From 56f8d29e6ecfeb57c6d30fe97ad8fe987b00784b Mon Sep 17 00:00:00 2001 From: Tilman Baumann Date: Fri, 4 Oct 2024 20:48:33 +0100 Subject: [PATCH] agenix activation without perl is broken systemd.sysusers.enable = false; https://github.com/ryantm/agenix/issues/238 --- common/{ => profiles}/minimal.nix | 0 common/profiles/perlless.nix | 32 +++++++++++++++++++++++++++++++ flake.nix | 10 ++++------ hosts/nas/default.nix | 3 +++ hosts/router/default.nix | 3 ++- 5 files changed, 41 insertions(+), 7 deletions(-) rename common/{ => profiles}/minimal.nix (100%) create mode 100755 common/profiles/perlless.nix diff --git a/common/minimal.nix b/common/profiles/minimal.nix similarity index 100% rename from common/minimal.nix rename to common/profiles/minimal.nix diff --git a/common/profiles/perlless.nix b/common/profiles/perlless.nix new file mode 100755 index 0000000..2934385 --- /dev/null +++ b/common/profiles/perlless.nix @@ -0,0 +1,32 @@ +# WARNING: If you enable this profile, you will NOT be able to switch to a new +# configuration and thus you will not be able to rebuild your system with +# nixos-rebuild! + +{ lib, ... }: + +{ + + # Disable switching to a new configuration. This is not a necessary + # limitation of a perlless system but just a current one. In the future, + # perlless switching might be possible. + system.switch.enable = lib.mkDefault false; + + # Remove perl from activation + boot.initrd.systemd.enable = lib.mkDefault true; + system.etc.overlay.enable = lib.mkDefault true; + systemd.sysusers.enable = lib.mkDefault true; + + # Random perl remnants + system.disableInstallerTools = lib.mkDefault true; + programs.less.lessopen = lib.mkDefault null; + programs.command-not-found.enable = lib.mkDefault false; + boot.enableContainers = lib.mkDefault false; + environment.defaultPackages = lib.mkDefault [ ]; + documentation.info.enable = lib.mkDefault false; + + # Check that the system does not contain a Nix store path that contains the + # string "perl". + #FIXME https://github.com/ryantm/agenix/issues/238 + #system.forbiddenDependenciesRegexes = ["perl"]; + +} diff --git a/flake.nix b/flake.nix index 90d6363..741c8f1 100755 --- a/flake.nix +++ b/flake.nix @@ -189,9 +189,8 @@ impermanence.nixosModules.impermanence nixos-sbc.nixosModules.default nixos-sbc.nixosModules.boards.bananapi.bpir4 - (nixpkgs.outPath + "/nixos/modules/profiles/headless.nix") - (nixpkgs.outPath + "/nixos/modules/profiles/perlless.nix") - ./common/minimal.nix + ./common/profiles/minimal.nix + ./common/profiles/perlless.nix ./hosts/router ]; system = "aarch64-linux"; @@ -205,9 +204,8 @@ impermanence.nixosModules.impermanence nixos-sbc.nixosModules.default nixos-sbc.nixosModules.boards.raspberrypi.rpi4 - (nixpkgs.outPath + "/nixos/modules/profiles/headless.nix") - (nixpkgs.outPath + "/nixos/modules/profiles/perlless.nix") - ./common/minimal.nix + ./common/profiles/minimal.nix + ./common/profiles/perlless.nix ./hosts/nas ]; system = "aarch64-linux"; diff --git a/hosts/nas/default.nix b/hosts/nas/default.nix index 4c1f121..ba8ad2b 100755 --- a/hosts/nas/default.nix +++ b/hosts/nas/default.nix @@ -12,6 +12,9 @@ }; }; + systemd.sysusers.enable = false; #FIXME https://github.com/ryantm/agenix/issues/238 + + services.openssh.enable = true; nixarr = { diff --git a/hosts/router/default.nix b/hosts/router/default.nix index ff1361b..53ad74b 100644 --- a/hosts/router/default.nix +++ b/hosts/router/default.nix @@ -9,7 +9,8 @@ ./hardware.nix ]; - system.etc.overlay.enable = lib.mkForce false; + system.etc.overlay.enable = lib.mkForce false; #FIXME erofs not available on vendor kernel + systemd.sysusers.enable = lib.mkDefault true; #FIXME https://github.com/ryantm/agenix/issues/238 boot.initrd.systemd.enable = lib.mkForce false; topology.self = {