diff --git a/docs/quickstart.md b/docs/quickstart.md index 29d26c64..ab2e625c 100644 --- a/docs/quickstart.md +++ b/docs/quickstart.md @@ -113,7 +113,9 @@ example uses a local directory on the source machine. If your SSH key is not found, you will be asked for your password. If you are using a non-root user, you must have access to sudo without a password. To avoid SSH password prompts, set the `SSHPASS` environment variable to your password -and add `--env-password` to the `nixos-anywhere` command. +and add `--env-password` to the `nixos-anywhere` command. If providing a +specific SSH key through `-i` (identity_file), this key will then be used for +the installation and no temporary SSH key will be created. ### 7. (Optional) Test your NixOS and Disko configuration diff --git a/src/nixos-anywhere.sh b/src/nixos-anywhere.sh index fed359fa..bb72228b 100755 --- a/src/nixos-anywhere.sh +++ b/src/nixos-anywhere.sh @@ -385,10 +385,15 @@ runVmTest() { } uploadSshKey() { - # we generate a temporary ssh keypair that we can use during nixos-anywhere # ssh-copy-id requires this directory mkdir -p "$HOME/.ssh/" - ssh-keygen -t ed25519 -f "$sshKeyDir"/nixos-anywhere -P "" -C "nixos-anywhere" >/dev/null + if [[ -n ${sshPrivateKeyFile} ]]; then + cp "$sshPrivateKeyFile" "$sshKeyDir/nixos-anywhere" + ssh-keygen -y -f "$sshKeyDir/nixos-anywhere" >"$sshKeyDir/nixos-anywhere.pub" + else + # we generate a temporary ssh keypair that we can use during nixos-anywhere + ssh-keygen -t ed25519 -f "$sshKeyDir"/nixos-anywhere -P "" -C "nixos-anywhere" >/dev/null + fi declare -a sshCopyIdArgs if [[ -n ${sshPrivateKeyFile} ]]; then diff --git a/tests/flake-module.nix b/tests/flake-module.nix index 4f647dc1..4350da95 100644 --- a/tests/flake-module.nix +++ b/tests/flake-module.nix @@ -20,5 +20,6 @@ from-nixos-with-sudo-stable = import ./from-nixos-with-sudo.nix testInputsStable; from-nixos-with-generated-config = import ./from-nixos-generate-config.nix testInputsUnstable; from-nixos-build-on-remote = import ./from-nixos-build-on-remote.nix testInputsUnstable; + from-nixos-separated-phases = import ./from-nixos-separated-phases.nix testInputsUnstable; }); } diff --git a/tests/from-nixos-separated-phases.nix b/tests/from-nixos-separated-phases.nix new file mode 100644 index 00000000..35a89f4b --- /dev/null +++ b/tests/from-nixos-separated-phases.nix @@ -0,0 +1,52 @@ +(import ./lib/test-base.nix) { + name = "from-nixos-separated-phases"; + nodes = { + installer = ./modules/installer.nix; + installed = { + services.openssh.enable = true; + virtualisation.memorySize = 1024; + + users.users.nixos = { + isNormalUser = true; + openssh.authorizedKeys.keyFiles = [ ./modules/ssh-keys/ssh.pub ]; + extraGroups = [ "wheel" ]; + }; + security.sudo.enable = true; + security.sudo.wheelNeedsPassword = false; + }; + }; + testScript = '' + start_all() + + with subtest("Kexec Phase"): + installer.succeed(""" + nixos-anywhere \ + -i /root/.ssh/install_key \ + --debug \ + --kexec /etc/nixos-anywhere/kexec-installer \ + --phases kexec \ + --store-paths /etc/nixos-anywhere/disko /etc/nixos-anywhere/system-to-install \ + nixos@installed >&2 + """) + + with subtest("Disko Phase"): + output = installer.succeed(""" + nixos-anywhere \ + -i /root/.ssh/install_key \ + --debug \ + --phases disko \ + --store-paths /etc/nixos-anywhere/disko /etc/nixos-anywhere/system-to-install \ + installed >&2 + """) + + with subtest("Install Phase"): + installer.succeed(""" + nixos-anywhere \ + -i /root/.ssh/install_key \ + --debug \ + --phases install \ + --store-paths /etc/nixos-anywhere/disko /etc/nixos-anywhere/system-to-install \ + root@installed >&2 + """) + ''; +}