]> Git — Sourcephile - sourcephile-nix.git/blob - nixpkgs/patches/installer.ssh-nixos.diff
wireguard: setup in initrd
[sourcephile-nix.git] / nixpkgs / patches / installer.ssh-nixos.diff
1 diff --git a/nixos/modules/installer/ssh-nixos.nix b/nixos/modules/installer/ssh-nixos.nix
2 new file mode 100644
3 index 00000000000..6d1b03eea0a
4 --- /dev/null
5 +++ b/nixos/modules/installer/ssh-nixos.nix
6 @@ -0,0 +1,104 @@
7 +{ pkgs, lib, config, ... }:
8 +let
9 + inherit (lib) types;
10 + inherit (config) networking;
11 + cfg = config.installer.ssh-nixos;
12 + nixRunDefaultCommand = "bash";
13 + # Wraps ssh so that nix copy or calls to ssh added to cfg.script
14 + # use cfg.sshFlags and $SSH_FLAGS.
15 + ssh = pkgs.writeShellScriptBin "ssh" ''
16 + set -eu
17 + PATH=$OLDPATH
18 + ssh ${lib.escapeShellArgs cfg.sshFlags} ''${SSH_FLAGS:-} "$@"
19 + '';
20 +in
21 +{
22 +options.installer.ssh-nixos = {
23 + PATH = lib.mkOption {
24 + type = types.listOf types.package;
25 + default = [];
26 + apply = lib.makeBinPath;
27 + description = "Packages to be appended to the <literal>PATH<literal> of the script.";
28 + };
29 + script = lib.mkOption {
30 + type = types.lines;
31 + default = "";
32 + example = ''
33 + lib.mkBefore ''''''
34 + gpg --decrypt initrd/ssh.key.gpg |
35 + ssh ''${config.installer.ssh-nixos.target} \
36 + install -D -m 400 -o root -g root /dev/stdin /root/initrd/ssh.key
37 + '''''';
38 + '';
39 + description = ''
40 + Install script copying through SSH the configured NixOS system
41 + to the <link linkend="opt-install.ssh-nixos.target">target</link>
42 + and switching to the new configuration.
43 + This option is made available here for prepending or appending commands
44 + with the usual <literal>mkBefore</literal> and <literal>mkAfter</literal>.
45 +
46 + This script is usually run with:
47 + <screen>
48 + <prompt>$ </prompt> nix run system.config.installer.ssh-nixos -f nixos.nix
49 + </screen>
50 + where <literal>nixos.nix</literal> can be:
51 + <screen>
52 + import <nixpkgs/nixos> {
53 + system = "x86_64-linux";
54 + configuration = { config, lib, pkgs }: {
55 + # Your usual configuration.nix content can go here
56 + };
57 + }
58 + </screen>
59 + '';
60 + apply = script: pkgs.writeShellScriptBin nixRunDefaultCommand ''
61 + set -eu
62 + set -o pipefail
63 + export OLDPATH=$PATH:${cfg.PATH}
64 + PATH="${ssh}/bin:$OLDPATH"
65 + set -x
66 + ${script}
67 + '';
68 + };
69 + target = lib.mkOption {
70 + type = types.str;
71 + default = "root@${networking.hostName}.${networking.domain}";
72 + example = "root@192.168.1.10";
73 + description = "SSH destination where to install NixOS.";
74 + };
75 + sshFlags = lib.mkOption {
76 + type = types.listOf types.str;
77 + default = ["-o" "ControlMaster=auto"];
78 + description = ''
79 + Extra flags passed to <literal>ssh</literal>.
80 + Environment variable <literal>SSH_FLAGS</literal> can also be used at runtime.
81 + '';
82 + };
83 + nixCopyFlags = lib.mkOption {
84 + type = types.listOf types.str;
85 + default = ["--substitute-on-destination"];
86 + description = ''
87 + Extra flags passed to <literal>nix copy</literal>.
88 + Environment variable <literal>NIX_COPY_FLAGS</literal> can also be used at runtime.
89 + '';
90 + };
91 + profile = lib.mkOption {
92 + type = types.str;
93 + default = "/nix/var/nix/profiles/system";
94 + };
95 +};
96 +config = {
97 + installer.ssh-nixos.PATH = with pkgs; [nix openssh];
98 + installer.ssh-nixos.script =
99 + let nixos = config.system.build.toplevel; in ''
100 + nix ''${NIX_FLAGS:-} copy \
101 + --to ssh://'${cfg.target}' \
102 + ${lib.escapeShellArgs cfg.nixCopyFlags} ''${NIX_COPY_FLAGS:-} \
103 + ${nixos}
104 + ssh '${cfg.target}' \
105 + nix-env --profile '${cfg.profile}' --set '${nixos}' '&&' \
106 + '${cfg.profile}'/bin/switch-to-configuration "''${NIXOS_SWITCH:-switch}"
107 + '';
108 +};
109 +meta.maintainers = [ lib.maintainers.julm ];
110 +}
111 diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
112 index f361163ca63..15659fde11b 100644
113 --- a/nixos/modules/module-list.nix
114 +++ b/nixos/modules/module-list.nix
115 @@ -80,6 +80,7 @@
116 ./i18n/input-method/ibus.nix
117 ./i18n/input-method/nabi.nix
118 ./i18n/input-method/uim.nix
119 + ./installer/ssh-nixos.nix
120 ./installer/tools/tools.nix
121 ./misc/assertions.nix
122 ./misc/crashdump.nix