diff options
Diffstat (limited to 'nixpkgs/nixos/doc/manual/configuration/profiles')
11 files changed, 219 insertions, 0 deletions
diff --git a/nixpkgs/nixos/doc/manual/configuration/profiles/all-hardware.xml b/nixpkgs/nixos/doc/manual/configuration/profiles/all-hardware.xml new file mode 100644 index 000000000000..2936f71069d5 --- /dev/null +++ b/nixpkgs/nixos/doc/manual/configuration/profiles/all-hardware.xml @@ -0,0 +1,21 @@ +<section xmlns="http://docbook.org/ns/docbook" + xmlns:xlink="http://www.w3.org/1999/xlink" + xmlns:xi="http://www.w3.org/2001/XInclude" + version="5.0" + xml:id="sec-profile-all-hardware"> + <title>All Hardware</title> + + <para> + Enables all hardware supported by NixOS: i.e., all firmware is included, and + all devices from which one may boot are enabled in the initrd. Its primary + use is in the NixOS installation CDs. + </para> + + <para> + The enabled kernel modules include support for SATA and PATA, SCSI + (partially), USB, Firewire (untested), Virtio (QEMU, KVM, etc.), VMware, and + Hyper-V. Additionally, <xref linkend="opt-hardware.enableAllFirmware"/> is + enabled, and the firmware for the ZyDAS ZD1211 chipset is specifically + installed. + </para> +</section> diff --git a/nixpkgs/nixos/doc/manual/configuration/profiles/base.xml b/nixpkgs/nixos/doc/manual/configuration/profiles/base.xml new file mode 100644 index 000000000000..b75f6ba25b4f --- /dev/null +++ b/nixpkgs/nixos/doc/manual/configuration/profiles/base.xml @@ -0,0 +1,15 @@ +<section xmlns="http://docbook.org/ns/docbook" + xmlns:xlink="http://www.w3.org/1999/xlink" + xmlns:xi="http://www.w3.org/2001/XInclude" + version="5.0" + xml:id="sec-profile-base"> + <title>Base</title> + + <para> + Defines the software packages included in the "minimal" installation CD. It + installs several utilities useful in a simple recovery or install media, such + as a text-mode web browser, and tools for manipulating block devices, + networking, hardware diagnostics, and filesystems (with their respective + kernel modules). + </para> +</section> diff --git a/nixpkgs/nixos/doc/manual/configuration/profiles/clone-config.xml b/nixpkgs/nixos/doc/manual/configuration/profiles/clone-config.xml new file mode 100644 index 000000000000..234835845e2d --- /dev/null +++ b/nixpkgs/nixos/doc/manual/configuration/profiles/clone-config.xml @@ -0,0 +1,14 @@ +<section xmlns="http://docbook.org/ns/docbook" + xmlns:xlink="http://www.w3.org/1999/xlink" + xmlns:xi="http://www.w3.org/2001/XInclude" + version="5.0" + xml:id="sec-profile-clone-config"> + <title>Clone Config</title> + + <para> + This profile is used in installer images. It provides an editable + configuration.nix that imports all the modules that were also used when + creating the image in the first place. As a result it allows users to edit + and rebuild the live-system. + </para> +</section> diff --git a/nixpkgs/nixos/doc/manual/configuration/profiles/demo.xml b/nixpkgs/nixos/doc/manual/configuration/profiles/demo.xml new file mode 100644 index 000000000000..395a5ec357c9 --- /dev/null +++ b/nixpkgs/nixos/doc/manual/configuration/profiles/demo.xml @@ -0,0 +1,15 @@ +<section xmlns="http://docbook.org/ns/docbook" + xmlns:xlink="http://www.w3.org/1999/xlink" + xmlns:xi="http://www.w3.org/2001/XInclude" + version="5.0" + xml:id="sec-profile-demo"> + <title>Demo</title> + + <para> + This profile just enables a <systemitem class="username">demo</systemitem> + user, with password <literal>demo</literal>, uid <literal>1000</literal>, + <systemitem class="groupname">wheel</systemitem> group and + <link linkend="opt-services.xserver.displayManager.sddm.autoLogin"> autologin + in the SDDM display manager</link>. + </para> +</section> diff --git a/nixpkgs/nixos/doc/manual/configuration/profiles/docker-container.xml b/nixpkgs/nixos/doc/manual/configuration/profiles/docker-container.xml new file mode 100644 index 000000000000..efa7b8f24c43 --- /dev/null +++ b/nixpkgs/nixos/doc/manual/configuration/profiles/docker-container.xml @@ -0,0 +1,16 @@ +<section xmlns="http://docbook.org/ns/docbook" + xmlns:xlink="http://www.w3.org/1999/xlink" + xmlns:xi="http://www.w3.org/2001/XInclude" + version="5.0" + xml:id="sec-profile-docker-container"> + <title>Docker Container</title> + + <para> + This is the profile from which the Docker images are generated. It prepares a + working system by importing the + <link linkend="sec-profile-minimal">Minimal</link> and + <link linkend="sec-profile-clone-config">Clone Config</link> profiles, and + setting appropriate configuration options that are useful inside a container + context, like <xref linkend="opt-boot.isContainer"/>. + </para> +</section> diff --git a/nixpkgs/nixos/doc/manual/configuration/profiles/graphical.xml b/nixpkgs/nixos/doc/manual/configuration/profiles/graphical.xml new file mode 100644 index 000000000000..73e3abc59d0c --- /dev/null +++ b/nixpkgs/nixos/doc/manual/configuration/profiles/graphical.xml @@ -0,0 +1,22 @@ +<section xmlns="http://docbook.org/ns/docbook" + xmlns:xlink="http://www.w3.org/1999/xlink" + xmlns:xi="http://www.w3.org/2001/XInclude" + version="5.0" + xml:id="sec-profile-graphical"> + <title>Graphical</title> + + <para> + Defines a NixOS configuration with the Plasma 5 desktop. It's used by the + graphical installation CD. + </para> + + <para> + It sets <xref linkend="opt-services.xserver.enable"/>, + <xref linkend="opt-services.xserver.displayManager.sddm.enable"/>, + <xref linkend="opt-services.xserver.desktopManager.plasma5.enable"/> ( + <link linkend="opt-services.xserver.desktopManager.plasma5.enableQt4Support"> + without Qt4 Support</link>), and + <xref linkend="opt-services.xserver.libinput.enable"/> to true. It also + includes glxinfo and firefox in the system packages list. + </para> +</section> diff --git a/nixpkgs/nixos/doc/manual/configuration/profiles/hardened.xml b/nixpkgs/nixos/doc/manual/configuration/profiles/hardened.xml new file mode 100644 index 000000000000..dc83fc837e2a --- /dev/null +++ b/nixpkgs/nixos/doc/manual/configuration/profiles/hardened.xml @@ -0,0 +1,24 @@ +<section xmlns="http://docbook.org/ns/docbook" + xmlns:xlink="http://www.w3.org/1999/xlink" + xmlns:xi="http://www.w3.org/2001/XInclude" + version="5.0" + xml:id="sec-profile-hardened"> + <title>Hardened</title> + + <para> + A profile with most (vanilla) hardening options enabled by default, + potentially at the cost of features and performance. + </para> + + <para> + This includes a hardened kernel, and limiting the system information + available to processes through the <filename>/sys</filename> and + <filename>/proc</filename> filesystems. It also disables the User Namespaces + feature of the kernel, which stops Nix from being able to build anything + (this particular setting can be overriden via + <xref linkend="opt-security.allowUserNamespaces"/>). See the + <literal + xlink:href="https://github.com/nixos/nixpkgs/tree/master/nixos/modules/profiles/hardened.nix"> + profile source</literal> for further detail on which settings are altered. + </para> +</section> diff --git a/nixpkgs/nixos/doc/manual/configuration/profiles/headless.xml b/nixpkgs/nixos/doc/manual/configuration/profiles/headless.xml new file mode 100644 index 000000000000..1b64497ebf7f --- /dev/null +++ b/nixpkgs/nixos/doc/manual/configuration/profiles/headless.xml @@ -0,0 +1,19 @@ +<section xmlns="http://docbook.org/ns/docbook" + xmlns:xlink="http://www.w3.org/1999/xlink" + xmlns:xi="http://www.w3.org/2001/XInclude" + version="5.0" + xml:id="sec-profile-headless"> + <title>Headless</title> + + <para> + Common configuration for headless machines (e.g., Amazon EC2 instances). + </para> + + <para> + Disables <link linkend="opt-sound.enable">sound</link>, + <link linkend="opt-boot.vesa">vesa</link>, serial consoles, + <link linkend="opt-systemd.enableEmergencyMode">emergency mode</link>, + <link