JakeHillion/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
a5872edf2f
nixpkgs/nixos/doc/manual
History
Jörg Thalheim a5872edf2f
nixos/installer: enable sshd by default 
Right now the UX for installing NixOS on a headless system is very bad.
To enable sshd without physical steps users have to have either physical
access or need to be very knowledge-able to figure out how to modify the
installation image by hand to put an `sshd.service` symlink in the
right directory in /nix/store. This is in particular a problem on ARM
SBCs (single board computer) but also other hardware where network is
the only meaningful way to access the hardware.

This commit enables sshd by default. This does not give anyone access to
the NixOS installer since by default. There is no user with a non-empty
password or key. It makes it easy however to add ssh keys to the
installation image (usb stick, sd-card on arm boards) by simply mounting
it and adding a keys to `/root/.ssh/authorized_keys`.
Importantly this should not require nix/nixos on the machine that
prepare the installation device and even feasiable on non-linux systems
by using ext4 third party drivers.

Potential new threats: Since this enables sshd by default a
potential bug in openssh could lead to remote code execution. Openssh
has a very good track-record over the last 20 years, which makes it
far more likely that Linux itself would have a remote code execution
vulnerability. It is trusted by millions of servers on many operating
systems to be exposed to the internet by default.

Co-authored-by: Samuel Dionne-Riel <samuel@dionne-riel.com>
2020-09-06 20:26:08 +02:00
..
administration nixos/doc: convert loaOf options refs to attrsOf 2020-09-02 00:42:51 +02:00
configuration nixos/doc: convert loaOf options refs to attrsOf 2020-09-02 00:42:51 +02:00
development fixup! nixos/doc/releases: update the docs as promised 2020-09-04 10:59:06 -07:00
installation nixos/installer: enable sshd by default 2020-09-06 20:26:08 +02:00
release-notes nixos/installer: enable sshd by default 2020-09-06 20:26:08 +02:00
.gitignore nixos docs: ignore generated files 2018-05-01 19:50:02 -04:00
default.nix nixos manual: have a toc for each part and chapter 2019-10-30 10:25:09 +01:00
Makefile nixos/doc/manual: Fix Makefile 2019-09-06 12:40:06 +02:00
man-configuration.xml nixos/doc: fix manpage format 2019-10-05 15:55:49 +00:00
man-nixos-build-vms.xml nixos/doc/*: editorconfig fixes 2020-07-31 15:08:54 +10:00
man-nixos-enter.xml nixos/manual: fix typo in man-nixos-enter.xml 2020-08-22 15:08:37 -04:00
man-nixos-generate-config.xml nixos/doc: fix manpage format 2019-10-05 15:55:49 +00:00
man-nixos-install.xml nixos-install: add support for flakes 2020-09-04 06:56:09 +02:00
man-nixos-option.xml Merge pull request #75439 from Ma27/submodule-fixes-for-nixos-option 2020-02-01 10:00:59 +01:00
man-nixos-rebuild.xml nixos-rebuild: do not depend on nix.conf to activate flakes 2020-09-04 06:56:09 +02:00
man-nixos-version.xml nixos-version: Add --json flag and show system.configurationRevision 2020-02-05 23:15:18 +01:00
man-pages.xml nixos/doc+manual: update copyright year range end 2019->2020 2020-01-14 07:01:39 -06:00
manual.xml nixos manual: move preface into own file 2019-10-30 10:25:09 +01:00
preface.xml nixos manual: refer to nix and nixpkgs manuals 2019-10-30 10:25:09 +01:00
README
shell.nix doc: Adds xml fixing script. (see previous and next commits) 2018-05-31 21:02:15 -04:00

README 

To build the manual, you need Nix installed on your system (no need
for NixOS). To install Nix, follow the instructions at

    https://nixos.org/nix/download.html

When you have Nix on your system, in the root directory of the project
(i.e., `nixpkgs`), run:

    nix-build nixos/release.nix -A manual.x86_64-linux

When this command successfully finishes, it will tell you where the
manual got generated.