I can haz smoller NixOS ISOs?
42 points by natkr
42 points by natkr
Shameless self-plug: I wrote a module for just that. Requires a fair bit of compilation, but enables fully-self contained initrd's with entire NixOS user-space in ~80 MiB (compressed with zstd). The work is not limited to self-contained initrds, the module can also just be used to debloat any NixOS (quite possibly also the install ISO)?
TinyCore Linux base system is 17 MB (Core).
If you want X with FLTK/FLWM, 23 MB (TinyCore).
If you want more WM and apps, 248 MB (CorePlus).
How is that relevant to declarative configuration and reproducible VMs?
Not super relevant for the immediate use case, but it is good as a benchmark for "huh, why can't we get closer to that, too?".
I'm glad you got it. Debloating Linux is always an interesting activity and learning why others were able to minimise he size so much can give more insight on the process and the components required.
It's like Linux from scratch, but in the opposite direction. Great post.
I recommend this talk from nixcon where they shrunk nixos down as an alternative to yocto: https://youtu.be/AsXY61laNb8
It doesn't go into as much detail as I would have liked, but talking with Óli and Matthew about it at the con was incredible. Do anyone know if they have a writeup somewhere?
Without reading - I predict its some stupid perl script nobody has bothered to rewrite in C.
edit: yep
But there are also plenty of things you could do that require a deeper effort. For example, right now we're still bundling both systemdMinimal and systemd, which seems pretty silly.
Since 26.05, NixOS uses systemd in its initrd by default, since the variety of initrd usecases that a modern OS needs to support is large.
systemdMinimal is a systemd binary compiled with fewer flags/dependencies, which helps keep the initrd small(er).
But if a minimal ISO is the goal, perhaps they could both depend on the same binary.
Good post. It's always a bit frustrating to have a small footprint with NixOS.
It should also be possible to reduce ssh footprint with this:
programs.ssh.setXAuthLocation = false;
security.pam.services.su.forwardXAuth = lib.mkForce false;
fonts.fontconfig.enable = false;
You can also import "${nixpkgs}/nixos/modules/profiles/minimal.nix". It contains some of your optimizations.
It should also be possible to reduce ssh footprint with this:
Yeah.. for the use-case that originally drove me to write the post I didn't really need ssh at all. But this is probably the more sensible approach most of the time.
You can also import "${nixpkgs}/nixos/modules/profiles/minimal.nix". It contains some of your optimizations.
Yeah, I remember seeing it ages ago and getting a bit underwhelmed, so I didn't think to include it when I started the investigation. And once I did remember about it, I was already about halfway through and it felt like it would've been a bit dishonest to try to slot it in at the start where it ought to have gone.
It's so weird how many times you see perl pulled into the system these days. Small ISO - perl. Wanna compile anything serious from scratch - openssl -> perl.
There is work to reduce and ratchet the amount of Perl in the base system: https://github.com/NixOS/nixpkgs/blob/master/nixos%2Fmodules%2Fprofiles%2Fperlless.nix