Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 4822b084aedd
Choose a base ref
...
head repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 6f607b806d55
Choose a head ref
  • 18 commits
  • 13 files changed
  • 3 contributors

Commits on Nov 6, 2018

  1. Docs: init chapter Profiles with section All Hardware

    David Izquierdo committed Nov 6, 2018
    Copy the full SHA
    57d9bc4 View commit details

  2. Docs: init section Base in chapter Profiles

    David Izquierdo committed Nov 6, 2018

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    4c02d4c View commit details

  3. Docs: Stub for section Clone Config in chapter Profiles

    David Izquierdo committed Nov 6, 2018
    Copy the full SHA
    e6445ab View commit details

  4. Docs: init section Demo in chapter Profiles

    David Izquierdo committed Nov 6, 2018
    Copy the full SHA
    40f2cdb View commit details

  5. Docs: init section Docker Container in chapter Profiles

    David Izquierdo committed Nov 6, 2018
    Copy the full SHA
    207bbdc View commit details

  6. Docs: init section Graphical in chapter Profiles

    David Izquierdo committed Nov 6, 2018
    Copy the full SHA
    b10d669 View commit details

  7. Docs: init section Hardened in chapter Profiles

    David Izquierdo committed Nov 6, 2018
    Copy the full SHA
    614ea40 View commit details

  8. Docs: init section Headless in chapter Profiles

    David Izquierdo committed Nov 6, 2018
    Copy the full SHA
    670ee54 View commit details

  9. Docs: init section Installation Device in chapter Profiles

    David Izquierdo committed Nov 6, 2018
    Copy the full SHA
    d2af8fb View commit details

  10. Docs: init section Minimal in chapter Profiles

    David Izquierdo committed Nov 6, 2018
    Copy the full SHA
    62e6497 View commit details

  11. Docs: init section QEMU Guest in chapter Profiles

    David Izquierdo committed Nov 6, 2018
    Copy the full SHA
    b303688 View commit details

  12. Update nixos/doc/manual/configuration/profiles/clone-config.xml 

    Co-Authored-By: DIzFer <david@izquierdofernandez.com>
    @Mic92
    Mic92 and DIzFer authored Nov 6, 2018
    Copy the full SHA
    f488a07 View commit details

  13. Fixed typo in docker-container 

    Co-Authored-By: DIzFer <david@izquierdofernandez.com>
    @jtojnar
    jtojnar and DIzFer authored Nov 6, 2018
    Copy the full SHA
    c7e3f19 View commit details

  14. Second typo in docker-container 

    Co-Authored-By: DIzFer <david@izquierdofernandez.com>
    @jtojnar
    jtojnar and DIzFer authored Nov 6, 2018
    Copy the full SHA
    dbd1a5f View commit details

  15. Update nixos/doc/manual/configuration/profiles/demo.xml 

    Co-Authored-By: DIzFer <david@izquierdofernandez.com>
    @jtojnar
    jtojnar and DIzFer authored Nov 6, 2018
    Copy the full SHA
    6be1696 View commit details

  16. Even more typos in hardened

    David Izquierdo committed Nov 6, 2018
    Copy the full SHA
    6abe1e5 View commit details

  17. Typo in clone-config 

    Co-Authored-By: DIzFer <david@izquierdofernandez.com>
    @Mic92
    Mic92 and DIzFer authored Nov 6, 2018
    Copy the full SHA
    bac8725 View commit details

