installers/tools: add system.disableInstallerTools option

This option can be set to disable installer tools like nixos-rebuild, nixos-install, and nixos-generate-config (as well as more). This is nice when a system is not expected to be rebuild or reconfigure itself such as in a stateless PXE setup, as well as other embedded scenarios. Note, that the system can still be updated, but it must either get nixos-rebuild from another source, or, for embedded systems, be upgraded by another machine like: nix copy "$system" --to "ssh://root@<host>" && ssh "root@<host>" "nix-env -p /nix/var/nix/profiles/system --set $system && $system/bin/switch-to-configuration switch". Along with other options, this allows removing Perl from a closure. For example: { boot.enableContainers = false; environment.defaultPackages = []; system.disableInstallerTools = true; } should not include Perl.
4 years ago · 62e723f5aa
parent 2247d824fe
commit 62e723f5aa
1 changed files with 14 additions and 1 deletions
--- a/nixos/modules/installer/tools/tools.nix
+++ b/nixos/modules/installer/tools/tools.nix
@ -113,7 +113,20 @@ in
    };
  };

-  config = {
+  options.system.disableInstallerTools = mkOption {
+    internal = true;
+    type = types.bool;
+    default = false;
+    description = ''
+      Disable nixos-rebuild, nixos-generate-config, nixos-installer
+      and other NixOS tools. This is useful to shrink embedded,
+      read-only systems which are not expected to be rebuild or
+      reconfigure themselves. Use at your own risk!
+    '';
+  };
+
+  config = lib.mkIf (!config.system.disableInstallerTools) {
+
    system.nixos-generate-config.configuration = mkDefault ''
      # Edit this configuration file to define what should be installed on
      # your system.  Help is available in the configuration.nix(5) man page