profiles/minimal: reduce size

[Izorkin]

Description of changes

Minimize size netboot and iso images.
Splitted this PR - #170460

cc @SuperSandro2000

Things done

• Built on platform(s)
  • x86_64-linux
  • aarch64-linux
  • x86_64-darwin
  • aarch64-darwin
• For non-Linux: Is sandbox = true set in nix.conf? (See Nix manual)
• Tested, as applicable:
  • NixOS test(s) (look inside nixos/tests)
  • and/or package tests
  • or, for functions and "core" functionality, tests in lib/tests or pkgs/test
  • made sure NixOS tests are linked to the relevant packages
• Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
• Tested basic functionality of all binary files (usually in ./result/bin/)
• 22.05 Release Notes (or backporting 21.11 Release notes)
  • (Package updates) Added a release notes entry if the change is major or breaking
  • (Module updates) Added a release notes entry if the change is significant
  • (Module addition) Added a release notes entry if adding a new NixOS module
  • (Release notes changes) Ran nixos/doc/manual/md-to-db.sh to update generated release notes
• Fits CONTRIBUTING.md.

[Izorkin]

What does it take for this PR to be merged?

[Izorkin]

Rebased PR.
Removing commit 'nixos/installer/netboot: use makeInitrdNG' - #176796
cc @ajs124 @Lassulus @lheckemann

[SuperSandro2000]

nixos/modules/profiles/minimal.nix is also used for containers, right? Then I don't think we should disable man pages there. Also we should think about removing environment.noXlibs as it can cause quite weird problems when building certain packages and you didn't think about it while debugging.

[Izorkin]

@SuperSandro2000 virtualisation.containers does not use nixos/modules/profiles/minimal.nix.

[Izorkin]

Didn't not found mysself any problems with environment.noXlibs.

[SuperSandro2000]

@SuperSandro2000 virtualisation.containers does not use nixos/modules/profiles/minimal.nix.

nspawn/nixos containers, not oci containers.

The last case is https://discourse.nixos.org/t/unable-to-install-paperless-ngx/19962

[lheckemann]

This should have a release notes entry, since it may require changes to people's configurations.

[Izorkin]

This should have a release notes entry, since it may require changes to people's configurations.

Added release notes.

[SuperSandro2000]

That could be really dangerous and fill up your disk when logs in containers get no longer rotated. Also many people don't even know that the container uses this profile.

[Izorkin]

This module is used only in tests and in minimal ISO image. Should not affect working to containers. And it was enabled by default recently.

[SuperSandro2000]

This module is used only in tests and in minimal ISO image.

No, it is also included for nixos-containers because otherwise the stupid environment.noXlibs option wouldn't mess with some software builds.

[Izorkin]

I tested with this configuration:

  containers.test-man = {
    autoStart = true;
    privateNetwork = true;
    hostBridge = "br0";
    localAddress = "10.11.0.1/24";
    config = { pkgs, config, ... }: {
      system.extraDependencies = [ pkgs.hello ];
      services.openssh = {
        enable = true;
      };
    };
  };

Changes to nixos/modules/profiles/minimal.nix did not affect the container

[SuperSandro2000]

🤔 maybe I was doing something wonky but lxc container imports minimal profile which I was using for the container https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/lxc-container.nix#L54

[Izorkin]

@SuperSandro2000 add this patch?

diff --git a/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml
index 6a7032e1963..392f79cb51e 100644
--- a/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml
+++ b/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml
@@ -368,6 +368,11 @@
           <literal>nixos/modules/profiles/minimal.nix</literal> profile.
         </para>
       </listitem>
+      <listitem>
+        <para>
+          Now lxc containers don't use minimal profile.
+        </para>
+      </listitem>
       <listitem>
         <para>
           There is a new module for the <literal>xfconf</literal>
diff --git a/nixos/doc/manual/release-notes/rl-2211.section.md b/nixos/doc/manual/release-notes/rl-2211.section.md
index b56be16127b..817262affd8 100644
--- a/nixos/doc/manual/release-notes/rl-2211.section.md
+++ b/nixos/doc/manual/release-notes/rl-2211.section.md
@@ -134,6 +134,8 @@ Use `configure.packages` instead.

 - The minimal ISO image now use `nixos/modules/profiles/minimal.nix` profile.

+- Now lxc containers don't use minimal profile.
+
 - There is a new module for the `xfconf` program (the Xfce configuration storage system), which has a dbus service.

