Bundle an expression that produces the smallest viable NixOS image

[copumpkin]

Can we have a canonical configuration.nix and script wrapper that produces the smallest self-sufficient NixOS image we can achieve, that can then be expanded into a more complete system?

Basically, I'd expect it to have:

1. Almost nothing in environment.systemPackages (then again, I want that in all my images 😛)
2. Kernel, grub, partition table, filesystem
3. systemd
4. Basic setup for nix-daemon and a RO store
5. sshd
6. A configuration.nix that results in no changes if you nixos-rebuild from within the image

I know that we have a minimal.nix module but the result of that still includes a load of stuff that you don't need to get started.

It'd be interesting to include the image in Hydra and plot its size over time to make sure we don't accidentally pick up silly things in runtime closures.

My goal would be for it to not be much bigger than comparable offerings from Alpine Linux and the like. It would probably be larger at first, but we could whittle it down over time.

[danbst]

You mentioned nixos-rebuild. Should it include text editor?

[copumpkin]

@danbst I might include nano or something, but given that it contains nix itself you'd be able to install another one yourself if you needed it.

[taktoa]

Are you aware of not-os? I think it's not far off from what you want, though the intended use is somewhat different.
/cc @cleverca22 (IRC username: clever)

[cleverca22]

some recent changes i did in not-os allow nix-daemon to work, with sandboxes builds, its currently targeting ARM but i can make it work on x86 as well

[stale]

Thank you for your contributions.

This has been automatically marked as stale because it has had no activity for 180 days.

If this is still important to you, we ask that you leave a comment below. Your comment can be as simple as "still important to me". This lets people see that at least one person still cares about this. Someone will have to do this at most twice a year if there is no other activity.

Here are suggestions that might help resolve this more quickly:

1. Search for maintainers and people that previously touched the related code and @ mention them in a comment.
2. Ask on the NixOS Discourse.
3. Ask on the #nixos channel on irc.freenode.net.

[vikanezrimaya]

This sounds very interesting, even though the issue is very old. Let me try to analyze the problem with some examples along the way. Let's take the minimal profile and construct a system closure:

nix-repl> nixpkgs = (builtins.getFlake "nixpkgs")
nix-repl> minimal = nixpkgs.lib.nixosSystem ({ modules = [(nixpkgs + "/nixos/modules/profiles/minimal.nix") ({...}: { nixpkgs.localSystem.system = "x86_64-linux"; })]; })

Its environment.systemPackages currently includes 117 entries:

nix-repl> builtins.length minimal.config.environment.systemPackages
117

nix-repl> map (pkg: pkg.name) minimal.config.environment.systemPackages
[ "nixos-container" "mdadm-4.1" "bind-9.16.7" "iproute2-5.8.0" "iputils-20200821" "net-tools-1.60_p20180626073013" "lvm2-2.03.10" "fuse-3.9.4" "fuse-2.9.9" "e2fsprogs-1.45.5" "dosfstools-4.1" "bcache-tools-1.0.7" "systemd-246" "kmod-27" "grub-2.04" "kexec-tools-2.0.20" "dbus-1.12.20" "dbus-1.12.20" "iptables-1.8.5" "dhcpcd-8.1.4" "nix-2.3.7" "nix-info" "nix-bash-completions-0.6.8" "udisks-2.8.4" "sudo-1.8.31p1" "polkit-0.116" "polkit-0.116" "linux-pam-1.3.1" "shadow-4.8" "bash-interactive-4.4-p23" "command-not-found" "nixos-build-vms" "nixos-install" "nixos-rebuild" "nixos-generate-config" "nixos-version" "nixos-enter" 
"nixos-option" "shadow-4.8" "shadow-4.8" "shadow-4.8" "shadow-4.8" "shadow-4.8" "shadow-4.8" "shadow-4.8" "shadow-4.8" "shadow-4.8" "shadow-4.8" "shadow-4.8" "shadow-4.8" "shadow-4.8" "shadow-4.8" "shadow-4.8"
 "shadow-4.8" "shadow-4.8" "shadow-4.8" "shadow-4.8" "shadow-4.8" "shadow-4.8" "shadow-4.8" "shadow-4.8" "shadow-4.8" "shadow-4.8" "shadow-4.8" "shadow-4.8" "shadow-4.8" "shadow-4.8" "shadow-4.8" "shadow-4.8" 
"shadow-4.8" "shadow-4.8" "shadow-4.8" "shadow-4.8" "bash-interactive-4.4-p23" "shadow-4.8" "shadow-4.8" "shadow-4.8" "shadow-4.8" "acl-2.2.53" "attr-2.4.48" "bash-interactive-4.4-p23" "bzip2-1.0.6.0.1" "coreutils-8.31" "cpio-2.13" "curl-7.72.0" "diffutils-3.7" "findutils-4.7.0" "gawk-5.1.0" "glibc-2.31" "getent-1003.1-2008" "getconf-1003.1-2008" "gnugrep-3.4" "patch-2.7.6" "gnused-4.8" "gnutar-1.32" "gzip-1.10" "xz-5.2.5" "less-551" "libcap-2.27" "nano-5.2" "ncurses-6.2" "libressl-3.1.3" "openssh-8.3p1" "procps-3.3.16" "shadow-4.8" "time-1.9" "util-linux-2.36" "which-2.21" "zstd-1.4.5" "perl-5.32.0" "rsync-3.1.3" "strace-5.8" "openresolv-3.11.0" "glibc-locales-2.31" "sound-theme-freedesktop-0.8" "kbd-2.0.4" "shared-mime-info-1.13.1" ]