Commits on Nov 14, 2018

  1. Merge pull request #49821 from DIzFer/profiles-documentation 

    Docs: Add chapter on Profiles
    @Mic92
    Mic92 authored Nov 14, 2018
    Copy the full SHA
    6f607b8 View commit details
1 change: 1 addition & 0 deletions nixos/doc/manual/configuration/configuration.xml
View file
Original file line number Diff line number Diff line change
@@ -22,5 +22,6 @@
<xi:include href="networking.xml" />
<xi:include href="linux-kernel.xml" />
<xi:include href="../generated/modules.xml" xpointer="xpointer(//section[@id='modules']/*)" />
<xi:include href="profiles.xml" />
<!-- Apache; libvirtd virtualisation -->
</part>
39 changes: 39 additions & 0 deletions nixos/doc/manual/configuration/profiles.xml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="ch-profiles">
<title>Profiles</title>
<para>
In some cases, it may be desirable to take advantage of commonly-used,
predefined configurations provided by nixpkgs, but different from those that
come as default. This is a role fulfilled by NixOS's Profiles, which come as
files living in <filename>&lt;nixpkgs/nixos/modules/profiles&gt;</filename>.
That is to say, expected usage is to add them to the imports list of your
<filename>/etc/configuration.nix</filename> as such:
</para>
<programlisting>
imports = [
&lt;nixpkgs/nixos/modules/profiles/profile-name.nix&gt;
];
</programlisting>
<para>
Even if some of these profiles seem only useful in the context of
install media, many are actually intended to be used in real installs.
</para>
<para>
What follows is a brief explanation on the purpose and use-case for each
profile. Detailing each option configured by each one is out of scope.
</para>
<xi:include href="profiles/all-hardware.xml" />
<xi:include href="profiles/base.xml" />
<xi:include href="profiles/clone-config.xml" />
<xi:include href="profiles/demo.xml" />
<xi:include href="profiles/docker-container.xml" />
<xi:include href="profiles/graphical.xml" />
<xi:include href="profiles/hardened.xml" />
<xi:include href="profiles/headless.xml" />
<xi:include href="profiles/installation-device.xml" />
<xi:include href="profiles/minimal.xml" />
<xi:include href="profiles/qemu-guest.xml" />
</chapter>
20 changes: 20 additions & 0 deletions nixos/doc/manual/configuration/profiles/all-hardware.xml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@

<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-profile-all-hardware">
<title>All Hardware</title>
<para>
Enables all hardware supported by NixOS: i.e., all firmware is
included, and all devices from which one may boot are enabled in the initrd.
Its primary use is in the NixOS installation CDs.
</para>
<para>
The enabled kernel modules include support for SATA and PATA, SCSI
(partially), USB, Firewire (untested), Virtio (QEMU, KVM, etc.), VMware, and
Hyper-V. Additionally, <xref linkend="opt-hardware.enableAllFirmware"/> is
enabled, and the firmware for the ZyDAS ZD1211 chipset is specifically
installed.
</para>
</section>
15 changes: 15 additions & 0 deletions nixos/doc/manual/configuration/profiles/base.xml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@

<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-profile-base">
<title>Base</title>
<para>
Defines the software packages included in the "minimal"
installation CD. It installs several utilities useful in a simple recovery or
install media, such as a text-mode web browser, and tools for manipulating
block devices, networking, hardware diagnostics, and filesystems (with their
respective kernel modules).
</para>
</section>
14 changes: 14 additions & 0 deletions nixos/doc/manual/configuration/profiles/clone-config.xml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@

<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-profile-clone-config">
<title>Clone Config</title>
<para>
This profile is used in installer images.
It provides an editable configuration.nix that imports all the modules that
were also used when creating the image in the first place.
As a result it allows users to edit and rebuild the live-system.
</para>
</section>
13 changes: 13 additions & 0 deletions nixos/doc/manual/configuration/profiles/demo.xml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@

<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-profile-demo">
<title>Demo</title>
<para>
This profile just enables a <systemitem class="username">demo</systemitem> user, with password <literal>demo</literal>, uid <literal>1000</literal>, <systemitem class="groupname">wheel</systemitem>
group and <link linkend="opt-services.xserver.displayManager.sddm.autoLogin">
autologin in the SDDM display manager</link>.
</para>
</section>
15 changes: 15 additions & 0 deletions nixos/doc/manual/configuration/profiles/docker-container.xml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@

<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-profile-docker-container">
<title>Docker Container</title>
<para>
This is the profile from which the Docker images are generated. It prepares a
working system by importing the <link linkend="sec-profile-minimal">Minimal</link> and
<link linkend="sec-profile-clone-config">Clone Config</link> profiles, and setting appropriate
configuration options that are useful inside a container context, like
<xref linkend="opt-boot.isContainer"/>.
</para>
</section>
21 changes: 21 additions & 0 deletions nixos/doc/manual/configuration/profiles/graphical.xml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@

