I saw somewhere that since nixos 20.09, we’re able to load public keys into the image so that we can do a fully headless setup of a raspberry pi. However, I can’t find anything written on how I would go about doing that.
Has someone ever done it and can explain where I would put my public key exactly?
1 Like
I saw somewhere that since nixos 20.09, we’re able to load public keys
into the image so that we can do a fully headless setup of a raspberry
pi.
It’s definitely possible, and it’s what I use for my Pi. The setting in
particular is:
users.users.<name>.openssh.authorizedKeys
See:
For finding options, NixOS Search is a great
resource.
What I meant by headless setup, is headless first-time setup, without using any screen/keyboard. How would I set authorizedKeys in the image directly?
I mounted /dev/sda2 after writing the image to an sd card but I see no configuration.nix so I don’t where I would do my configuration.
1 Like
What I meant by headless setup, is headless first-time setup,
without using any screen/keyboard. How would I setauthorizedKeysin
the image directly? I mounted /dev/sda2 after writing the image to an
sd card but I see no configuration.nix so I don’t where I would do my
configuration.
That’s the setup I have, too :). I find a flake a bit like the following
works pretty well, and you can nix build yourself an ISO:
{
inputs.nixpkgs = ...;
outputs = { self, nixpkgs }: let
pkgs = import nixpkgs {
crossSystem.config = "aarch64-unknown-linux-gnu";
};
in {
defaultPackage.<sys> = self.nixosConfigurautions.<name>.config.system.build.sdImage;
nixosConfigurations.<name> = nixpkgs.lib.nixosSystem {
system = "aarch64-linux";
modules = [ ... ]; # here's where your config goes
};
}
}
Note that private keys are a lot harder than public.
2 Likes
Oh gotcha, I need to build my own iso.
Thanks for your answer!
Sorry if the question doesn’t make sense. I’m just getting started, I was wondering about this, once you build your own ISO, how do you go about
- Updating packages in the future? Do you build and redeploy the image?
- What happens to the stuff on your SD card in terms of AppData? Does it get wiped out every time an update is made? (The answer is most likely not but just making sure).
Thank you.
You can deploy an update as usual, no need to rebuild the image.
You can build an image that doesn’t do root-on-tmpfs or anything. It just works like a normal NixOS installation. I do it with this configuration that suppresses some of the installer modules:
{
imports = [
"${nixpkgs}/nixos/modules/installer/sd-card/sd-image.nix"
"${nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
];
disabledModules = [
"profiles/all-hardware.nix"
"profiles/base.nix"
];
}
1 Like
Just for info, here’s my repo with the commands I use and my raspberry pi config:
Bootstrapping the ISO for the first time: GitHub - sweenu/nixfiles: NixOS home and servers configuration
My rpi config: https://github.com/sweenu/nixfiles/blob/133a8be7455d448312a139bdc8aa74fcc9eb62f0/hosts/grunfeld/default.nix
I use deploy-rs to deploy a new config to my remote machines, so to update packages on my rpi I will do the following:
nix flake update
deploy ".#grunfeld"
1 Like