diff options
author | Ding Xiang Fei <dingxiangfei2009@gmail.com> | 2018-11-26 12:04:07 +0800 |
---|---|---|
committer | Ding Xiang Fei <dingxiangfei2009@gmail.com> | 2018-11-26 12:04:07 +0800 |
commit | b011049cf6a7de926adfb5addce62220608acc59 (patch) | |
tree | 6c18c2bd9f6c8eac060c83a371f5fd668e86a42b /nixos | |
parent | 50daffc4b828894e076c190fbd88bac19148b4f0 (diff) | |
parent | ab88ed6df661682881708489f9dd27fb4e86879d (diff) |
Merge branch 'master' of https://github.com/nixos/nixpkgs into tarball-closureinfo
Diffstat (limited to 'nixos')
70 files changed, 1083 insertions, 177 deletions
diff --git a/nixos/doc/manual/configuration/configuration.xml b/nixos/doc/manual/configuration/configuration.xml index 8d05dcd34b4d..cebc4122c6c6 100644 --- a/nixos/doc/manual/configuration/configuration.xml +++ b/nixos/doc/manual/configuration/configuration.xml @@ -22,5 +22,6 @@ <xi:include href="networking.xml" /> <xi:include href="linux-kernel.xml" /> <xi:include href="../generated/modules.xml" xpointer="xpointer(//section[@id='modules']/*)" /> + <xi:include href="profiles.xml" /> <!-- Apache; libvirtd virtualisation --> </part> diff --git a/nixos/doc/manual/configuration/profiles.xml b/nixos/doc/manual/configuration/profiles.xml new file mode 100644 index 000000000000..92c0f6202f28 --- /dev/null +++ b/nixos/doc/manual/configuration/profiles.xml @@ -0,0 +1,39 @@ +<chapter xmlns="http://docbook.org/ns/docbook" + xmlns:xlink="http://www.w3.org/1999/xlink" + xmlns:xi="http://www.w3.org/2001/XInclude" + version="5.0" + xml:id="ch-profiles"> + <title>Profiles</title> + <para> + In some cases, it may be desirable to take advantage of commonly-used, + predefined configurations provided by nixpkgs, but different from those that + come as default. This is a role fulfilled by NixOS's Profiles, which come as + files living in <filename><nixpkgs/nixos/modules/profiles></filename>. + That is to say, expected usage is to add them to the imports list of your + <filename>/etc/configuration.nix</filename> as such: + </para> + <programlisting> + imports = [ + <nixpkgs/nixos/modules/profiles/profile-name.nix> + ]; + </programlisting> + <para> + Even if some of these profiles seem only useful in the context of + install media, many are actually intended to be used in real installs. + </para> + <para> + What follows is a brief explanation on the purpose and use-case for each + profile. Detailing each option configured by each one is out of scope. + </para> + <xi:include href="profiles/all-hardware.xml" /> + <xi:include href="profiles/base.xml" /> + <xi:include href="profiles/clone-config.xml" /> + <xi:include href="profiles/demo.xml" /> + <xi:include href="profiles/docker-container.xml" /> + <xi:include href="profiles/graphical.xml" /> + <xi:include href="profiles/hardened.xml" /> + <xi:include href="profiles/headless.xml" /> + <xi:include href="profiles/installation-device.xml" /> + <xi:include href="profiles/minimal.xml" /> + <xi:include href="profiles/qemu-guest.xml" /> +</chapter> diff --git a/nixos/doc/manual/configuration/profiles/all-hardware.xml b/nixos/doc/manual/configuration/profiles/all-hardware.xml new file mode 100644 index 000000000000..172975199474 --- /dev/null +++ b/nixos/doc/manual/configuration/profiles/all-hardware.xml @@ -0,0 +1,20 @@ + +<section xmlns="http://docbook.org/ns/docbook" + xmlns:xlink="http://www.w3.org/1999/xlink" + xmlns:xi="http://www.w3.org/2001/XInclude" + version="5.0" + xml:id="sec-profile-all-hardware"> + <title>All Hardware</title> + <para> + Enables all hardware supported by NixOS: i.e., all firmware is + included, and all devices from which one may boot are enabled in the initrd. + Its primary use is in the NixOS installation CDs. + </para> + <para> + The enabled kernel modules include support for SATA and PATA, SCSI + (partially), USB, Firewire (untested), Virtio (QEMU, KVM, etc.), VMware, and + Hyper-V. Additionally, <xref linkend="opt-hardware.enableAllFirmware"/> is + enabled, and the firmware for the ZyDAS ZD1211 chipset is specifically + installed. + </para> +</section> diff --git a/nixos/doc/manual/configuration/profiles/base.xml b/nixos/doc/manual/configuration/profiles/base.xml new file mode 100644 index 000000000000..f58a35d626ed --- /dev/null +++ b/nixos/doc/manual/configuration/profiles/base.xml @@ -0,0 +1,15 @@ + +<section xmlns="http://docbook.org/ns/docbook" + xmlns:xlink="http://www.w3.org/1999/xlink" + xmlns:xi="http://www.w3.org/2001/XInclude" + version="5.0" + xml:id="sec-profile-base"> + <title>Base</title> + <para> + Defines the software packages included in the "minimal" + installation CD. It installs several utilities useful in a simple recovery or + install media, such as a text-mode web browser, and tools for manipulating + block devices, networking, hardware diagnostics, and filesystems (with their + respective kernel modules). + </para> +</section> diff --git a/nixos/doc/manual/configuration/profiles/clone-config.xml b/nixos/doc/manual/configuration/profiles/clone-config.xml new file mode 100644 index 000000000000..87c8b9ee31b6 --- /dev/null +++ b/nixos/doc/manual/configuration/profiles/clone-config.xml @@ -0,0 +1,14 @@ + +<section xmlns="http://docbook.org/ns/docbook" + xmlns:xlink="http://www.w3.org/1999/xlink" + xmlns:xi="http://www.w3.org/2001/XInclude" + version="5.0" + xml:id="sec-profile-clone-config"> + <title>Clone Config</title> + <para> + This profile is used in installer images. + It provides an editable configuration.nix that imports all the modules that + were also used when creating the image in the first place. + As a result it allows users to edit and rebuild the live-system. + </para> +</section> diff --git a/nixos/doc/manual/configuration/profiles/demo.xml b/nixos/doc/manual/configuration/profiles/demo.xml new file mode 100644 index 000000000000..98829e4696df --- /dev/null +++ b/nixos/doc/manual/configuration/profiles/demo.xml @@ -0,0 +1,13 @@ + +<section xmlns="http://docbook.org/ns/docbook" + xmlns:xlink="http://www.w3.org/1999/xlink" + xmlns:xi="http://www.w3.org/2001/XInclude" + version="5.0" + xml:id="sec-profile-demo"> + <title>Demo</title> + <para> + This profile just enables a <systemitem class="username">demo</systemitem> user, with password <literal>demo</literal>, uid <literal>1000</literal>, <systemitem class="groupname">wheel</systemitem> + group and <link linkend="opt-services.xserver.displayManager.sddm.autoLogin"> + autologin in the SDDM display manager</link>. + </para> +</section> diff --git a/nixos/doc/manual/configuration/profiles/docker-container.xml b/nixos/doc/manual/configuration/profiles/docker-container.xml new file mode 100644 index 000000000000..bf962442ccef --- /dev/null +++ b/nixos/doc/manual/configuration/profiles/docker-container.xml @@ -0,0 +1,15 @@ + +<section xmlns="http://docbook.org/ns/docbook" + xmlns:xlink="http://www.w3.org/1999/xlink" + xmlns:xi="http://www.w3.org/2001/XInclude" + version="5.0" + xml:id="sec-profile-docker-container"> + <title>Docker Container</title> + <para> + This is the profile from which the Docker images are generated. It prepares a + working system by importing the <link linkend="sec-profile-minimal">Minimal</link> and + <link linkend="sec-profile-clone-config">Clone Config</link> profiles, and setting appropriate + configuration options that are useful inside a container context, like + <xref linkend="opt-boot.isContainer"/>. + </para> +</section> diff --git a/nixos/doc/manual/configuration/profiles/graphical.xml b/nixos/doc/manual/configuration/profiles/graphical.xml new file mode 100644 index 000000000000..5ded61d9763b --- /dev/null +++ b/nixos/doc/manual/configuration/profiles/graphical.xml @@ -0,0 +1,21 @@ + +<section xmlns="http://docbook.org/ns/docbook" + xmlns:xlink="http://www.w3.org/1999/xlink" + xmlns:xi="http://www.w3.org/2001/XInclude" + version="5.0" + xml:id="sec-profile-graphical"> + <title>Graphical</title> + <para> + Defines a NixOS configuration with the Plasma 5 desktop. It's used by the + graphical installation CD. + </para> + <para> + It sets <xref linkend="opt-services.xserver.enable"/>, + <xref linkend="opt-services.xserver.displayManager.sddm.enable"/>, + <xref linkend="opt-services.xserver.desktopManager.plasma5.enable"/> ( + <link linkend="opt-services.xserver.desktopManager.plasma5.enableQt4Support"> + without Qt4 Support</link>), and + <xref linkend="opt-services.xserver.libinput.enable"/> to true. It also + includes glxinfo and firefox in the system packages list. + </para> +</section> diff --git a/nixos/doc/manual/configuration/profiles/hardened.xml b/nixos/doc/manual/configuration/profiles/hardened.xml new file mode 100644 index 000000000000..b3b433792f53 --- /dev/null +++ b/nixos/doc/manual/configuration/profiles/hardened.xml @@ -0,0 +1,22 @@ + +<section xmlns="http://docbook.org/ns/docbook" + xmlns:xlink="http://www.w3.org/1999/xlink" + xmlns:xi="http://www.w3.org/2001/XInclude" + version="5.0" + xml:id="sec-profile-hardened"> + <title>Hardened</title> + <para> + A profile with most (vanilla) hardening options enabled by default, + potentially at the cost of features and performance. + </para> + <para> + This includes a hardened kernel, and limiting the system information + available to processes through the <filename>/sys</filename> and + <filename>/proc</filename> filesystems. It also disables the User Namespaces + feature of the kernel, which stops Nix from being able to build anything + (this particular setting can be overriden via + <xref linkend="opt-security.allowUserNamespaces"/>). See the <literal + xlink:href="https://github.com/nixos/nixpkgs/tree/master/nixos/modules/profiles/hardened.nix"> + profile source</literal> for further detail on which settings are altered. + </para> +</section> diff --git a/nixos/doc/manual/configuration/profiles/headless.xml b/nixos/doc/manual/configuration/profiles/headless.xml new file mode 100644 index 000000000000..54dc61f236e0 --- /dev/null +++ b/nixos/doc/manual/configuration/profiles/headless.xml @@ -0,0 +1,18 @@ + +<section xmlns="http://docbook.org/ns/docbook" + xmlns:xlink="http://www.w3.org/1999/xlink" + xmlns:xi="http://www.w3.org/2001/XInclude" + version="5.0" + xml:id="sec-profile-headless"> + <title>Headless</title> + <para> + Common configuration for headless machines (e.g., Amazon EC2 instances). + </para> + <para> + Disables <link linkend="opt-sound.enable">sound</link>, + <link linkend="opt-boot.vesa">vesa</link>, serial consoles, + <link linkend="opt-systemd.enableEmergencyMode">emergency mode</link>, + <link linkend="opt-boot.loader.grub.splashImage">grub splash images</link> and + configures the kernel to reboot automatically on panic. + </para> +</section> diff --git a/nixos/doc/manual/configuration/profiles/installation-device.xml