What seems suspicious to me in this configuration:

1. shadow-4.8 is mentioned 40 times. All of these seem to be one and the same, proved by the following snippet:

   nix-repl> shadows = builtins.filter (pkg: pkg.name == "shadow-4.8") minimal.config.environment.systemPackages 
   
   nix-repl> builtins.filter (pkg: pkg != (builtins.elemAt shadows 0)) shadows                                   
   [ «derivation /nix/store/iw2s54k62qj7ibrx1cxj71w5b0jlsi1d-shadow-4.8.drv» ]
   

   It occurs to me that multiple modules can insert the same package in environment.systemPackages and Nix seems to de- duplicate it, collapsing multiple mentions of the same derivation when building closures. For purposes of this analysis, let's ignore the duplicates and proceed to examine the package list.
2. sound-theme-freedesktop seems to be included even when sound is disabled:

   nix-repl> minimal.config.sound.enable
   false
   

3. bcache-tools seems to be included even when bcachefs is not present in boot.supportedFilesystems - looks like a bug.

   nix-repl> minimal.config.boot.supportedFilesystems                                                                                                                                                               
   [ ]
   

4. udisks isn't strictly required, but I found it useful when needing to quickly mount a block device or set up a loop device from a non-root user. Nevertheless, it is NOT absolutely required, and thus can be disabled:

   {...}: { services.udisks2.enable = false; }

5. Archiving utilities and generally useful utilities like grep, gawk or curl seem to be present - these can be pulled with Nix easily if required. They're defined in nixos/modules/config/system-path.nix - removing them requires overriding this file.

This is by no means a complete analysis - but some starting points for slimming down a NixOS profile are present, and could be a good way to jumpstart solving this issue.

[vikanezrimaya]

#97565 is relevant.

Generally, a lot of things for this kind of image should be moved to defaultPackages.

[vikanezrimaya]

I've started a separate project to achieve the solution to this issue (and eventually incorporate it in Nixpkgs): nixos-super-minimal. To people interested in this challenge: consider joining forces in identifying extraneous packages and their sources!

[davidak]

bcache-tools seems to be included even when bcachefs is not present

@kisik21 bcache and bcachefs are different things. bcachefs-tools is not included by default

i support the initial idea of this issue. that's why i introduced defaultPackages

[stale]

I marked this as stale due to inactivity. → More info

[06kellyjac]

still important

[RaitoBezarius]

Just to provide some info, atm, NixOS images generated by make-disk-image for QEMU tests seems to include documentation, manual, texinfo-interactive and some stuff like that. There seems to be room for improvement to reduce the image (464M /nix/store/5ni92y24ki4hkrw6f20hy2jc1xb9lihq-nixos-disk-image/nixos.qcow2) to ~300MB.

Reducing further to 200MB requires work on Perl/Python3 dependencies. For Perl, it seems not that hard. For Python, uncertain of what does it cost to achieve.

[vikanezrimaya]

Python dependencies, in my personal experience, are rather large. It might be wise not to ship too much Python code in minimal images, if possible.