<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-profile-graphical">
<title>Graphical</title>
<para>
Defines a NixOS configuration with the Plasma 5 desktop. It's used by the
graphical installation CD.
</para>
<para>
It sets <xref linkend="opt-services.xserver.enable"/>,
<xref linkend="opt-services.xserver.displayManager.sddm.enable"/>,
<xref linkend="opt-services.xserver.desktopManager.plasma5.enable"/> (
<link linkend="opt-services.xserver.desktopManager.plasma5.enableQt4Support">
without Qt4 Support</link>), and
<xref linkend="opt-services.xserver.libinput.enable"/> to true. It also
includes glxinfo and firefox in the system packages list.
</para>
</section>
22 changes: 22 additions & 0 deletions nixos/doc/manual/configuration/profiles/hardened.xml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@

<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-profile-hardened">
<title>Hardened</title>
<para>
A profile with most (vanilla) hardening options enabled by default,
potentially at the cost of features and performance.
</para>
<para>
This includes a hardened kernel, and limiting the system information
available to processes through the <filename>/sys</filename> and
<filename>/proc</filename> filesystems. It also disables the User Namespaces
feature of the kernel, which stops Nix from being able to build anything
(this particular setting can be overriden via
<xref linkend="opt-security.allowUserNamespaces"/>). See the <literal
xlink:href="https://github.com/nixos/nixpkgs/tree/master/nixos/modules/profiles/hardened.nix">
profile source</literal> for further detail on which settings are altered.
</para>
</section>
18 changes: 18 additions & 0 deletions nixos/doc/manual/configuration/profiles/headless.xml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@

<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-profile-headless">
<title>Headless</title>
<para>
Common configuration for headless machines (e.g., Amazon EC2 instances).
</para>
<para>
Disables <link linkend="opt-sound.enable">sound</link>,
<link linkend="opt-boot.vesa">vesa</link>, serial consoles,
<link linkend="opt-systemd.enableEmergencyMode">emergency mode</link>,
<link linkend="opt-boot.loader.grub.splashImage">grub splash images</link> and
configures the kernel to reboot automatically on panic.
</para>
</section>
35 changes: 35 additions & 0 deletions nixos/doc/manual/configuration/profiles/installation-device.xml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@

<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-profile-installation-device">
<title>Installation Device</title>
<para>
Provides a basic configuration for installation devices like CDs. This means
enabling hardware scans, using the <link linkend="sec-profile-clone-config">
Clone Config profile</link> to guarantee
<filename>/etc/nixos/configuration.nix</filename> exists (for
<command>nixos-rebuild</command> to work), a copy of the Nixpkgs channel
snapshot used to create the install media.
</para>
<para>
Additionally, documentation for <link linkend="opt-documentation.enable">
Nixpkgs</link> and <link linkend="opt-documentation.nixos.enable">NixOS
</link> are forcefully enabled (to override the
<link linkend="sec-profile-minimal">Minimal profile</link> preference); the
NixOS manual is shown automatically on TTY 8, sudo and udisks are disabled.
Autologin is enabled as root.
</para>
<para>
A message is shown to the user to start a display manager if needed,
ssh with <xref linkend="opt-services.openssh.permitRootLogin"/> are enabled (but
doesn't autostart). WPA Supplicant is also enabled without autostart.
</para>
<para>
Finally, vim is installed, root is set to not have a password, the kernel is
made more silent for remote public IP installs, and several settings are
tweaked so that the installer has a better chance of succeeding under
low-memory environments.
</para>
</section>
17 changes: 17 additions & 0 deletions nixos/doc/manual/configuration/profiles/minimal.xml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@

<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-profile-minimal">
<title>Minimal</title>
<para>
This profile defines a small NixOS configuration. It does not contain any
graphical stuff. It's a very short file that enables
<link linkend="opt-environment.noXlibs">noXlibs</link>, sets
<link linkend="opt-i18n.supportedLocales">i18n.supportedLocales</link>
to only support the user-selected locale,
<link linkend="opt-documentation.enable">disables packages' documentation
</link>, and <link linkend="opt-sound.enable">disables sound</link>.
</para>
</section>
16 changes: 16 additions & 0 deletions nixos/doc/manual/configuration/profiles/qemu-guest.xml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-profile-qemu-guest">
<title>QEMU Guest</title>
<para>
This profile contains common configuration for virtual machines running under
QEMU (using virtio).
</para>
<para>
It makes virtio modules available on the initrd, sets the system time from
the hardware clock to work around a bug in qemu-kvm, and
<link linkend="opt-security.rngd.enable">enables rngd</link>.
</para>
</section>