nixos-infect icon indicating copy to clipboard operation
nixos-infect copied to clipboard

Published 20 hours ago verified publisher icon elitak

Infect with a prebuilt flake?

Open yajo opened this issue 3 years ago • 3 comments
trafficstars

I'm using flakes to configure my NixOS machines. More or less as explained here.

The point is that, if I add the flake configuration before infection, and then infect it, the new system will be configured using the /etc/nixo/configuration.nix file generated in the infection script, instead of using the /etc/nixos/flake.nix that I already put there before.

Is there a way to preconfigure the system before infection so that, after infected, it's directly booted to the system flake?

yajo avatar Jul 18 '22 09:07 yajo

I've tried modified this script and successfully got it working for my flake. Here's how:

Prerequisites

Seems you'll need to have the flake well-defined, or else the box will get stuck somewhere right after it reboots

The big thing

We'll need to look here: https://github.com/elitak/nixos-infect/blob/318fc516d1d87410fd06178331a9b2939b9f2fef/nixos-infect#L286-L299

That's where the /etc/nixos/configuration.nix got built. We'll need to get around that and replace with some nix build thingy, which should be something like this:

# Flake adaptations
nix \
  --extra-experimental-features "nix-command flakes" \
build \
  --profile /nix/var/nix/profiles/system \
  "${FLAKE_URL}#nixosConfigurations.${NIXOS_CONFIG_NAME}.config.system.build.toplevel"

ykis-0-0 avatar Aug 25 '22 14:08 ykis-0-0

Following script works for me (tested on contabo). Should we add flake support to nixos-infect?

curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect \
  | NIX_CHANNEL=nixos-23.05 NO_REBOOT=true bash -x \
&& { cat > /etc/nixos/flake.nix << 'EOF'
{
  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05";
  };

  outputs = inputs:
    {
      nixosConfigurations.contabo-nixos = inputs.nixpkgs.lib.nixosSystem {
        system = "x86_64-linux";
        modules = [
          ./configuration.nix
          ({ pkgs, ... }: {
            nix = {
              registry.nixpkgs.flake = inputs.nixpkgs;
              settings.experimental-features = [ "nix-command" "flakes" ];
              package = pkgs.nixFlakes;
            };
            system.stateVersion = "23.05";
          })
        ];
      };
    };
}
EOF
} \
&& /root/.nix-profile/bin/nix build \
  --extra-experimental-features "nix-command flakes" \
  /etc/nixos/#nixosConfigurations.contabo-nixos.config.system.build.toplevel
result/activate
result/bin/switch-to-configuration switch
reboot

aabccd021 avatar Jul 01 '23 01:07 aabccd021

Turning this into something like this would be fantastic:

curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | NIX_FLAKE=git+ssh://[email protected]/tcurdt/nixcfg.git#utm bash -x

Even better if would also allow for passing a key for decrypting credentials

curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | NIX_SECRETS_KEY="SOMEKEY" NIX_FLAKE=git+ssh://[email protected]/tcurdt/nixcfg.git#utm bash -x

tcurdt avatar Dec 18 '23 21:12 tcurdt