config.xml b/nixos/doc/manual/configuration/profiles/clone-config.xml index 234835845e2d..21c4ea75d6dd 100644 --- a/nixos/doc/manual/configuration/profiles/clone-config.xml +++ b/nixos/doc/manual/configuration/profiles/clone-config.xml @@ -11,4 +11,11 @@ creating the image in the first place. As a result it allows users to edit and rebuild the live-system. + + + On images where the installation media also becomes an installation target, + copying over configuration.nix should be disabled by + setting installer.cloneConfig to false. + This is already done in sd-image.nix. +