Mirror/nixos-anywhere-example
Mirror/nixos-anywhere-example
1
0
Fork 0
mirror of https://codeberg.org/privacy1st/nixos-anywhere-example synced 2024-11-22 22:09:34 +01:00
Code Issues Packages Projects Releases Wiki Activity

print SSH ed25519 fingerprint

Browse Source
This commit is contained in:
Daniel Langbein 2023-10-12 13:43:30 +02:00
parent d3823e5bdb
commit 4109638e01
Signed by: langfingaz
GPG Key ID: 6C47C753F0823002
2 changed files with 56 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
template/README.md
View File

@ -34,15 +34,18 @@ nix --extra-experimental-features nix-command --extra-experimental-features flak
To install on remote target machine: To install on remote target machine:
```shell ```shell
# GNOME Boxes
#nix --extra-experimental-features nix-command --extra-experimental-features flakes \
# run github:numtide/nixos-anywhere -- --flake '.#mysystem' -p 2222 root@localhost
# yodaHP # yodaHP
nix --extra-experimental-features nix-command --extra-experimental-features flakes \ nix --extra-experimental-features nix-command --extra-experimental-features flakes \
run github:numtide/nixos-anywhere -- --flake '.#mysystem' -p 22 root@192.168.178.105 run github:numtide/nixos-anywhere -- --flake '.#mysystem' -p 22 root@192.168.178.105
``` ```
To install on remote target machine **and** print the SSH fingerprint of the new system:
```shell
# yodaHP
./install-with-ssh-fingerprint.sh 22 root@192.168.178.105
```
## Updating dependencies ## Updating dependencies
Recreate the lock file (i.e. update all inputs) and commit the new lock file: Recreate the lock file (i.e. update all inputs) and commit the new lock file:

49
template/install-with-ssh-fingerprint.sh Executable file
View File

@ -0,0 +1,49 @@
#!/usr/bin/env sh
set -e
#
# This script is based on the work of Solomon <ssbothwell@gmail.com>.
# https://github.com/solomon-b/nixos-config/blob/ca047bdbb95859ee902e4750a3b0e018f2396bfe/installer/install-server.sh
#
cleanup() {
printf '%s\n' 'Deleting local copy of SSH ed25519 key ...'
rm -rf "${temp}"
}
gen_ssh_key() {
# Create a temporary directory.
temp="$(mktemp -d)"
# Cleanup temporary directory on exit.
trap cleanup EXIT
# Create the directory where sshd expects to find the host keys.
install -d -m755 "${temp}/etc/ssh"
# Generate host key.
ssh-keygen -t ed25519 -f "${temp}/etc/ssh/ssh_host_ed25519_key" -q -N ""
}
main(){
num_args=2
if [ "$#" -ne "${num_args}" ]; then
printf '%s%s%s\n' 'ERROR: ' "${num_args}" ' arguments required'
return 1
fi
for i in "$@"; do
if [ -z "${i}" ]; then
printf '%s\n' 'ERROR: All given args must not be empty'
return 1
fi
done
ssh_port="${1}"
ssh_target="${2}"
printf '%s\n' 'Generating SSH ed25519 key ...'
gen_ssh_key
printf '%s\n' 'SSH ed25519 fingerprint:'
ssh-keygen -lf "${temp}/etc/ssh/ssh_host_ed25519_key"
# Install NixOS to the target machine with our secrets.
nix --extra-experimental-features nix-command --extra-experimental-features flakes \
run github:numtide/nixos-anywhere -- --extra-files "${temp}" --flake '.#mysystem' -p "${ssh_port}" "${ssh_target}"
}
main "$@"