@@ -21,6 +21,8 @@ You will need:
2121 performed
2222- A disk configuration containing details of the file system that will be
2323 created on the new server.
24+ - A target machine, reachable via SSH, with your SSH public key deployed and and
25+ the privilege to either login directly as root or to use password-less sudo.
2426
2527** nixos-anywhere** doesn’t need to be installed. You can run it directly from
2628[ Numtide's repository on Github.] ( https://github.com/numtide/nixos-anywhere )
@@ -101,32 +103,33 @@ below.
101103
1021045 . Run the following command to create the ` flake.lock ` file:
103105
104- ```
105- nix flake lock
106- ```
106+ ```
107+ nix flake lock
108+ ```
107109
108- Optionally, you can commit these files to a repo such as Github, or you can
109- simply reference your local directory when you run ** nixos-anywhere** . This
110- example uses a local directory on the source machine.
110+ Optionally, you can commit these files to a repo such as Github, or you can
111+ simply reference your local directory when you run ** nixos-anywhere** . This
112+ example uses a local directory on the source machine.
111113
1121146 . On the target machine, make sure you have access as root via ssh by adding
113115 your SSH key to the file ` authorized_keys ` in the directory ` /root/.ssh `
114116
1151177 . (Optional) Test your nixos and disko configuration:
116118
117- The following command will automatically test your nixos configuration and run
118- disko inside a virtual machine, where
119+ The following command will automatically test your nixos configuration and
120+ run disko inside a virtual machine, where
119121
120- - ` <path to configuration> ` is the path to the directory or repository
121- containing ` flake.nix ` and ` disk-config.nix `
122+ - ` <path to configuration> ` is the path to the directory or repository
123+ containing ` flake.nix ` and ` disk-config.nix `
122124
123- - ` <configuration name> ` must match the name that immediately follows the text
124- ` nixosConfigurations. ` in the flake, as indicated by the comment in the
125- [ example] ( https://github.com/numtide/nixos-anywhere-examples/blob/main/flake.nix ) ).
125+ - ` <configuration name> ` must match the name that immediately follows the
126+ text ` nixosConfigurations. ` in the flake, as indicated by the comment in
127+ the
128+ [ example] ( https://github.com/numtide/nixos-anywhere-examples/blob/main/flake.nix ) ).
126129
127- ```
128- nix run github:numtide/nixos-anywhere -- --flake <path to configuration>#<configuration name> --vm-test
129- ```
130+ ```
131+ nix run github:numtide/nixos-anywhere -- --flake <path to configuration>#<configuration name> --vm-test
132+ ```
130133
1311348 . You can now run ** nixos-anywhere** from the command line as shown below,
132135 where:
@@ -141,83 +144,85 @@ nix run github:numtide/nixos-anywhere -- --flake <path to configuration>#<config
141144
142145 - ` <ip address> ` is the IP address of the target machine.
143146
144- ```
145- nix run github:numtide/nixos-anywhere -- --flake <path to configuration>#<configuration name> root@<ip address>
146- ```
147-
148- The command would look like this if you had created your files in a directory
149- named ` /home/mydir/test ` and the IP address of your target machine is
150- ` 37.27.18.135 ` :
151-
152- ```
153- nix run github:numtide/nixos-anywhere -- --flake /home/mydir/test#hetzner-cloud [email protected] 154- ```
155-
156- ** nixos-anywhere** will then run, showing various output messages at each stage.
157- It may take some time to complete, depending on Internet speeds. It should
158- finish by showing the messages below before returning to the command prompt.
159-
160- ```
161- Installation finished. No error reported.
162- Warning: Permanently added '<ip-address>' (ED25519) to the list of known hosts
163- ```
164-
165- When this happens, the target server will have been overwritten with a new
166- installation of NixOS. Note that the server's public SSH key will have changed.
167-
168- If you have previously accessed this server using SSH, you may see the following
169- message the next time you try to log in to the target.
170-
171- ```
172- @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
173- @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
174- @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
175- IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
176- Someone could be eavesdropping on you right now (man-in-the-middle attack)!
177- It is also possible that a host key has just been changed.
178- The fingerprint for the ED25519 key sent by the remote host is
179- XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
180- Please contact your system administrator.
181- Add correct host key in ~/.ssh/known_hosts to get rid of this message.
182- Offending ECDSA key in ~/.ssh/known_hosts:6
183- remove with:
184- ssh-keygen -f ~/.ssh/known_hosts" -R "<ip addrress>"
185- Host key for <ip_address> has changed and you have requested strict checking.
186- Host key verification failed.
187- ```
188-
189- This is because the ` known_hosts ` file in the ` .ssh ` directory now contains a
190- mismatch, since the server has been overwritten. To solve this, use a text
191- editor to remove the old entry from the ` known_hosts ` file. The next connection
192- attempt will then treat this as a new server.
193-
194- The error message line ` Offending ECDSA key in ~/.ssh/known_hosts: ` gives the
195- line number that needs to be removed from the ` known_hosts ` file.
