installer: Don't run as root

[worldofpeace]

Motivation for this change

There's many reason why it is and is going to
continue to be difficult to do this:

1. All display-managers (excluding slim) default PAM rules
   disallow root auto login.

2. We can't use wayland

3. We have to use system-wide pulseaudio

4. It could break applications in the session.
   This happened to dolphin in plasma5
   in the past.

This is a growing technical debt, let's just use
passwordless sudo.

---

This is a per-requisite to having a GNOME3 iso.
Broken up from #66313

I've supplied all the requested changes to what was raised on this commit.
In particular #66313 (review).

Things done

I've built iso_minimal and it auto logs in as live when tested
in qemu.

• Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS)
• Built on platform(s)
  • NixOS
  • macOS
  • other Linux distributions
• Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
• Tested compilation of all pkgs that depend on this change using nix-shell -p nix-review --run "nix-review wip"
• Tested execution of all binary files (usually in ./result/bin/)
• Determined the impact on package closure size (by running nix path-info -S before and after)
• Ensured that relevant documentation is up to date
• Fits CONTRIBUTING.md.

Notify maintainers

cc @

[grahamc]

I won't ask it of this PR, but slim is long abandoned. We should get off of it sometime :)

[worldofpeace]

Yep, I raised this in #66313 (comment) at the very end. Some people had strong opinions though in the past.

[grahamc]

Shall we go for slightly more branding and call the "live" user "nixos"?

[worldofpeace]

Shall we go for slightly more branding and call the "live" user "nixos"?

When adisbladis and I discussed this and he authored the original change
I think @davidak suggested to use live #42610 (comment).

[grahamc]

It sounds like the name then was something with a hyphen, but I can't see what it was. I still like nixos as the name, but 🤷‍♂️ 😉 .

One thing I spotted in that linked PR is the suggestion of sudo -i, which we probably should document.

[worldofpeace]

It sounds like the name then was something with a hyphen, but I can't see what it was. I still like nixos as the name, but man_shrugging wink .

One thing I spotted in that linked PR is the suggestion of sudo -i, which we probably should document.

I think I'll do this 👍

[worldofpeace]

Just realized that nixos-manual.desktop generation isn't needed anymore,
as nixos-manual has a desktop item that will intelligently launch the default browser.

[lheckemann]

So this can be removed?

[samueldr]

(Noting for myself, mainly) this will affect sd_image, meaning both that it needs to be tested, and (external) documentation amended as needed.

[worldofpeace]

bd59a8b was needed so users can use gparted and it will call into pkexec so we don't have to use a custom sudo desktop item.

They'll need no kind of authentication because of the polkit rule we added.

[bachp]

I remember that I once added the possibility do do root login into the install media via SSH. If the default user is no longer root than this is probably no longer needed.

The SSH install workflow would then just be as follows:

1. Set a password (or public key) for user nixos
2. Enable SSH daemon
3. Login via ssh nixos@<target>
4. Run sudo -i

So only password login for normal users is required.

[worldofpeace]

I remember that I once added the possibility do do root login into the install media via SSH. If the default user is no longer root than this is probably no longer needed.

The SSH install workflow would then just be as follows:

1. Set a password (or public key) for user `nixos`

2. Enable SSH daemon

3. Login via `ssh nixos@<target>`

4. Run `sudo -i`

So only password login for normal users is required.

Guess that means you authored

 <para>
    If you would like to continue the installation from a different machine you
    need to activate the SSH daemon via <literal>systemctl start
    sshd</literal>. In order to be able to login you also need to set a
    password for <literal>root</literal> using <literal>passwd</literal>.
   </para>

I guess we should document it this way, but I believe we should still permit root login with ssh.

[worldofpeace]

I've now tested the graphical iso.

Things done

1. can sudo -i on tty
2. can run sudo systemctl start display-manager on tty
3. graphical session starts
4. all desktop items launched properly (gparted without password prompt from polkit)
5. can use sudo without password in konsole

Did the procedure to login via ssh for root and nixos.

[grahamc]

Suggested change

	You are logged-in automatically as <literal>nixos</literal>.
	You are logged-in automatically as the <literal>nixos</literal> user.

[grahamc]

Suggested change

	The installer now uses a less privileged <literal>nixos</literal> user whereas before we logged in as root.
	The installer now uses the <literal>nixos</literal> user instead of <literal>root</literal>.

[grahamc]

I drop "less privileged" because they're not actually less privileged., and saying it is might lead to questions about well how do I do the thing then.

[grahamc]

I haven't tested it, but I am quite sure it has been tested :) Looks great.

[samueldr]

Just validated that sd_image works as expected.

[worldofpeace]

Thanks everyone.

[flokli]

There was some documentation fixes missing in nixos/doc/manual/configuration/profiles/installation-device.xml - I included them in #63773 now.