This experimental feature has been removed from Nix in unstable
versions recently, and with this set, it now pops up an unsupressable
warning message. Not so bad on its own, but when using <kbd>Tab</kbd>
completion it corrupts the output.
prior to this commit the bootstrapping iso deactivated _all_ profiles
that were somehow contained in a suite.
that is an error, since it deactivates all profiles, even the most basic
and desired ones.
the impetus had been to prevent unwantes systemd services from launching
however, there seems no reliable approach to achieve that.
the now proposed alternative model is to add a bootsrap host akin to
the followint config:
```nix
# os/hosts/bootstrap.nix
{ profiles, ... }:
{
imports = [
profiles.networking
profiles.users.root
profiles.users.nixos
];
}
```
There was never an intention to setup the registry with aliases, which
would not avoid a network call ayhow if an input is not specified as an
registry-resolvable input.
At the same time, this clarification also eliniates an error that is
addressed upstream via https://github.com/NixOS/nixpkgs/pull/131814
---
work-around: for spurious reasons w.r.t. functor attrs in module system
Without any obvious reason, the module system appears to substitute
attrs that contain a `__functor` with the value of that functor.
for example: error: Package ‘zfs-kernel-2.0.5-5.13.4’ in /nix/store/jbch90yqx6gg1h3fq30jjj2b6h6jfjgs-source/pkgs/os-specific/linux/zfs/default.nix:175 is marked as broken, refusing to evaluate.
This core will be used as the new base for the reuse branch, which is
essentiall the same as the existing template branch, except that it is
rebased from this core, simplifying future rebasing.
Resolves#6 by breaking out the disabling of mitigations into it's own module.
Now users must explicitly accept the risk of disabling Spectre and Meltdown
mitigations with `security.mitigations.acceptRisk` in addition to actually
disabling them with `security.mitigations.disable`.