Skip to content

profiles/minimal: reduce size #173661

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Lassulus merged 7 commits into from
Dec 9, 2022
Merged

profiles/minimal: reduce size #173661

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
df22e41
nixos/profiles/minimal: disable documentation
Izorkin May 2, 2022
ee85845
nixos/profiles/minimal: disable logrotate service
Izorkin Apr 27, 2022
362d351
nixos/profiles/minimal: disable udisks service
Izorkin Apr 26, 2022
191d211
iso/minimal: use minimal profile
Izorkin Apr 26, 2022
309d6a3
iso/minimal: use mkForce
Izorkin May 5, 2022
0c6ce0d
nixos/installer/netboot-minimal: enable man
Izorkin Jun 28, 2022
731d496
nixos/profiles/minimal: add release notes
Izorkin Dec 1, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 15 additions & 0 deletions nixos/doc/manual/from_md/release-notes/rl-2305.section.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -195,6 +195,21 @@
deprecated when NixOS 22.11 reaches end of life.
</para>
</listitem>
<listitem>
<para>
To reduce closure size in
<literal>nixos/modules/profiles/minimal.nix</literal> profile
disabled installation documentations and manuals. Also
disabled <literal>logrotate</literal> and
<literal>udisks2</literal> services.
</para>
</listitem>
<listitem>
<para>
The minimal ISO image now use
<literal>nixos/modules/profiles/minimal.nix</literal> profile.
</para>
</listitem>
<listitem>
<para>
A new <literal>virtualisation.rosetta</literal> module was
Expand Down
4 changes: 4 additions & 0 deletions nixos/doc/manual/release-notes/rl-2305.section.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,10 @@ In addition to numerous new and upgraded packages, this release has the followin
`services.dnsmasq.extraConfig` will be deprecated when NixOS 22.11 reaches
end of life.

- To reduce closure size in `nixos/modules/profiles/minimal.nix` profile disabled installation documentations and manuals. Also disabled `logrotate` and `udisks2` services.

- The minimal ISO image now use `nixos/modules/profiles/minimal.nix` profile.

- A new `virtualisation.rosetta` module was added to allow running `x86_64` binaries through [Rosetta](https://developer.apple.com/documentation/apple-silicon/about-the-rosetta-translation-environment) inside virtualised NixOS guests on Apple silicon. This feature works by default with the [UTM](https://docs.getutm.app/) virtualisation [package](https://search.nixos.org/packages?channel=unstable&show=utm&from=0&size=1&sort=relevance&type=packages&query=utm).

- Resilio sync secret keys can now be provided using a secrets file at runtime, preventing these secrets from ending up in the Nix store.
Expand Down
15 changes: 9 additions & 6 deletions nixos/modules/installer/cd-dvd/installation-cd-minimal.nix
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,14 +1,17 @@
# This module defines a small NixOS installation CD. It does not
# contain any graphical stuff.

{ ... }:
{ lib, ... }:

{
imports =
[ ./installation-cd-base.nix
];
imports = [
../../profiles/minimal.nix
./installation-cd-base.nix
];

isoImage.edition = "minimal";
documentation.man.enable = lib.mkOverride 500 true;
Comment thread
Izorkin marked this conversation as resolved.
Outdated

fonts.fontconfig.enable = false;
fonts.fontconfig.enable = lib.mkForce false;
Comment thread
Izorkin marked this conversation as resolved.
Outdated

isoImage.edition = lib.mkForce "minimal";
}
10 changes: 6 additions & 4 deletions nixos/modules/installer/netboot/netboot-minimal.nix
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,10 @@
{ ... }:

{
imports =
[ ./netboot-base.nix
../../profiles/minimal.nix
];
imports = [
./netboot-base.nix
../../profiles/minimal.nix
];

documentation.man.enable = lib.mkOverride 500 true;
}
10 changes: 10 additions & 0 deletions nixos/modules/profiles/minimal.nix
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,10 +10,20 @@ with lib;

documentation.enable = mkDefault false;

documentation.doc.enable = mkDefault false;

documentation.info.enable = mkDefault false;

documentation.man.enable = mkDefault false;
Comment thread
Izorkin marked this conversation as resolved.
Outdated

documentation.nixos.enable = mkDefault false;

programs.command-not-found.enable = mkDefault false;

services.logrotate.enable = mkDefault false;

@SuperSandro2000 SuperSandro2000 Jul 15, 2022

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That could be really dangerous and fill up your disk when logs in containers get no longer rotated. Also many people don't even know that the container uses this profile.

