Loading nixos/modules/config/shells-environment.nix +24 −5 Original line number Diff line number Diff line Loading @@ -36,6 +36,24 @@ in options = { environment.shell.enable = lib.mkEnableOption "" // { default = true; internal = true; description = '' Whether to enable the shell environment. This does NOT necessarily disable all shells on your system. Instead it just disables the shell environment that configures user shells (i.e. those in `environment.shells`). System services might still depend on and use shells even if this option is set to false. Only set this option if you're sure that you can recover from potential issues. ''; }; environment.variables = lib.mkOption { default = { }; example = { Loading Loading @@ -175,10 +193,10 @@ in }; environment.binsh = lib.mkOption { default = "${config.system.build.binsh}/bin/sh"; defaultText = lib.literalExpression ''"''${config.system.build.binsh}/bin/sh"''; default = null; defaultText = lib.literalExpression ''"''${pkgs.bashInteractive}/bin/sh"''; example = lib.literalExpression ''"''${pkgs.dash}/bin/dash"''; type = lib.types.path; type = lib.types.nullOr lib.types.path; visible = false; description = '' The shell executable that is linked system-wide to Loading @@ -201,9 +219,10 @@ in }; config = { config = lib.mkIf cfg.shell.enable { system.build.binsh = pkgs.bashInteractive; # Set this here so its enabled only when shell support is enabled environment.binsh = lib.mkDefault "${pkgs.bashInteractive}/bin/sh"; # Set session variables in the shell as well. This is usually # unnecessary, but it allows changes to session variables to take Loading nixos/modules/profiles/bashless.nix 0 → 100644 +46 −0 Original line number Diff line number Diff line { lib, ... }: { # Bashless builds on perlless imports = [ ./perlless.nix ]; # Remove bash from activation system.nixos-init.enable = lib.mkDefault true; system.activatable = lib.mkDefault false; environment.shell.enable = lib.mkDefault false; programs.bash.enable = lib.mkDefault false; # Random bash remnants environment.corePackages = lib.mkForce [ ]; # Contains bash completions nix.enable = lib.mkDefault false; # The fuse{,3} package contains a runtime dependency on bash. programs.fuse.enable = lib.mkDefault false; documentation.man.man-db.enable = lib.mkDefault false; # autovt depends on bash console.enable = lib.mkDefault false; # dhcpcd and openresolv depend on bash networking.useNetworkd = lib.mkDefault true; # bcache tools depend on bash. boot.bcache.enable = lib.mkDefault false; # iptables depends on bash and nixos-firewall-tool is a bash script networking.firewall.enable = lib.mkDefault false; # the wrapper script is in bash security.enableWrappers = lib.mkDefault false; # kexec script is written in bash boot.kexec.enable = lib.mkDefault false; # Relies on bash scripts powerManagement.enable = lib.mkDefault false; # Has some bash inside systemd.shutdownRamfs.enable = lib.mkDefault false; # Relies on the gzip command which depends on bash services.logrotate.enable = lib.mkDefault false; # Service relies on bash scripts services.timesyncd.enable = lib.mkDefault false; # Check that the system does not contain a Nix store path that contains the # string "bash". system.forbiddenDependenciesRegexes = [ "bash" ]; } nixos/modules/programs/shadow.nix +2 −0 Original line number Diff line number Diff line Loading @@ -158,6 +158,8 @@ in This must not be a store path, since the path is used outside the store (in particular in /etc/passwd). ''; # /bin/sh is also the compiled in default of the shadow package. default = "/bin/sh"; example = lib.literalExpression "pkgs.zsh"; type = lib.types.either lib.types.path lib.types.shellPackage; }; Loading nixos/modules/system/activation/top-level.nix +3 −1 Original line number Diff line number Diff line Loading @@ -376,7 +376,9 @@ in ); # End if legacy environment variables preSwitchCheck = config.system.preSwitchChecksScript; preSwitchCheck = lib.mkIf ( config.system.preSwitchChecks != { } ) config.system.preSwitchChecksScript; # Not actually used in the builder. `passedChecks` is just here to create # the build dependencies. Checks are similar to build dependencies in the Loading nixos/modules/system/boot/systemd/initrd.nix +27 −8 Original