Getting ssh public key during initial install?

I’m going to be installing NixOS in environments where pasting a long ssh public key is not possible (and certainly not manually typing it).

One workaround is:

  1. create a base system where I have a root user with a password
  2. enable ssh with root login allowed:
services.openssh = {
  enable = true;
  passwordAuthentication = true;
  permitRootLogin = "yes";
  1. ssh in from another machine and edit configuration.nix to
    a. add my ssh public key to my non-root user and
    b. lockdown ssh again
services.openssh = {
  enable = true;
  passwordAuthentication = false;
  permitRootLogin = "no";

Is there a better way of handling this during installation itself? I would love to collapse this to one step.

One idea I had:

  1. publish a myusername.nix file on my website. this would have my user’s configuration including ssh public key
  2. during install, edit configuration.nix to install wget
  3. wget myusername.nix and then include it from configuration.nix

Is that feasible? Are there any simpler approaches?

curl is on the minimal iso so I can simplify my idea to:

  1. Publish a baseline.nix file on my website. This would have my baseline configuration including ssh public key.
  2. When I’m on the CLI in the nix installer I can run: curl https://path/to/my/baseline.nix --output /mnt/etc/nixos/baseline.nix
  3. Add ./baseline.nix to my imports in configuration.nix

I’m still interested in better solutions.

My “fix” (and I’m playing real fast and loose with the word here) is a script that is curl’d down to the machine in question and run which then writes out the minimal configuration required to boot and then runs the installer. nixops then takes care of everything after that.

1 Like

might give you inspiration on how to do things the nix way.

Then again, it may not.