Merge pull request #263462 from nikstur/rebuildable-system

# Non Switchable Systems {#sec-non-switchable-system}

In certain systems, most notably image based appliances, updates are handled

outside the system. This means that you do not need to rebuild your

configuration on the system itself anymore.

If you want to build such a system, you can use the `image-based-appliance`

profile:

```nix

{ modulesPath, ... }: {

  imports = [ "${modulesPath}/profiles/image-based-appliance.nix" ]

}

```

The most notable deviation of this profile from a standard NixOS configuration

is that after building it, you cannot switch *to* the configuration anymore.

The profile sets `config.system.switch.enable = false;`, which excludes

`switch-to-configuration`, the central script called by `nixos-rebuild`, from

your system. Removing this script makes the image lighter and slightly more

secure.

```{=include=} sections

unit-handling.section.md

activation-script.section.md

non-switchable-systems.section.md

```

## Other Notable Changes {#sec-release-23.11-notable-changes}

- A new option `system.switch.enable` was added. By default, this is option is

  enabled. Disabling it makes the system unable to be reconfigured via

  `nixos-rebuild`. This is good for image based appliances where updates are

  handled outside the image.

- The Cinnamon module now enables XDG desktop integration by default. If you are experiencing collisions related to xdg-desktop-portal-gtk you can safely remove `xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-gtk ];` from your NixOS configuration.

- GNOME, Pantheon, Cinnamon module no longer forces Qt applications to use Adwaita style since it was buggy and is no longer maintained upstream (specifically, Cinnamon now defaults to the gtk2 style instead, following the default in Linux Mint). If you still want it, you can add the following options to your configuration but it will probably be eventually removed:

  ./system/activation/activatable-system.nix

  ./system/activation/activation-script.nix

  ./system/activation/specialisation.nix

  ./system/activation/switchable-system.nix

  ./system/activation/bootspec.nix

  ./system/activation/top-level.nix

  ./system/boot/binfmt.nix

# This profile sets up a sytem for image based appliance usage. An appliance is

# installed as an image, cannot be re-built, has no Nix available, and is

# generally not meant for interactive use. Updates to such an appliance are

# handled by updating whole partition images via a tool like systemd-sysupdate.

{ lib, modulesPath, ... }:

{

  # Appliances are always "minimal".

  imports = [

    "${modulesPath}/profiles/minimal.nix"

  ];

  # The system cannot be rebuilt.

  nix.enable = false;

  system.switch.enable = false;

  # The system is static.

  users.mutableUsers = false;

  # The system avoids interpreters as much as possible to reduce its attack

  # surface.

  boot.initrd.systemd.enable = lib.mkDefault true;

  networking.useNetworkd = lib.mkDefault true;

}