196-
197- The new server's configurations are defined in the flake. ` nixos-anywhere ` does
198- not create ` etc/nixos/configuration.nix ` , since it expects the server to be
199- administered remotely. Any future changes to the configuration should be made to
200- the flake, and you would reference this flake when doing the nixos-rebuild
201- command or a deployment tool of your choice i.e.
202- [ colmena] ( https://github.com/zhaofengli/colmena ) ,
203- [ nixinate] ( https://github.com/MatthewCroughan/nixinate ) .
204-
205- This example can be run from the machine itself for updating (replace
206- ` <URL to your flake> ` with your flake i.e. ` .# ` if your flake is in the current
207- directory):
208-
209- ```
210- nixos-rebuild switch --flake <URL to your flake>
211- ```
212-
213- You can also run ` nixos-rebuild ` to update a machine remotly, if you have set up
214- an openssh server and your ssh key for the root user:
215-
216- ```
217- nixos-rebuild switch --flake <URL to your flake> --target-host "root@<ip address>"
218- ```
219-
220- For more information on different use cases of ** nixos-anywhere** please refer
221- to the [ How to Guide] ( ./howtos/INDEX.md ) , and for more technical information and
222- explanation of known error messages, refer to the
223- [ Reference Manual] ( ./reference.md ) .
147+ ```
148+ nix run github:numtide/nixos-anywhere -- --flake <path to configuration>#<configuration name> root@<ip address>
149+ ```
150+
151+ The command would look like this if you had created your files in a
152+ directory named `/home/mydir/test` and the IP address of your target
153+ machine is `37.27.18.135`:
154+
155+ ```
156+ nix run github:numtide/nixos-anywhere -- --flake /home/mydir/test#hetzner-cloud [email protected] 157+ ```
158+
159+ **nixos-anywhere** will then run, showing various output messages at each
160+ stage. It may take some time to complete, depending on Internet speeds. It
161+ should finish by showing the messages below before returning to the command
162+ prompt.
163+
164+ ```
165+ Installation finished. No error reported.
166+ Warning: Permanently added '<ip-address>' (ED25519) to the list of known hosts
167+ ```
168+
169+ When this happens, the target server will have been overwritten with a new
170+ installation of NixOS. Note that the server's public SSH key will have
171+ changed.
172+
173+ If you have previously accessed this server using SSH, you may see the
174+ following message the next time you try to log in to the target.
175+
176+ ```
177+ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
178+ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
179+ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
180+ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
181+ Someone could be eavesdropping on you right now (man-in-the-middle attack)!
182+ It is also possible that a host key has just been changed.
183+ The fingerprint for the ED25519 key sent by the remote host is
184+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
185+ Please contact your system administrator.
186+ Add correct host key in ~/.ssh/known_hosts to get rid of this message.
187+ Offending ECDSA key in ~/.ssh/known_hosts:6
188+ remove with:
189+ ssh-keygen -f ~/.ssh/known_hosts" -R "<ip addrress>"
190+ Host key for <ip_address> has changed and you have requested strict checking.
191+ Host key verification failed.
192+ ```
193+
194+ This is because the `known_hosts` file in the `.ssh` directory now contains
195+ a mismatch, since the server has been overwritten. To solve this, use a
196+ text editor to remove the old entry from the `known_hosts` file. The next
197+ connection attempt will then treat this as a new server.
198+
199+ The error message line `Offending ECDSA key in ~/.ssh/known_hosts:` gives
200+ the line number that needs to be removed from the `known_hosts` file.
201+
202+ The new server's configurations are defined in the flake. `nixos-anywhere`
203+ does not create `etc/nixos/configuration.nix`, since it expects the server
204+ to be administered remotely. Any future changes to the configuration should
205+ be made to the flake, and you would reference this flake when doing the
206+ nixos-rebuild command or a deployment tool of your choice i.e.
207+ [colmena](https://github.com/zhaofengli/colmena),
208+ [nixinate](https://github.com/MatthewCroughan/nixinate).
209+
210+ This example can be run from the machine itself for updating (replace
211+ `<URL to your flake>` with your flake i.e. `.#` if your flake is in the
212+ current directory):
213+
214+ ```
215+ nixos-rebuild switch --flake <URL to your flake>
216+ ```
217+
218+ You can also run `nixos-rebuild` to update a machine remotly, if you have
219+ set up an openssh server and your ssh key for the root user:
220+
221+ ```
222+ nixos-rebuild switch --flake <URL to your flake> --target-host "root@<ip address>"
223+ ```
224+
225+ For more information on different use cases of **nixos-anywhere** please
226+ refer to the [How to Guide](./howtos/INDEX.md), and for more technical
227+ information and explanation of known error messages, refer to the
228+ [Reference Manual](./reference.md).
![mergify[bot]](https://avatars.githubusercontent.com/in/10562?v=4&size=40){kind=avatar}
0 commit comments