This option can be set to disable installer tools like nixos-rebuild,
nixos-install, and nixos-generate-config (as well as more). This is
nice when a system is not expected to be rebuild or reconfigure itself
such as in a stateless PXE setup, as well as other embedded scenarios.
Note, that the system can still be updated, but it must either get
nixos-rebuild from another source, or, for embedded systems, be
upgraded by another machine like:
nix copy "$system" --to "ssh://root@<host>" && ssh "root@<host>"
"nix-env -p /nix/var/nix/profiles/system --set $system && $system/bin/switch-to-configuration switch".
Along with other options, this allows removing Perl from a closure.
For example:
{
boot.enableContainers = false;
environment.defaultPackages = [];
system.disableInstallerTools = true;
}
should not include Perl.
This reverts commit aab534b894 & uses the
driverInteractive attribute for the test driver instead.
This has the same effect but removes the extra module in the
nixos-build-vms code.
When I test a change e.g. in the module system manually, I usually use
`nixos-build-vms(8)` which also gives me a QEMU window where I can play
around in the freshly built VM.
It seems as this has changed recently when the default package for
non-interactive VM tests using the same framework was switched to
`pkgs.qemu_test` to reduce the closure size. While this is a reasonable
decision for our CI tests, I think that you really want a QEMU window of
the VM by default when using `nixos-build-vms(8)`.
[1] bc2188b083
The only nix version available in the installer should be the version
configure in the module system. If someone needs `nixUnstable` in their
`nixos-install` they should probably set the module option and not just
add it to the closure.
$EDITOR is allowed to contain flags, so it is important to allow the
shell to split this normally. For example, Sublime Text needs to be
passed --wait, since otherwise it will daemonise.
$NIXOS_CONFIG can be set to a directory, in which case the file used
is $NIXOS_CONFIG/default.nix. This updates 'nixos-rebuild edit' to
handle that case correctly.
The nix store more-or-less requires o+rx on all parent directories.
This is primarily because nix runs builders in a uid/gid mapped
user-namespace, and those builders have to be able to operate on the nix
store.
This check is especially helpful because nix does not produce a helpful
error on its own (rather, creating directories and such works, it's not
until 'mount --bind' that it gets an EACCES).
Helps users who run into this opaque error, such as in #67465.
Possibly fixes that issue if bad permissions were the only cause.
'nix build' is an experimental command so we shouldn't use it
yet. (nixos-rebuild also uses 'nix', but only when using flakes, which
are themselves an experimental feature.)
