[Nix-dev] why has each revision / generation not a own configuration.nix

Layus layus.on at gmail.com
Sat May 13 12:25:20 CEST 2017


On 13/05/17 12:14, Leo Gaspard wrote:
> On 05/13/2017 05:28 AM, Stefan Huchler wrote:
>> [...]
>> Do you know the reason why it defaults to false, cant think of any
>> disadvantage of that functionality. I mean nixos eats harddrive like
>> nearly no other distro. So saving space cant be the reason.
>>
>> Some sort of privacy concern?
> With https://github.com/NixOS/nix/issues/8 solved, there will be
> possibility to have password in the configuration that won't be
> world-readable. In this context, copying the configuration.nix would
> make world-readable again, which in case of passwords can hurt security
> a lot.
>
> At least that's the only reason I can think of.
>
> HTH,
> Leo
The way this option is implemented makes it impossible to activate by 
default for hydra test builds.
In most autamated setups like that, the bare module system is used, and 
there is no configuration.nix involved.

Jry to temporarilly move configuration.nix somewhere else, and you will 
see that nixos-rebuild fails verbosely :-).
See the previous ML discussion on that topic where we proposed to keep 
it opt-in, but with an apt-out config line in the default configuration.nix.
This may already be implemented.

Regards,

-- Layus.


More information about the nix-dev mailing list