Merge branch 'main' into patch-1

Mic92 · web-flow · commit 7087daf7ab41 · 2025-02-25T13:14:35.000+01:00
diff --git a/docs/cli.md b/docs/cli.md
@@ -29,6 +29,8 @@ Options:
   use another kexec tarball to bootstrap NixOS
 * --kexec-extra-flags
   extra flags to add into the call to kexec, e.g. "--no-sync"
+* --ssh-store-setting <key> <value>
+  ssh store settings appended to the store URI, e.g. "compress true". <value> needs to be URI encoded.
 * --post-kexec-ssh-port <ssh_port>
   after kexec is executed, use a custom ssh port to connect. Defaults to 22
 * --copy-host-keys
diff --git a/docs/quickstart.md b/docs/quickstart.md
@@ -64,7 +64,14 @@ line that reads:
 ```
 
 Replace the text `CHANGE` with your own SSH key. This is crucial, as you will
-not be able to log into the target machine post-installation without it.
+not be able to log into the target machine post-installation without it. If you
+have a .pem file you can run
+
+```bash
+ssh-keygen -y -f /path/to/your/key.pem
+```
+
+then paste the result in between the quotes like "ssh-rsa AAA..."
 
 ### 4. Configure Storage
 
diff --git a/flake.lock b/flake.lock
diff --git a/src/nixos-anywhere.sh b/src/nixos-anywhere.sh
@@ -6,6 +6,7 @@ flake=""
 flakeAttr=""
 kexecUrl=""
 kexecExtraFlags=""
+sshStoreSettings=""
 enableDebug=""
 nixBuildFlags=()
 diskoScript=""
@@ -94,6 +95,8 @@ Options:
   use another kexec tarball to bootstrap NixOS
 * --kexec-extra-flags
   extra flags to add into the call to kexec, e.g. "--no-sync"
+* --ssh-store-setting <key> <value>
+  ssh store settings appended to the store URI, e.g. "compress true". <value> needs to be URI encoded.
 * --post-kexec-ssh-port <ssh_port>
   after kexec is executed, use a custom ssh port to connect. Defaults to 22
 * --copy-host-keys
@@ -213,6 +216,14 @@ parseArgs() {
       kexecExtraFlags=$2
       shift
       ;;
+    --ssh-store-setting)
+      key=$2
+      shift
+      value=$2
+      shift
+      sshStoreSettings+="$sshStoreSettings$key=$value&"
+      shift
+      ;;
     --post-kexec-ssh-port)
       postKexecSshPort=$2
       shift
@@ -628,17 +639,17 @@ runDisko() {
     runSsh "umask 077; mkdir -p \"$(dirname "$path")\"; cat > $path" <"${diskEncryptionKeys[$path]}"
   done
   if [[ -n ${diskoScript} ]]; then
-    nixCopy --to "ssh://$sshConnection" "$diskoScript"
+    nixCopy --to "ssh://$sshConnection?$sshStoreSettings" "$diskoScript"
   elif [[ ${buildOn} == "remote" ]]; then
     step Building disko script
     # We need to do a nix copy first because nix build doesn't have --no-check-sigs
     # Use ssh:// here to avoid https://github.com/NixOS/nix/issues/7359
-    nixCopy --to "ssh://$sshConnection" "${flake}#${flakeAttr}.system.build.${diskoMode}Script" \
+    nixCopy --to "ssh://$sshConnection?$sshStoreSettings" "${flake}#${flakeAttr}.system.build.${diskoMode}Script" \
       --derivation --no-check-sigs
     # If we don't use ssh-ng here, we get `error: operation 'getFSAccessor' is not supported by store`
     diskoScript=$(
       nixBuild "${flake}#${flakeAttr}.system.build.${diskoMode}Script" \
-        --eval-store auto --store "ssh-ng://$sshConnection?ssh-key=$sshKeyDir/nixos-anywhere"
+        --eval-store auto --store "ssh-ng://$sshConnection?ssh-key=$sshKeyDir%2Fnixos-anywhere&$sshStoreSettings"
     )
   fi
 
@@ -650,17 +661,17 @@ nixosInstall() {
   local nixosSystem=$1
   if [[ -n ${nixosSystem} ]]; then
     step Uploading the system closure
-    nixCopy --to "ssh://$sshConnection?remote-store=local?root=/mnt" "$nixosSystem"
+    nixCopy --to "ssh://$sshConnection?remote-store=local%3Froot=%2Fmnt&$sshStoreSettings" "$nixosSystem"
   elif [[ ${buildOn} == "remote" ]]; then
     step Building the system closure
     # We need to do a nix copy first because nix build doesn't have --no-check-sigs
     # Use ssh:// here to avoid https://github.com/NixOS/nix/issues/7359
-    nixCopy --to "ssh://$sshConnection?remote-store=local?root=/mnt" "${flake}#${flakeAttr}.system.build.toplevel" \
+    nixCopy --to "ssh://$sshConnection?remote-store=local%3Froot=%2Fmnt&$sshStoreSettings" "${flake}#${flakeAttr}.system.build.toplevel" \
       --derivation --no-check-sigs
     # If we don't use ssh-ng here, we get `error: operation 'getFSAccessor' is not supported by store`
     nixosSystem=$(
       nixBuild "${flake}#${flakeAttr}.system.build.toplevel" \
-        --eval-store auto --store "ssh-ng://$sshConnection?ssh-key=$sshKeyDir/nixos-anywhere&remote-store=local?root=/mnt"
+        --eval-store auto --store "ssh-ng://$sshConnection?ssh-key=$sshKeyDir%2Fnixos-anywhere&remote-store=local%3Froot=%2Fmnt&$sshStoreSettings"
     )
   fi
 
@@ -691,7 +702,7 @@ if [ ${copyHostKeys-n} = "y" ]; then
     cp -a "\$p" "/mnt/\$p"
   done
 fi
-nixos-install --no-root-passwd --no-channel-copy --system "$nixosSystem"
+NIXOS_NO_CHECK=1 nixos-install --no-root-passwd --no-channel-copy --system "$nixosSystem"
 if [[ ${phases[reboot]} == 1 ]]; then
   if command -v zpool >/dev/null && [ "\$(zpool list)" != "no pools available" ]; then
     # we always want to export the zfs pools so people can boot from it without force import
@@ -726,7 +737,9 @@ main() {
       if [[ ${phases[disko]} == 1 ]]; then
         diskoScript=$(nixBuild "${flake}#${flakeAttr}.system.build.${diskoMode}Script")
       fi
-      nixosSystem=$(nixBuild "${flake}#${flakeAttr}.system.build.toplevel")
+      if [[ ${phases[install]} == 1 ]]; then
+        nixosSystem=$(nixBuild "${flake}#${flakeAttr}.system.build.toplevel")
+      fi
     fi
   elif [[ -n ${diskoScript} ]] && [[ -n ${nixosSystem} ]]; then
     if [[ ! -e ${diskoScript} ]] || [[ ! -e ${nixosSystem} ]]; then
@@ -799,7 +812,9 @@ main() {
     if [[ ${phases[disko]} == 1 ]]; then
       diskoScript=$(nixBuild "${flake}#${flakeAttr}.system.build.${diskoMode}Script")
     fi
-    nixosSystem=$(nixBuild "${flake}#${flakeAttr}.system.build.toplevel")
+    if [[ ${phases[install]} == 1 ]]; then
+      nixosSystem=$(nixBuild "${flake}#${flakeAttr}.system.build.toplevel")
+    fi
   fi
 
   # Installation will fail if non-root user is used for installer.