 <!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
diff --git a/nixos/modules/virtualisation/lxc-container.nix b/nixos/modules/virtualisation/lxc-container.nix
index d3a2e0ed151..b6b744dfbca 100644
--- a/nixos/modules/virtualisation/lxc-container.nix
+++ b/nixos/modules/virtualisation/lxc-container.nix
@@ -51,7 +51,6 @@ in
 {
   imports = [
     ../installer/cd-dvd/channel.nix
-    ../profiles/minimal.nix
     ../profiles/clone-config.nix
   ];

[Izorkin]

Or this variant:

diff --git a/nixos/modules/virtualisation/lxc-container.nix b/nixos/modules/virtualisation/lxc-container.nix
index d3a2e0ed151..b6b4dcff1d0 100644
--- a/nixos/modules/virtualisation/lxc-container.nix
+++ b/nixos/modules/virtualisation/lxc-container.nix
@@ -55,6 +55,8 @@ in
     ../profiles/clone-config.nix
   ];

+  environment.noXlibs = lib.mkOverride 500 false;
+
   options = {
     virtualisation.lxc = {
       templates = mkOption {

[Izorkin]

cc @SuperSandro2000

[RaitoBezarius]

@SuperSandro2000 Is there a consensus on this remark?

[SuperSandro2000]

noXlibs should not be enabled by default. It is an advanced setting that required multiple overrides to build on all my machines, which is not acceptable for normal users.

logrotation should not be disabled in lxc otherwise your disk can completely fill up which should be avoided with good defaults.

[Izorkin]

Rebased PR.
What is needed to get this PR merged? :)

[Artturin]

rebased the pr on master(git rebase --onto master HEAD~7)

and built the iso (nix build -f ./nixos/release-combined.nix nixos.iso_minimal.x86_64-linux) on master with and without this pr

but the size seems to be larger?

now

du -shc --apparent-size $(readlink -f result/iso/nixos-minimal-22.11pre56789.gfedcba-x86_64-linux.iso)
3.8G	/nix/store/w6aalmkc9w9mvmlmvcc4a6567h5ncrqg-nixos-minimal-22.11pre56789.gfedcba-x86_64-linux.iso/iso/nixos-minimal-22.11pre56789.gfedcba-x86_64-linux.iso
3.8G	total

before

$ du -shc --apparent-size $(readlink -f result/iso/nixos-minimal-22.11pre56789.gfedcba-x86_64-linux.iso)
2.2G	/nix/store/6lby9i5kx22qqgpin23klwpbf6nn6vxm-nixos-minimal-22.11pre56789.gfedcba-x86_64-linux.iso/iso/nixos-minimal-22.11pre56789.gfedcba-x86_64-linux.iso
2.2G	total

[Izorkin]

Fix conflicts.

[ck3d]

LGTM

[RaitoBezarius]

Can you move the release notes to 23.05 ? Think it's good to merge now.

[Izorkin]

Can you move the release notes to 23.05 ? Think it's good to merge now.

Updated.

[Artturin]

From somewhere, are added nixpkgs sources with git history to image:

du -d 1 -hc  /nix/.ro-store/5q1kw0svyl0j3p1jwc0yv20x1sa63bw5-source/
1.2G    /nix/.ro-store/5q1kw0svyl0j3p1jwc0yv20x1sa63bw5-source/.git
53K     /nix/.ro-store/5q1kw0svyl0j3p1jwc0yv20x1sa63bw5-source/.github
788K    /nix/.ro-store/5q1kw0svyl0j3p1jwc0yv20x1sa63bw5-source/doc
479K    /nix/.ro-store/5q1kw0svyl0j3p1jwc0yv20x1sa63bw5-source/lib
563K    /nix/.ro-store/5q1kw0svyl0j3p1jwc0yv20x1sa63bw5-source/maintainers
13M     /nix/.ro-store/5q1kw0svyl0j3p1jwc0yv20x1sa63bw5-source/nixos
109M    /nix/.ro-store/5q1kw0svyl0j3p1jwc0yv20x1sa63bw5-source/pkgs
1.3G    /nix/.ro-store/5q1kw0svyl0j3p1jwc0yv20x1sa63bw5-source/
1.3G    total

Will fix it
#204178

[Izorkin]

Resolve conflicts.

[Izorkin]

Resolve conflicts.
Who can merge PR?

[Izorkin]

Thanks!

[ncfavier]

Note that the discussion about disabling logrotate in LXC containers is still open.

[Izorkin]

Note that the discussion about disabling logrotate in LXC containers is still open.

I will try to test the lxc containers a little later.

[SuperSandro2000]

Note that the discussion about disabling logrotate in LXC containers is still open.

We should fix this regression ASAP because it could fill up the disk completely if things go really south.

[Izorkin]

We should fix this regression ASAP because it could fill up the disk completely if things go really south.

Created PR - #205346