nix-community/nixos-anywhere
1
1
Fork 0
mirror of https://github.com/nix-community/nixos-anywhere.git synced 2024-09-11 08:35:24 +03:00
Code Issues Packages Projects Releases Wiki Activity

feat: add env-password

Browse Source 
Allow setting the bootstrap password on invocation of
`nixos-anywhere`.

This makes use of the `sshpass` program, to provide `ssh-copy-id` with
the password.

The `runtimeDeps` change in the following way:

sshpass: ∅ → 1.10, +29.5 KiB

Improves the usage especially together with the iso image installers of `nixos-images`.
This commit is contained in:
a-kenji 2024-04-20 00:08:15 +02:00
parent 05854a92a5
commit a2b5fcaa9e
3 changed files with 35 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
docs/quickstart.md
View File

@ -106,6 +106,12 @@ below.
6. On the target machine, make sure you have access as root via ssh by adding 6. On the target machine, make sure you have access as root via ssh by adding
your SSH key to the file `authorized_keys` in the directory `/root/.ssh` your SSH key to the file `authorized_keys` in the directory `/root/.ssh`
Optionally, bootstrapping can also be performed through password login. For
example through the `image-installer-*` provided by
`nix-community/nixos-images`. Assign your password to the `SSH_PASS`
environment variable and specify `--env-password` as an additional command
line option. This will provide `ssh-copy-id` with the required password.
7. (Optional) Test your nixos and disko configuration: 7. (Optional) Test your nixos and disko configuration:
The following command will automatically test your nixos configuration and The following command will automatically test your nixos configuration and

2
src/default.nix
View File

@ -10,6 +10,7 @@
, gawk , gawk
, findutils , findutils
, gnused , gnused
, sshpass
, terraform-docs , terraform-docs
, lib , lib
, makeWrapper , makeWrapper
@ -26,6 +27,7 @@ let
gawk gawk
findutils findutils
gnused # needed by ssh-copy-id gnused # needed by ssh-copy-id
sshpass # used to provide password for ssh-copy-id
rsync # used to upload extra-files rsync # used to upload extra-files
]; ];
in in

35
src/nixos-anywhere.sh
View File

@ -17,6 +17,9 @@ Options:
set an ssh option set an ssh option
* -L, --print-build-logs * -L, --print-build-logs
print full build logs print full build logs
* --env-password
set a password used by ssh-copy-id, the password should be set by
the environment variable SSH_PASS
* -s, --store-paths <disko-script> <nixos-system> * -s, --store-paths <disko-script> <nixos-system>
set the store paths to the disko-script and nixos-system directly set the store paths to the disko-script and nixos-system directly
if this is give, flake is not needed if this is give, flake is not needed
@ -162,6 +165,9 @@ while [[ $# -gt 0 ]]; do
--build-on-remote) --build-on-remote)
build_on_remote=y build_on_remote=y
;; ;;
--env-password)
env_password=y
;;
--vm-test) --vm-test)
vm_test=y vm_test=y
;; ;;
@ -288,14 +294,27 @@ ssh_port=$(echo "$ssh_settings" | awk '/^port / { print $2 }')
step Uploading install SSH keys step Uploading install SSH keys
until until
ssh-copy-id \ if [[ -n ${env_password-} ]]; then
-i "$ssh_key_dir"/nixos-anywhere.pub \ sshpass -e \
-o ConnectTimeout=10 \ ssh-copy-id \
-o UserKnownHostsFile=/dev/null \ -i "$ssh_key_dir"/nixos-anywhere.pub \
-o StrictHostKeyChecking=no \ -o ConnectTimeout=10 \
"${ssh_copy_id_args[@]}" \ -o UserKnownHostsFile=/dev/null \
"${ssh_args[@]}" \ -o IdentitiesOnly=yes \
"$ssh_connection" -o StrictHostKeyChecking=no \
"${ssh_copy_id_args[@]}" \
"${ssh_args[@]}" \
"$ssh_connection"
else
ssh-copy-id \
-i "$ssh_key_dir"/nixos-anywhere.pub \
-o ConnectTimeout=10 \
-o UserKnownHostsFile=/dev/null \
-o StrictHostKeyChecking=no \
"${ssh_copy_id_args[@]}" \
"${ssh_args[@]}" \
"$ssh_connection"
fi
do do
sleep 3 sleep 3
done done