altano
January 24, 2022, 2:38am
1
I’m going to be installing NixOS in environments where pasting a long ssh public key is not possible (and certainly not manually typing it).
One workaround is:
create a base system where I have a root user with a password
enable ssh with root login allowed:
services.openssh = {
enable = true;
passwordAuthentication = true;
permitRootLogin = "yes";
};
ssh in from another machine and edit configuration.nix to
a. add my ssh public key to my non-root user and
b. lockdown ssh again
services.openssh = {
enable = true;
passwordAuthentication = false;
permitRootLogin = "no";
};
Is there a better way of handling this during installation itself? I would love to collapse this to one step.
One idea I had:
publish a myusername.nix
file on my website. this would have my user’s configuration including ssh public key
during install, edit configuration.nix
to install wget
wget myusername.nix
and then include it from configuration.nix
Is that feasible? Are there any simpler approaches?
altano
January 24, 2022, 3:49am
2
curl
is on the minimal iso so I can simplify my idea to:
Publish a baseline.nix
file on my website. This would have my baseline configuration including ssh public key.
When I’m on the CLI in the nix installer I can run: curl https://path/to/my/baseline.nix --output /mnt/etc/nixos/baseline.nix
Add ./baseline.nix
to my imports
in configuration.nix
I’m still interested in better solutions.
My “fix” (and I’m playing real fast and loose with the word here) is a script that is curl’d down to the machine in question and run which then writes out the minimal configuration required to boot and then runs the installer. nixops then takes care of everything after that.
1 Like
Check out builtins.split in the Nix Manual
I think that evaluating build outputs is disallowed in some contexts (e.g. Hydra), but your derivation sounds like a very cool thing to have for some servers I maintain with Nixops.
might give you inspiration on how to do things the nix way.
Then again, it may not.