I’m trying to make a live CD that will have no networking for security reasons.
My first idea was to simply disable DHCP and remove interfaces:
networking.useDHCP = false;
networking.interfaces = {};
But I was hoping for something more drastic. My second idea was to use systemd.defaultUnit setting to use a target that does not have networking, but I’m not sure if there actually is a target that does not have networking:
In old sysvinit systmems there used to be a no-network level, but not sure if Nixos systemd configuration has an option like that.
There might be ways to go further. But my guess is that, without at least having the loopback interface lo, you’ll likely have problems with DBus and such if there’s a desktop environment.
What you have is sufficient.
I’m not including a desktop environment in this live CD tho, it’s purely a console based one for generating GPG keys and certificates.
Then you could try compiling a custom kernel with no networking support. Unfortunately, sysctl doesn’t seem to support this.
Also, I thought of something else. Your config to clear out networking.interfaces likely needs an mkForce or similar.
1 Like
That’s a good point, using mkForce will be safest.