@Izorkin Izorkin Jul 16, 2022

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This module is used only in tests and in minimal ISO image. Should not affect working to containers. And it was enabled by default recently.

@SuperSandro2000 SuperSandro2000 Jul 28, 2022

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This module is used only in tests and in minimal ISO image.

No, it is also included for nixos-containers because otherwise the stupid environment.noXlibs option wouldn't mess with some software builds.

@Izorkin Izorkin Jul 28, 2022

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I tested with this configuration:

  containers.test-man = {
    autoStart = true;
    privateNetwork = true;
    hostBridge = "br0";
    localAddress = "10.11.0.1/24";
    config = { pkgs, config, ... }: {
      system.extraDependencies = [ pkgs.hello ];
      services.openssh = {
        enable = true;
      };
    };
  };

Changes to nixos/modules/profiles/minimal.nix did not affect the container

@SuperSandro2000 SuperSandro2000 Jul 28, 2022

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤔 maybe I was doing something wonky but lxc container imports minimal profile which I was using for the container https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/lxc-container.nix#L54

@Izorkin Izorkin Jul 29, 2022

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@SuperSandro2000 add this patch?

diff --git a/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml
index 6a7032e1963..392f79cb51e 100644
--- a/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml
+++ b/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml
@@ -368,6 +368,11 @@
           <literal>nixos/modules/profiles/minimal.nix</literal> profile.
         </para>
       </listitem>
+      <listitem>
+        <para>
+          Now lxc containers don't use minimal profile.
+        </para>
+      </listitem>
       <listitem>
         <para>
           There is a new module for the <literal>xfconf</literal>
diff --git a/nixos/doc/manual/release-notes/rl-2211.section.md b/nixos/doc/manual/release-notes/rl-2211.section.md
index b56be16127b..817262affd8 100644
--- a/nixos/doc/manual/release-notes/rl-2211.section.md
+++ b/nixos/doc/manual/release-notes/rl-2211.section.md
@@ -134,6 +134,8 @@ Use `configure.packages` instead.

 - The minimal ISO image now use `nixos/modules/profiles/minimal.nix` profile.

+- Now lxc containers don't use minimal profile.
+
 - There is a new module for the `xfconf` program (the Xfce configuration storage system), which has a dbus service.

 <!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
diff --git a/nixos/modules/virtualisation/lxc-container.nix b/nixos/modules/virtualisation/lxc-container.nix
index d3a2e0ed151..b6b744dfbca 100644
--- a/nixos/modules/virtualisation/lxc-container.nix
+++ b/nixos/modules/virtualisation/lxc-container.nix
@@ -51,7 +51,6 @@ in
 {
   imports = [
     ../installer/cd-dvd/channel.nix
-    ../profiles/minimal.nix
     ../profiles/clone-config.nix
   ];

@Izorkin Izorkin Jul 30, 2022

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Or this variant:

diff --git a/nixos/modules/virtualisation/lxc-container.nix b/nixos/modules/virtualisation/lxc-container.nix
index d3a2e0ed151..b6b4dcff1d0 100644
--- a/nixos/modules/virtualisation/lxc-container.nix
+++ b/nixos/modules/virtualisation/lxc-container.nix
@@ -55,6 +55,8 @@ in
     ../profiles/clone-config.nix
   ];

+  environment.noXlibs = lib.mkOverride 500 false;
+
   options = {
     virtualisation.lxc = {
       templates = mkOption {

@Izorkin Izorkin Aug 9, 2022

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

cc @SuperSandro2000

@RaitoBezarius RaitoBezarius Dec 1, 2022

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@SuperSandro2000 Is there a consensus on this remark?

@SuperSandro2000 SuperSandro2000 Dec 9, 2022
edited
Loading

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

noXlibs should not be enabled by default. It is an advanced setting that required multiple overrides to build on all my machines, which is not acceptable for normal users.

logrotation should not be disabled in lxc otherwise your disk can completely fill up which should be avoided with good defaults.


services.udisks2.enable = mkDefault false;

xdg.autostart.enable = mkDefault false;
xdg.icons.enable = mkDefault false;
xdg.mime.enable = mkDefault false;
Expand Down