nix-community · costowell · Dec 22, 2024 · Dec 22, 2024 · Jan 2, 2025 · Jan 7, 2025
diff --git a/docs/howtos/extra-files.md b/docs/howtos/extra-files.md
@@ -75,6 +75,14 @@ during installation.
 When the files are extracted on the remote the copied data will be owned by
 root.
 
+If you wish to change the ownership after the files are copied onto the system,
+you can use the `--chown` option.
+
+For example, if you did `--chown /home/myuser/.ssh 1000:100`, this would equate
+to running `chown -R /home/myuser/.ssh 1000:100` where the uid is 1000 and the
+gid is 100. **Only do this when you can _guarantee_ what the uid and gid will
+be.**
+
 ### Symbolic Links
 
 Do not create symbolic links to reference data to copy.

diff --git a/docs/reference.md b/docs/reference.md
@@ -49,7 +49,10 @@ Options:
   copy over existing /etc/ssh/ssh_host_* host keys to the installation
 * --extra-files <path>
   contents of local <path> are recursively copied to the root (/) of the new NixOS installation. Existing files are overwritten
-  Copied files will be owned by root. See documentation for details.
+  Copied files will be owned by root unless specified by --chown option. See documentation for details.
+* --chown <path> <ownership>
+  change ownership of <path> recursively. Recommended to use uid:gid as opposed to username:groupname for ownership.
+  Option can be specified more than once.
 * --disk-encryption-keys <remote_path> <local_path>
   copy the contents of the file or pipe in local_path to remote_path in the installer environment,
   after kexec but before installation. Can be repeated.

diff --git a/src/nixos-anywhere.sh b/src/nixos-anywhere.sh
@@ -58,6 +58,7 @@ trap 'rm -rf "$sshKeyDir"' EXIT
 mkdir -p "$sshKeyDir"
 
 declare -A diskEncryptionKeys=()
+declare -A extraFilesOwnership=()
 declare -a nixCopyOptions=()
 declare -a sshArgs=()
 
@@ -98,7 +99,10 @@ Options:
   copy over existing /etc/ssh/ssh_host_* host keys to the installation
 * --extra-files <path>
   contents of local <path> are recursively copied to the root (/) of the new NixOS installation. Existing files are overwritten
-  Copied files will be owned by root. See documentation for details.
+  Copied files will be owned by root unless specified by --chown option. See documentation for details.
+* --chown <path> <ownership>
+  change ownership of <path> recursively. Recommended to use uid:gid as opposed to username:groupname for ownership.
+  Option can be specified more than once.
 * --disk-encryption-keys <remote_path> <local_path>
   copy the contents of the file or pipe in local_path to remote_path in the installer environment,
   after kexec but before installation. Can be repeated.
@@ -233,6 +237,11 @@ parseArgs() {
       extraFiles=$2
       shift
       ;;
+    --chown)
+      extraFilesOwnership["$2"]="$3"
+      shift
+      shift
+      ;;
     --disk-encryption-keys)
       diskEncryptionKeys["$2"]="$3"
       shift
@@ -588,6 +597,9 @@ nixosInstall() {
   if [[ -n ${extraFiles} ]]; then
     step Copying extra files
     tar -C "$extraFiles" -cpf- . | runSsh "tar -C /mnt -xf- --no-same-owner"
+    # shellcheck disable=SC2016
+    printf "%s\n" "${!extraFilesOwnership[@]}" "${extraFilesOwnership[@]}" | pr -2t | runSsh 'while read file ownership; do chown -R "$ownership" "/mnt/$file"; done'
+
     runSsh "chmod 755 /mnt" # tar also changes permissions of /mnt
   fi