1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
{
system = "x86_64-linux";
nixpkgsStable = false;
hardware = {
cpuVendor = null;
};
configuration =
{ lib, ... }:
{
config = {
# Minimal options to pass assertions.
boot.enableContainers = false;
boot.loader.grub.enable = false;
boot.initrd.includeDefaultModules = false;
boot.initrd.kernelModules = lib.mkOverride 0 [ ];
boot.initrd.systemd.enable = true;
documentation = {
doc.enable = false;
info.enable = false;
man.enable = false;
nixos.enable = false;
};
nixpkgs.overlays = [
(final: prev: {
systemd = prev.systemd.override {
withAcl = false;
withAnalyze = false;
withApparmor = false;
withAudit = false;
withCompression = false;
withCryptsetup = false;
withCoredump = false;
withEfi = false;
withFido2 = false;
withFirstboot = false;
#withGcrypt = false;
withHomed = false;
withHostnamed = false;
withImportd = false;
withLocaled = false;
withMachined = false;
withNss = false;
withPasswordQuality = false;
withPolkit = false;
withPortabled = false;
#withQrencode = false;
withRepart = false;
withSysupdate = false;
withTpm2Tss = false;
withUkify = false;
withVmspawn = false;
};
})
];
programs.command-not-found.enable = false;
programs.less.lessopen = null;
security.sudo.enable = false;
services.userborn.enable = true;
nix.channel.enable = false;
system.disableInstallerTools = true;
system.forbiddenDependenciesRegexes = [ "perl" ];
system.etc.overlay.enable = true;
systemd.coredump.enable = false;
environment.defaultPackages = lib.mkOverride 0 [ ];
fileSystems."/" = {
device = "none";
fsType = "tmpfs";
};
};
};
}