Hi Nix!
Some time ago I decided to find out how many services will run on a minimal nixos instance.
As I see there was already a person who asked the same question
So, as I can see, in 2017 if you created a minimal nixos vm with sshd enabled you would have 48 loaded units.
But when I repeated described in the link above experiment I got over 100 default loaded system services. Of course many of them were turned off (but still loaded).
In other words, the amount of default system services in nixos doubled since 2017. So my questions are
Is it because newer systemd needs so much to work with nix (because I have much less on my debian instance)?
Are these loaded services really needed and can I remove them somehow?
Did you use the command from the issue you linked, i.e. systemctl -a --type service? I note that a lot of the things that shows are one-off / one-shot commands executed at start-up or similar.
If I run systemctl -a --type service --legend=false | grep -v not-found | grep -v inactive | grep -v exited on my server, I get 25 running services listed, and I have various random things enabled:
systemctl --type service --state running shows you all the services that have actively running processes. On my minimal system with just sshd, tailscale, and a login session, it’s 14 services. IMO that’s pretty damn minimal for a Linux OS. The other things are mostly bootup and shutdown oneshots and stuff.
Soooo, first of all I was wrong. I just run systemctl which returned services, sockets, devices, etc. My bad. systemctl -a --type service returns 59 loaded units, which is still more than in 2017. But not so bad as I thought.
And systemctl --type service --state running returns
UNIT LOAD ACTIVE SUB DESCRIPTION
dbus.service loaded active running D-Bus System Message Bus
dhcpcd.service loaded active running DHCP Client
getty@tty1.service loaded active running Getty on tty1
nscd.service loaded active running Name Service Cache Daemon (nsncd)
serial-getty@ttyS0.service loaded active running Serial Getty on ttyS0
sshd.service loaded active running SSH Daemon
systemd-journald.service loaded active running Journal Service
systemd-logind.service loaded active running User Login Management
systemd-oomd.service loaded active running Userspace Out-Of-Memory (OOM) Killer
systemd-udevd.service loaded active running Rule-based Manager for Device Events and Files
user@1000.service loaded active running User Manager for UID 1000
Legend: LOAD → Reflects whether the unit definition was properly loaded.
ACTIVE → The high-level unit activation state, i.e. generalization of SUB.
SUB → The low-level unit activation state, values depend on unit type.
11 loaded units listed.
IMHO the only two services that should probably better be off by default are oomd, which can have pretty surprising behaviour, and polkit, which should only be necessary on a desktop.
nscd is not actually caching anything, but it’s necessary for the discovering NSS plugins on NixOS (see services.nscd.enableNsncd). If you don’t use mDNS or any service with DynamicUser= (see systemd.exec(5)) you can turn it off.
I’ve noticed that libvirtd seems to use it by default for authenticating connections, so I guess that’s not quite true (though I would like it to be - I’ve never got my head around polkit!)
I know, I have actually maintained a NixOS module that used a polkit rule to give an unprivileged user permission to control another systemd service. Still, it’s far for widespread.