line number Diff line number Diff line Loading @@ -325,6 +325,22 @@ in ''; }; shell.enable = lib.mkEnableOption "" // { default = config.environment.shell.enable; internal = true; description = '' Whether to enable a shell in the initrd. In contrast to `environment.shell.enable`, this option actually strictly disables all shells in the initrd because they're not copied into it anymore. Paths that use a shell (e.g. via the `script` option), will break if this option is set. Only set this option if you're sure that you can recover from potential issues. ''; }; units = mkOption { description = "Definition of systemd units."; default = { }; Loading Loading @@ -460,13 +476,15 @@ in ++ lib.optional (config.boot.initrd.systemd.root == "gpt-auto") "rw"; boot.initrd.systemd = { # bashInteractive is easier to use and also required by debug-shell.service initrdBin = [ pkgs.bashInteractive pkgs.coreutils cfg.package ] ++ lib.optional (config.system.build.kernel.config.isYes "MODULES") cfg.package.kmod; ++ lib.optional (config.system.build.kernel.config.isYes "MODULES") cfg.package.kmod ++ lib.optionals cfg.shell.enable [ # bashInteractive is easier to use and also required by debug-shell.service pkgs.bashInteractive ]; extraBin = { less = "${pkgs.less}/bin/less"; mount = "${cfg.package.util-linux}/bin/mount"; Loading Loading @@ -550,11 +568,6 @@ in "${cfg.package.util-linux}/bin/umount" "${cfg.package.util-linux}/bin/sulogin" # required for services generated with writeShellScript and friends pkgs.runtimeShell # some tools like xfs still want the sh symlink "${pkgs.bashNonInteractive}/bin" # so NSS can look up usernames "${pkgs.glibc}/lib/libnss_files.so.2" Loading @@ -566,6 +579,12 @@ in ++ lib.optionals config.system.nixos-init.enable [ "${config.system.nixos-init.package}/bin/initrd-init" ] ++ lib.optionals cfg.shell.enable [ # required for services generated with writeShellScript and friends pkgs.runtimeShell # some tools like xfs still want the sh symlink "${pkgs.bashNonInteractive}/bin" ] ++ jobScripts ++ map (c: builtins.removeAttrs c [ "text" ]) (builtins.attrValues cfg.contents); Loading Loading
nixos/modules/config/shells-environment.nix +24 −5 Original line number Diff line number Diff line Loading @@ -36,6 +36,24 @@ in options = { environment.shell.enable = lib.mkEnableOption "" // { default = true; internal = true; description = '' Whether to enable the shell environment. This does NOT necessarily disable all shells on your system. Instead it just disables the shell environment that configures user shells (i.e. those in `environment.shells`). System services might still depend on and use shells even if this option is set to false. Only set this option if you're sure that you can recover from potential issues. ''; }; environment.variables = lib.mkOption { default = { }; example = { Loading Loading @@ -175,10 +193,10 @@ in }; environment.binsh = lib.mkOption { default = "${config.system.build.binsh}/bin/sh"; defaultText = lib.literalExpression ''"''${config.system.build.binsh}/bin/sh"''; default = null; defaultText = lib.literalExpression ''"''${pkgs.bashInteractive}/bin/sh"''; example = lib.literalExpression ''"''${pkgs.dash}/bin/dash"''; type = lib.types.path; type = lib.types.nullOr lib.types.path; visible = false; description = '' The shell executable that is linked system-wide to Loading @@ -201,9 +219,10 @@ in }; config = { config = lib.mkIf cfg.shell.enable { system.build.binsh = pkgs.bashInteractive; # Set this here so its enabled only when shell support is enabled environment.binsh = lib.mkDefault "${pkgs.bashInteractive}/bin/sh"; # Set session variables in the shell as well. This is usually # unnecessary, but it allows changes to session variables to take Loading
