nixos/modules/install/ssh-nixos.nix

   1 { pkgs, lib, config, ... }:
   2 let
   3   inherit (lib) types;
   4   inherit (config) networking;
   5   cfg = config.install.ssh-nixos;
   6   nixRunDefaultCommand = "bash";
   7 in
   8 {
   9 options.install.ssh-nixos = {
  10   PATH = lib.mkOption {
  11     type = types.listOf types.package;
  12     default = [];
  13     apply = lib.makeBinPath;
  14     description = "Packages to be added to the <literal>PATH<literal> of the install script.";
  15   };
  16   script = lib.mkOption {
  17     type = types.lines;
  18     default = "";
  19     example = ''
  20       lib.mkBefore ''''''
  21         gpg --decrypt initrd/ssh.key.gpg |
  22         ssh root@''${config.install.ssh-nixos.target} \
  23         install -D -m 400 -o root -g root /dev/stdin /root/initrd/ssh.key
  24       '''''';
  25     '';
  26     description = ''
  27       Install script copying the configured NixOS to the <link linkend="opt-install.ssh-nixos.target">target</link>
  28       and switching to the new configuration.
  29       It is made available here for prepending or appending commands
  30       with the usual <literal>mkBefore</literal> and <literal>mkAfter</literal>.
  31       In case you run it often or add multiple ssh calls to it,
  32       consider configuring the OpenSSH client with <literal>ControlMaster auto</literal>
  33       to keep the SSH connexion alive between calls to <literal>literal</literal>.
  34
  35       This script is usually run with:
  36       <screen>
  37       <prompt>$ </prompt> nix run system.config.install.ssh-nixos -f nixos.nix
  38       </screen>
  39       where <literal>nixos.nix</literal> can be:
  40       <screen>
  41       import <nixpkgs/nixos> {
  42         system = "x86_64-linux";
  43         configuration = { config, lib, pkgs }: {
  44         # Your usual configuration.nix content can go here
  45         };
  46       }
  47       </screen>
  48     '';
  49     apply = script: pkgs.writeShellScriptBin nixRunDefaultCommand ''
  50       set -eu
  51       set -o pipefail
  52       PATH="$PATH:${cfg.PATH}"
  53       set -x
  54       ${script}
  55     '';
  56   };
  57   target = lib.mkOption {
  58     type = types.str;
  59     default = "${networking.hostName}.${networking.domain}";
  60     example = "192.168.1.10";
  61     description = "Destination where to install NixOS by SSH.";
  62   };
  63   sshFlags = lib.mkOption {
  64     type = types.listOf types.str;
  65     default = ["--substitute-on-destination"];
  66     description = ''
  67       Extra flags passed to <literal>ssh</literal>.
  68       Environment variable <literal>SSH_FLAGS</literal> can also be used at runtime.
  69     '';
  70   };
  71   nixCopyFlags = lib.mkOption {
  72     type = types.listOf types.str;
  73     default = ["--substitute-on-destination"];
  74     description = ''
  75       Extra flags passed to <literal>nix copy</literal>.
  76       Environment variable <literal>SSH_FLAGS</literal> can also be used at runtime.
  77     '';
  78   };
  79   profile = lib.mkOption {
  80     type = types.str;
  81     default = "/nix/var/nix/profiles/system";
  82   };
  83 };
  84 config = {
  85   install.ssh-nixos.PATH = with pkgs; [nix openssh];
  86   install.ssh-nixos.script =
  87     let nixos = config.system.build.toplevel; in ''
  88     nix ''${NIX_FLAGS:-} copy \
  89      --to ssh://root@${cfg.target} ${lib.concatStringsSep " " cfg.nixCopyFlags} ''${NIX_COPY_FLAGS:-} \
  90      ${nixos}
  91     ssh ''${SSH_FLAGS:-} 'root@${cfg.target}' nix-env --profile '${cfg.profile}' --set '${nixos}' \
  92      '&&' '${cfg.profile}'/bin/switch-to-configuration "''${NIXOS_SWITCH:-switch}"
  93   '';
  94 };
  95 meta.maintainers = [ lib.maintainers.julm ];
  96 }