installer: Don't run graphical installer ISOs as root #42610
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,73 @@ | ||
| # This module contains the basic configuration for building a graphical NixOS | ||
| # installation CD. | ||
|
|
||
| { config, lib, pkgs, ... }: | ||
|
|
||
| with lib; | ||
|
|
||
| { | ||
| imports = [ ./installation-cd-base.nix ]; | ||
|
|
||
| users.extraUsers.live = { | ||
| isNormalUser = true; | ||
| uid = 1000; | ||
| extraGroups = [ "wheel" "networkmanager" "video" ]; | ||
| # Allow the graphical user to login without password | ||
| initialHashedPassword = ""; | ||
| }; | ||
|
|
||
| # Allow passwordless sudo from live user | ||
| security.sudo = { | ||
| enable = lib.mkForce true; | ||
| wheelNeedsPassword = lib.mkForce false; | ||
| }; | ||
|
|
||
| # Whitelist wheel users to do anything | ||
| # This is useful for things like pkexec | ||
| security.polkit.extraConfig = '' | ||
| polkit.addRule(function(action, subject) { | ||
| if (subject.isInGroup("wheel")) { | ||
| return polkit.Result.YES; | ||
| } | ||
| }); | ||
| ''; | ||
|
|
||
| services.xserver = { | ||
| enable = true; | ||
|
|
||
| # Don't start the X server by default. | ||
| autorun = mkForce false; | ||
|
There was a problem hiding this comment. Drop this I think. This is a graphical media, I would expect it to just start. There was a problem hiding this comment. I think this belongs in another PR. I think we should add another boot entry so you can still choose not to start the graphical environment, at the same time we make the one that autostarts the graphical environment the default. There was a problem hiding this comment.
Why would that be needed? I don't see the graphical env ever being not functional, and you can always just start it and switch to a tty if needed. If someone wanted to not have a graphical env they would use the other iso... Yeah a discussion for another PR. 👍 |
||
|
|
||
| # Automatically login as live user. | ||
| displayManager.slim = { | ||
| enable = true; | ||
| defaultUser = "live"; | ||
| autoLogin = true; | ||
| }; | ||
|
|
||
| }; | ||
|
|
||
| # Provide networkmanager for easy wireless configuration. | ||
| networking.networkmanager.enable = true; | ||
| networking.wireless.enable = mkForce false; | ||
|
|
||
| # KDE complains if power management is disabled (to be precise, if | ||
| # there is no power management backend such as upower). | ||
| powerManagement.enable = true; | ||
|
|
||
| environment.systemPackages = [ | ||
| # Include gparted for partitioning disks. | ||
| pkgs.gparted | ||
|
|
||
| # Include some editors. | ||
| pkgs.vim | ||
| pkgs.bvi # binary editor | ||
| pkgs.joe | ||
|
|
||
| # Firefox for reading the manual. | ||
| pkgs.firefox | ||
|
|
||
| pkgs.glxinfo | ||
| ]; | ||
|
|
||
| } | ||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -6,18 +6,9 @@ | |
| with lib; | ||
|
|
||
| { | ||
| imports = [ ./installation-cd-graphical-base.nix ]; | ||
|
|
||
| services.xserver = { | ||
| desktopManager.plasma5 = { | ||
| enable = true; | ||
| enableQt4Support = false; | ||
|
|
@@ -27,34 +18,14 @@ with lib; | |
| synaptics.enable = true; | ||
|
There was a problem hiding this comment. Shouldn't this be There was a problem hiding this comment. I agree. I didn't want to make any major functionality changes right now. |
||
| }; | ||
|
|
||
| environment.systemPackages = with pkgs; [ | ||
| # Graphical text editor | ||
| kate | ||
| ]; | ||
|
|
||
| system.activationScripts.installerDesktop = let | ||
|
|
||
| manualDesktopFile = pkgs.writeScript "nixos-manual.desktop" '' | ||
| [Desktop Entry] | ||
| Version=1.0 | ||
| Type=Application | ||
|
|
@@ -63,11 +34,23 @@ with lib; | |
| Icon=text-html | ||
| ''; | ||
|
|
||
| # Replace default gparted desktop file with one that does "sudo gparted" | ||
|
There was a problem hiding this comment. Wouldn't this block be useful for both Gnome and KDE images? There was a problem hiding this comment. Gnome doesn't have files on the desktop anymore. There was a problem hiding this comment. A desktop file is not a file on the desktop, a desktop file is still used to launch applications from launchers etc. And from my point of view it would possibly be useful if a user could click "gparted" in the launcher and that it's executed with sudo. But I'm not sure if there's any magic involved. There was a problem hiding this comment. But these entries would not be visible any more since gnome doesn't read There was a problem hiding this comment. You suggest this would be useful if it used a patched version of gparted that uses sudo? There was a problem hiding this comment. @worldofpeace Yeah, sure. That would be more useful. Especially on an installation media. Not sure if that's in scope of this PR. But maybe it should be since the behaviour is changed from "I can click that button" to "Clicking that button tells me that it requires root to run". |
||
| gpartedDesktopFile = pkgs.runCommand "gparted.desktop" {} '' | ||
| mkdir -p $out | ||
| cp ${pkgs.gparted}/share/applications/gparted.desktop $out/gparted.desktop | ||
| substituteInPlace $out/gparted.desktop --replace "Exec=" "Exec=sudo " | ||
| ''; | ||
|
|
||
| desktopDir = "/home/live/Desktop/"; | ||
|
|
||
| in '' | ||
| mkdir -p ${desktopDir} | ||
| chown live /home/live ${desktopDir} | ||
|
|
||
| ln -sfT ${manualDesktopFile} ${desktopDir + "nixos-manual.desktop"} | ||
| ln -sfT ${gpartedDesktopFile}/gparted.desktop ${desktopDir + "gparted.desktop"} | ||
|
|
||
| ln -sfT ${pkgs.konsole}/share/applications/org.kde.konsole.desktop ${desktopDir + "org.kde.konsole.desktop"} | ||
| ''; | ||
|
|
||
| } | ||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should probably be mentioned in the installation section of the manual as well.
Also, it probably should be
sudo -i.