- Includes many packages helpful for security testing (thanks to the effort bringing such packages into
nixpkgs: see NixOS for Pentesting Overview);
- Easy to run as a VM thanks to
- Defaults some configuration options to values taken from the host (locale, keyboard layout, timezone).
- High number of packages:
- Build is long,
- The store gets big,
- Build can fail because of “lack of maintenance” of certain packages;
- Incompleteness: many packages from Kali are not yet present in
nixpkgs(see Are We Hackers Yet? for more details);
- Customization is kinda tedious:
clonethe repo, edit the files, evaluate.
Moving forward (if ever)
- A good portion of the configuration (in particular the packages) could be moved to a NixOS profile to ease composability and parametrization;
- Improve customizability (probably leveraging NixOS profiles would already help (see 1.);
- Have some CI / caching (Hydra?) to 1) ensure packages are building properly, and 2) speed up evaluation.