Disable nix tooling

[gngram]

Description of changes

• Disables nix tooling if development setup is not enabled
  - Indirectly disables nix tooling in release build
• Enables automatic garbaze collection in ghaf-host and disable everywhere else.
• Fixes:
  https://jira.tii.ae/browse/SSRCSP-3457

Checklist for things done

• Summary of the proposed changes in the PR description
• More detailed description in the commit message(s)
• Commits are squashed into relevant entities - avoid a lot of minimal dev time commits in the PR
• Contribution guidelines followed
• Ghaf documentation updated with the commit - https://tiiuae.github.io/ghaf/
• PR linked to architecture documentation and requirement(s) (ticket id)
• Test procedure described (or includes tests). Select one or more:
  • Tested on Lenovo X1 x86_64
  • Tested on Jetson Orin NX or AGX aarch64
  • Tested on Polarfire riscv64
• Author has run make-checks and it passes
• All automatic Github Action checks pass - see actions
• Author has added reviewers and removed PR draft status
• Change requires full re-installation
• Change can be updated with nixos-rebuild ... switch

Instructions for Testing

• List all targets that this applies to:
  • Lenovo X1
  • Jetson Orin NX and AGX
• Is this a new feature
  • List the test steps to verify:

    • In release build, no nix commands should be available, nix daemon should not be running.
      - As Terminal is not available in release flavor, disable nix-setup in ./modules/common/profiles/debug.nix (to imitate release)
      nix-setup.enable = false;

      • Build debug image and run. No nix commands should be available, nix daemon should not be running.

    • In debug build nix daemon should be running in all VMs and automatic garbage collection should be available only in host.

    • If automatic garbaze collection is enabled 'systemctl list-timers' should list 'nix-gc' also

• If it is an improvement how does it impact existing functionality?

[gngram]

Rebased to latest.

[leivos-unikie]

Tested debug and release disk image on Lenovo-X1

Lenovo-X1 release image

• There is no access to terminal / command line. Terminal is not available in the app menu, neither can it be opened via right mouse click. Ssh to ghaf-host is disabled. I didn't find any way to verify if nix tooling and nix daemon are disabled.

Lenovo-X1 debug image

• nix-gc.timer is active in all VMs, contrary to Intructions for Testing

NEXT                          LEFT LAST                          PASSED UNIT                         ACTIVATES
Wed 2025-01-08 00:00:00 UTC    14h -                                      - nix-gc.timer                 nix-gc.service

• nix tooling seems to be available in every VM but systemctl status nix-daemon shows inactive (dead) status (unless running first e.g. nix-store --gc in that VM).
• ci-test-automation passes, performance ok

[leivos-unikie]

Tested that release-installer succeeds to install ghaf release version.

[johannarautanen]

Tested debug and release disk image on Orin AGX

Orin AGX release image:

• There is no access to terminal / command line. Terminal is not available in the app menu.

Tried to create the release image according the https://ghaf-jenkins-controller-prod.northeurope.cloudapp.azure.com/job/ghaf-release-pipeline/2/ from October 2024, but there was no terminal available either. Rumors told that last time the terminal was seen on release image in summer 2024.

Orin AGX debug image:

• nix-gc.timer is active in all VMs; host and net-vm
  

• Like in Lenovo-X1 the nix tooling seems to be available in every VM but systemctl status nix-daemon shows inactive (dead) status (unless running first e.g. nix-store --gc in that VM).

• test automation cases were ok

[gngram]

@johannarautanen and @leivos-unikie , please test it again. I have re-based it and fixed the issue.
I have updated the test steps also to imitate release flavor.

[leivos-unikie]

Tested again on lenovo-x1

Debug image built with the change (nix-setup disabled) imitating release image

• nix tooling not available in ghaf-host or any VM
• nix-daemon.service not found in ghaf-host or any VM

Debug image

• nix-gc.timer is active only on ghaf-host
• nix tooling available in ghaf-host and in all VMs
• although nix tooling is available in ghaf-host and in every VM systemctl status nix-daemon shows inactive (dead) by default
• and ci-test-automation is still passing and performance ok

[johannarautanen]

Checked with Orin AGX
Imitate release (nix-setup.enable = false;)

• nix-tooling not available in host or net-vm
• nix-daemon.service not found in ghaf-host
  When checking with the systemctl status nix-daemon in net-vm:
  

Debug:

• nix-gc.timer is only visible in ghaf-host
• nix tooling available in ghaf-host and net-vm
• And same as in x1: although nix tooling is available in ghaf-host and in every VM systemctl status nix-daemon shows inactive (dead) by default

[johannarautanen]

Checked with Orin NX

Imitate release (nix-setup.enable = false;)

• nix-tooling not available in host or net-vm
• nix-daemon.service not found in ghaf-host
  Same as with AGX, when checking with the systemctl status nix-daemon in net-vm:
  

Debug:

• nix-gc.timer is only visible in ghaf-host
• nix tooling available in ghaf-host and net-vm
  And same as in x1: although nix tooling is available in ghaf-host and and net-vm status nix-daemon shows inactive (dead) by default

[ktusawrk]

Failed ghaf-pre-merge-pipeline builds 326 and 329 are not related to this PR. There was a glitch in the pre-merge-pipeline itself. These failed builds do not prevent merging this PR.