Add --disk-encryption-keys option

2024-09-11 16:45:28 +03:00 · 2022-12-28 15:19:23 +01:00 · 2022-12-28 15:19:23 +01:00 · 2d3cc225b3
commit 2d3cc225b3
parent b79af208e9
1 changed files with 16 additions and 0 deletions
--- a/16
+++ b/16
@ -22,6 +22,9 @@ Options:
  do not reboot after installation
 * --extra-files files
  files to copy into the new nixos installation
+* --disk-encryption-keys files
+  files to copy into the installer environment, after kexec but before installation. Can be 
+  used for things like disk encryption keys
 * --debug
  enable debug output
 USAGE
@ -67,6 +70,10 @@ while [[ $# -gt 0 ]]; do
      extra_files=$2
      shift
      ;;
+    --disk-encryption-keys)
+      disk_encryption_keys=$2
+      shift
+      ;;
    --stop-after-disko)
      stop_after_disko=y
      ;;
@ -203,6 +210,13 @@ SSH
  until ssh_ -o ConnectTimeout=10 -- exit 0; do sleep 5; done
 fi

+if [[ -n ${disk_encryption_keys:-} ]]; then
+  if [[ -d "$disk_encryption_keys" ]]; then
+    disk_encryption_keys="$disk_encryption_keys/"
+  fi
+  rsync -vaAXF -e "ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no" "$disk_encryption_keys" "${ssh_connection#ssh://}:/tmp/"
+fi
+
 nixCopy --to "ssh://$ssh_connection" "$disko_script"
 ssh_ "$disko_script"

@ -220,6 +234,8 @@ fi

 ssh_ <<SSH
 set -efu ${enable_debug}
+# needed for installation if initrd-secrets are used
+mkdir -p /mnt/tmp
 nixos-install --no-root-passwd --no-channel-copy --system "$nixos_system"
 ${maybereboot}
 SSH