b/nixos/doc/manual/configuration/profiles/installation-device.xml new file mode 100644 index 000000000000..44ccfc538ad1 --- /dev/null +++ b/nixos/doc/manual/configuration/profiles/installation-device.xml @@ -0,0 +1,35 @@ + +<section xmlns="http://docbook.org/ns/docbook" + xmlns:xlink="http://www.w3.org/1999/xlink" + xmlns:xi="http://www.w3.org/2001/XInclude" + version="5.0" + xml:id="sec-profile-installation-device"> + <title>Installation Device</title> + <para> + Provides a basic configuration for installation devices like CDs. This means + enabling hardware scans, using the <link linkend="sec-profile-clone-config"> + Clone Config profile</link> to guarantee + <filename>/etc/nixos/configuration.nix</filename> exists (for + <command>nixos-rebuild</command> to work), a copy of the Nixpkgs channel + snapshot used to create the install media. + </para> + <para> + Additionally, documentation for <link linkend="opt-documentation.enable"> + Nixpkgs</link> and <link linkend="opt-documentation.nixos.enable">NixOS + </link> are forcefully enabled (to override the + <link linkend="sec-profile-minimal">Minimal profile</link> preference); the + NixOS manual is shown automatically on TTY 8, sudo and udisks are disabled. + Autologin is enabled as root. + </para> + <para> + A message is shown to the user to start a display manager if needed, + ssh with <xref linkend="opt-services.openssh.permitRootLogin"/> are enabled (but + doesn't autostart). WPA Supplicant is also enabled without autostart. + </para> + <para> + Finally, vim is installed, root is set to not have a password, the kernel is + made more silent for remote public IP installs, and several settings are + tweaked so that the installer has a better chance of succeeding under + low-memory environments. + </para> +</section> diff --git a/nixos/doc/manual/configuration/profiles/minimal.xml b/nixos/doc/manual/configuration/profiles/minimal.xml new file mode 100644 index 000000000000..a24af21bd7f7 --- /dev/null +++ b/nixos/doc/manual/configuration/profiles/minimal.xml @@ -0,0 +1,17 @@ + +<section xmlns="http://docbook.org/ns/docbook" + xmlns:xlink="http://www.w3.org/1999/xlink" + xmlns:xi="http://www.w3.org/2001/XInclude" + version="5.0" + xml:id="sec-profile-minimal"> + <title>Minimal</title> + <para> + This profile defines a small NixOS configuration. It does not contain any + graphical stuff. It's a very short file that enables + <link linkend="opt-environment.noXlibs">noXlibs</link>, sets + <link linkend="opt-i18n.supportedLocales">i18n.supportedLocales</link> + to only support the user-selected locale, + <link linkend="opt-documentation.enable">disables packages' documentation + </link>, and <link linkend="opt-sound.enable">disables sound</link>. + </para> +</section> diff --git a/nixos/doc/manual/configuration/profiles/qemu-guest.xml b/nixos/doc/manual/configuration/profiles/qemu-guest.xml new file mode 100644 index 000000000000..d08068650fbe --- /dev/null +++ b/nixos/doc/manual/configuration/profiles/qemu-guest.xml @@ -0,0 +1,16 @@ +<section xmlns="http://docbook.org/ns/docbook" + xmlns:xlink="http://www.w3.org/1999/xlink" + xmlns:xi="http://www.w3.org/2001/XInclude" + version="5.0" + xml:id="sec-profile-qemu-guest"> + <title>QEMU Guest</title> + <para> + This profile contains common configuration for virtual machines running under + QEMU (using virtio). + </para> + <para> + It makes virtio modules available on the initrd, sets the system time from + the hardware clock to work around a bug in qemu-kvm, and + <link linkend="opt-security.rngd.enable">enables rngd</link>. + </para> |