linkend="opt-boot.loader.grub.splashImage">grub splash images</link> + and configures the kernel to reboot automatically on panic. + </para> +</section> diff --git a/nixpkgs/nixos/doc/manual/configuration/profiles/installation-device.xml b/nixpkgs/nixos/doc/manual/configuration/profiles/installation-device.xml new file mode 100644 index 000000000000..3dcdf403d89d --- /dev/null +++ b/nixpkgs/nixos/doc/manual/configuration/profiles/installation-device.xml @@ -0,0 +1,38 @@ +<section xmlns="http://docbook.org/ns/docbook" + xmlns:xlink="http://www.w3.org/1999/xlink" + xmlns:xi="http://www.w3.org/2001/XInclude" + version="5.0" + xml:id="sec-profile-installation-device"> + <title>Installation Device</title> + + <para> + Provides a basic configuration for installation devices like CDs. This means + enabling hardware scans, using the <link linkend="sec-profile-clone-config"> + Clone Config profile</link> to guarantee + <filename>/etc/nixos/configuration.nix</filename> exists (for + <command>nixos-rebuild</command> to work), a copy of the Nixpkgs channel + snapshot used to create the install media. + </para> + + <para> + Additionally, documentation for <link linkend="opt-documentation.enable"> + Nixpkgs</link> and <link linkend="opt-documentation.nixos.enable">NixOS + </link> are forcefully enabled (to override the + <link linkend="sec-profile-minimal">Minimal profile</link> preference); the + NixOS manual is shown automatically on TTY 8, sudo and udisks are disabled. + Autologin is enabled as root. + </para> + + <para> + A message is shown to the user to start a display manager if needed, ssh with + <xref linkend="opt-services.openssh.permitRootLogin"/> are enabled (but + doesn't autostart). WPA Supplicant is also enabled without autostart. + </para> + + <para> + Finally, vim is installed, root is set to not have a password, the kernel is + made more silent for remote public IP installs, and several settings are + tweaked so that the installer has a better chance of succeeding under + low-memory environments. + </para> +</section> diff --git a/nixpkgs/nixos/doc/manual/configuration/profiles/minimal.xml b/nixpkgs/nixos/doc/manual/configuration/profiles/minimal.xml new file mode 100644 index 000000000000..179f2d0be64b --- /dev/null +++ b/nixpkgs/nixos/doc/manual/configuration/profiles/minimal.xml @@ -0,0 +1,17 @@ +<section xmlns="http://docbook.org/ns/docbook" + xmlns:xlink="http://www.w3.org/1999/xlink" + xmlns:xi="http://www.w3.org/2001/XInclude" + version="5.0" + xml:id="sec-profile-minimal"> + <title>Minimal</title> + + <para> + This profile defines a small NixOS configuration. It does not contain any + graphical stuff. It's a very short file that enables + <link linkend="opt-environment.noXlibs">noXlibs</link>, sets + <link linkend="opt-i18n.supportedLocales">i18n.supportedLocales</link> to + only support the user-selected locale, + <link linkend="opt-documentation.enable">disables packages' documentation + </link>, and <link linkend="opt-sound.enable">disables sound</link>. + </para> +</section> diff --git a/nixpkgs/nixos/doc/manual/configuration/profiles/qemu-guest.xml b/nixpkgs/nixos/doc/manual/configuration/profiles/qemu-guest.xml new file mode 100644 index 000000000000..5d055c45d2d8 --- /dev/null +++ b/nixpkgs/nixos/doc/manual/configuration/profiles/qemu-guest.xml @@ -0,0 +1,18 @@ +<section xmlns="http://docbook.org/ns/docbook" + xmlns:xlink="http://www.w3.org/1999/xlink" + xmlns:xi="http://www.w3.org/2001/XInclude" + version="5.0" + xml:id="sec-profile-qemu-guest"> + <title>QEMU Guest</title> + + <para> + This profile contains common configuration for virtual machines running under + QEMU (using virtio). + </para> + + <para> + It makes virtio modules available on the initrd, sets the system time from + the hardware clock to work around a bug in qemu-kvm, and + <link linkend="opt-security.rngd.enable">enables rngd</link>. + </para> +</section> |