nixos/modules/profiles/bashless.nix 0 → 100644 +46 −0 Original line number Diff line number Diff line { lib, ... }: { # Bashless builds on perlless imports = [ ./perlless.nix ]; # Remove bash from activation system.nixos-init.enable = lib.mkDefault true; system.activatable = lib.mkDefault false; environment.shell.enable = lib.mkDefault false; programs.bash.enable = lib.mkDefault false; # Random bash remnants environment.corePackages = lib.mkForce [ ]; # Contains bash completions nix.enable = lib.mkDefault false; # The fuse{,3} package contains a runtime dependency on bash. programs.fuse.enable = lib.mkDefault false; documentation.man.man-db.enable = lib.mkDefault false; # autovt depends on bash console.enable = lib.mkDefault false; # dhcpcd and openresolv depend on bash networking.useNetworkd = lib.mkDefault true; # bcache tools depend on bash. boot.bcache.enable = lib.mkDefault false; # iptables depends on bash and nixos-firewall-tool is a bash script networking.firewall.enable = lib.mkDefault false; # the wrapper script is in bash security.enableWrappers = lib.mkDefault false; # kexec script is written in bash boot.kexec.enable = lib.mkDefault false; # Relies on bash scripts powerManagement.enable = lib.mkDefault false; # Has some bash inside systemd.shutdownRamfs.enable = lib.mkDefault false; # Relies on the gzip command which depends on bash services.logrotate.enable = lib.mkDefault false; # Service relies on bash scripts services.timesyncd.enable = lib.mkDefault false; # Check that the system does not contain a Nix store path that contains the # string "bash". system.forbiddenDependenciesRegexes = [ "bash" ]; }
nixos/modules/programs/shadow.nix +2 −0 Original line number Diff line number Diff line Loading @@ -158,6 +158,8 @@ in This must not be a store path, since the path is used outside the store (in particular in /etc/passwd). ''; # /bin/sh is also the compiled in default of the shadow package. default = "/bin/sh"; example = lib.literalExpression "pkgs.zsh"; type = lib.types.either lib.types.path lib.types.shellPackage; }; Loading
nixos/modules/system/activation/top-level.nix +3 −1 Original line number Diff line number Diff line Loading @@ -376,7 +376,9 @@ in ); # End if legacy environment variables preSwitchCheck = config.system.preSwitchChecksScript; preSwitchCheck = lib.mkIf ( config.system.preSwitchChecks != { } ) config.system.preSwitchChecksScript; # Not actually used in the builder. `passedChecks` is just here to create # the build dependencies. Checks are similar to build dependencies in the Loading
nixos/modules/system/boot/systemd/initrd.nix +27 −8 Original line number Diff line number Diff line Loading @@ -325,6 +325,22 @@ in ''; }; shell.enable = lib.mkEnableOption "" // { default = config.environment.shell.enable; internal = true; description = '' Whether to enable a shell in the initrd. In contrast to `environment.shell.enable`, this option actually strictly disables all shells in the initrd because they're not copied into it anymore. Paths that use a shell (e.g. via the `script` option), will break if this option is set. Only set this option if you're sure that you can recover from potential issues. ''; }; units = mkOption { description = "Definition of systemd units."; default = { }; Loading Loading @@ -460,13 +476,15 @@ in ++ lib.optional (config.boot.initrd.systemd.root == "gpt-auto") "rw"; boot.initrd.systemd = { # bashInteractive is easier to use and also required by debug-shell.service initrdBin = [ pkgs.bashInteractive pkgs.coreutils cfg.package ] ++ lib.optional (config.system.build.kernel.config.isYes "MODULES") cfg.package.kmod; ++ lib.optional (config.system.build.kernel.config.isYes "MODULES") cfg.package.kmod ++ lib.optionals cfg.shell.enable [ # bashInteractive is easier to use and also required by debug-shell.service pkgs.bashInteractive ]; extraBin = { less = "${pkgs.less}/bin/less"; mount = "${cfg.package.util-linux}/bin/mount"; Loading Loading @@ -550,11 +568,6 @@ in "${cfg.package.util-linux}/bin/umount" "${cfg.package.util-linux}/bin/sulogin" # required for services generated with writeShellScript and friends pkgs.runtimeShell # some tools like xfs still want the sh symlink "${pkgs.bashNonInteractive}/bin" # so NSS can look up usernames "${pkgs.glibc}/lib/libnss_files.so.2" Loading @@ -566,6 +579,12 @@ in ++ lib.optionals config.system.nixos-init.enable [ "${config.system.nixos-init.package}/bin/initrd-init" ] ++ lib.optionals cfg.shell.enable [ # required for services generated with writeShellScript and friends pkgs.runtimeShell # some tools like xfs still want the sh symlink "${pkgs.bashNonInteractive}/bin" ] ++ jobScripts ++ map (c: builtins.removeAttrs c [ "text" ]) (builtins.attrValues cfg.contents); Loading
