nixpkgs/patches/ssh-nixos.diff

   1 diff --git a/nixos/modules/installer/ssh-nixos.nix b/nixos/modules/installer/ssh-nixos.nix
   2 new file mode 100644
   3 index 00000000000..2822c8814c0
   4 --- /dev/null
   5 +++ b/nixos/modules/installer/ssh-nixos.nix
   6 @@ -0,0 +1,113 @@
   7 +{ pkgs, lib, config, ... }:
   8 +let
   9 +  inherit (lib) types;
  10 +  inherit (config) networking;
  11 +  cfg = config.installer.ssh-nixos;
  12 +  nixRunDefaultCommand = "bash";
  13 +  ssh = pkgs.writeShellScriptBin "ssh" ''
  14 +    set -eu
  15 +    PATH=$OLDPATH
  16 +    set -x
  17 +    ssh -l '${cfg.login}' \
  18 +     ${lib.escapeShellArgs cfg.sshFlags} ''${SSH_FLAGS:-} "$@"
  19 +  '';
  20 +in
  21 +{
  22 +options.installer.ssh-nixos = {
  23 +  PATH = lib.mkOption {
  24 +    type = types.listOf types.package;
  25 +    default = [];
  26 +    apply = lib.makeBinPath;
  27 +    description = "Packages to be appended to the <literal>PATH<literal> of the script.";
  28 +  };
  29 +  script = lib.mkOption {
  30 +    type = types.lines;
  31 +    default = "";
  32 +    example = ''
  33 +      lib.mkBefore ''''''
  34 +        gpg --decrypt initrd/ssh.key.gpg |
  35 +        ssh root@''${config.installer.ssh-nixos.target} \
  36 +        install -D -m 400 -o root -g root /dev/stdin /root/initrd/ssh.key
  37 +      '''''';
  38 +    '';
  39 +    description = ''
  40 +      Install script copying the configured NixOS via SSH
  41 +      to the <link linkend="opt-install.ssh-nixos.target">target</link>
  42 +      and switching to the new configuration.
  43 +      It is made available here for prepending or appending commands
  44 +      with the usual <literal>mkBefore</literal> and <literal>mkAfter</literal>.
  45 +      In case you run it often or add multiple ssh calls to it,
  46 +      consider configuring the OpenSSH client with <literal>ControlMaster auto</literal>
  47 +      to keep the SSH connexion alive between calls to <literal>literal</literal>.
  48 +
  49 +      This script is usually run with:
  50 +      <screen>
  51 +      <prompt>$ </prompt> nix run system.config.installer.ssh-nixos -f nixos.nix
  52 +      </screen>
  53 +      where <literal>nixos.nix</literal> can be:
  54 +      <screen>
  55 +      import <nixpkgs/nixos> {
  56 +        system = "x86_64-linux";
  57 +        configuration = { config, lib, pkgs }: {
  58 +        # Your usual configuration.nix content can go here
  59 +        };
  60 +      }
  61 +      </screen>
  62 +    '';
  63 +    apply = script: pkgs.writeShellScriptBin nixRunDefaultCommand ''
  64 +      set -eu
  65 +      set -o pipefail
  66 +      export OLDPATH=$PATH:${cfg.PATH}
  67 +      PATH="${ssh}/bin:$OLDPATH"
  68 +      set -x
  69 +      ${script}
  70 +    '';
  71 +  };
  72 +  login = lib.mkOption {
  73 +    type = types.str;
  74 +    default = "root";
  75 +    example = "admin";
  76 +    description = "Login name passed to ssh.";
  77 +  };
  78 +  target = lib.mkOption {
  79 +    type = types.str;
  80 +    default = "${networking.hostName}.${networking.domain}";
  81 +    example = "192.168.1.10";
  82 +    description = "Destination where to install NixOS passed to ssh.";
  83 +  };
  84 +  sshFlags = lib.mkOption {
  85 +    type = types.listOf types.str;
  86 +    default = ["-o" "ControlMaster=auto"];
  87 +    description = ''
  88 +      Extra flags passed to <literal>ssh</literal>.
  89 +      Environment variable <literal>SSH_FLAGS</literal> can also be used at runtime.
  90 +    '';
  91 +  };
  92 +  nixCopyFlags = lib.mkOption {
  93 +    type = types.listOf types.str;
  94 +    default = ["--substitute-on-destination"];
  95 +    description = ''
  96 +      Extra flags passed to <literal>nix copy</literal>.
  97 +      Environment variable <literal>NIX_COPY_FLAGS</literal> can also be used at runtime.
  98 +    '';
  99 +  };
 100 +  profile = lib.mkOption {
 101 +    type = types.str;
 102 +    default = "/nix/var/nix/profiles/system";
 103 +  };
 104 +};
 105 +config = {
 106 +  installer.ssh-nixos.PATH = with pkgs; [nix openssh];
 107 +  installer.ssh-nixos.script =
 108 +    let nixos = config.system.build.toplevel; in ''
 109 +    nix ''${NIX_FLAGS:-} copy \
 110 +     --to ssh://'${cfg.target}' \
 111 +     ${lib.escapeShellArgs cfg.nixCopyFlags} ''${NIX_COPY_FLAGS:-} \
 112 +     ${nixos}
 113 +    ssh '${cfg.target}' \
 114 +    nix-env --profile '${cfg.profile}' --set '${nixos}' '&&' \
 115 +    '${cfg.profile}'/bin/switch-to-configuration "''${NIXOS_SWITCH:-switch}"
 116 +  '';
 117 +};
 118 +meta.maintainers = [ lib.maintainers.julm ];
 119 +}
 120 diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
 121 index f361163ca63..15659fde11b 100644
 122 --- a/nixos/modules/module-list.nix
 123 +++ b/nixos/modules/module-list.nix
 124 @@ -80,6 +80,7 @@
 125    ./i18n/input-method/ibus.nix
 126    ./i18n/input-method/nabi.nix
 127    ./i18n/input-method/uim.nix
 128 +  ./installer/ssh-nixos.nix
 129    ./installer/tools/tools.nix
 130    ./misc/assertions.nix
 131    ./misc/crashdump.nix