NixOS always displays a configuration (generation) selection menu and count down a few seconds before booting into the system. As I am running it as a server, sometimes if I happened to press arrow keys by accident while it’s booting, the menu just stay there. Also, in some use cases, I may not want the users to have easy options to boot into a previous configuration. Therefore, I would like to disable the menu. I tried my best to find how to do that, but I cannot find anything helpful. Any idea how I can disable that menu and make NixOS skips it always boot to the current configuration?
I don’t think you can’t really make it particularly difficult to boot a different generation, as even with secure boot the grub configuration isn’t verified. You can make the timeout shorter (I think even 0) though: NixOS Search
Leaving aside BIOS access, secure-boot, the ability for a user to boot their own media, etc… I would think
timeout set to zero would be “close enough”, maybe, for the described use-case.
Or, even with Grub, again ignoring alternative boot flows, it seems you can disable impromptu on-the-fly edits (from: kali linux - Disable grub boot menu parameters editing while booting - Super User)
# in grub config, maybe in # `boot.loader.grub.extraConfig` set superusers=""
Separately, I guess I’m mildly curious about this part:
As I am running it as a server, sometimes if I happened to press arrow keys by accident while it’s booting, the menu just stay there.
My servers tend not to have keyboards plugged in, and vPro or other KVM-y solutions are rare and otherwise restricted to admins.
I’m not sure about Grub, but with
systemd-boot, you can set
boot.loader.timeout = 0 and the boot menu won’t show up at all unless you’re holding down the space bar during boot. I imagine Grub is the same, though I don’t know if it has a key you can hold to see the menu anyway.
I will try setting
timeout to zero approach. Just however, if holding the key can still making it pops, that might not solve my problem completely.
Another use case I mentioned is for deploying NixOS in a untrusted environment. Like, for example, in a public area, run NixOS as a kiosk system for any people to use. Say if I deployed a new NixOS generation patching a security zero day exploit allows users to by pass login screen or some other security measurements, but if a simple reboot with a keyboard access can easily let the user switch to the previous vulnerable versions, it will then provide a chance for the attackers to gain access to the system.
I guess if that’s a concern, my another option is to remove the vulnerable versions once a new security patch is deployed? It’s still not ideal because I cannot roll back to the previous version if I want to, I only want to limit random users to switch to previous versions.
Anyway, looks like the only option for now is probably modify NixOS source code, I will look into that and maybe I will submit a pull request if I really end up adding some new options for disabling the menu. Thanks for the help!
I guess you could set the
configurationLimit option to 1 to make sure that only the latest configuration is even possible to boot. It does mean you have to be able to boot the current generation in order to rollback, but frankly I think that just has to be the case if you’re trying to protect against older generations being booted for any reason.