Feature Request: Pre/Post Install Scripts

[AlansCodeLog]

Prerequisites

• I have searched existing issues to make sure this isn't a duplicate
• I have checked the documentation to see if this feature already exists

Problem Description

I ran into two issues using nixos-anywhere with terraform which lead me to request this.

The first is that trying to deploy to hetzner (CX22) with a small project I get an out of disk space error during the install and it keeps retrying, attempting to clear disk space, and failing for a long time. After much head scratching (I think 4gb of RAM should be enough and the docs say we only need 1.5GB of ram), I figured out that the tmpfs is only mounted with %50 of ram by the installer. This is more a problem with the installer image I think and possibly the docs could mention this, but the problem became how to fix it.

A remount will fix it (2gb => 3gb was enough), but then how to run it just before the install phase. To quickly fix things I forked the repo and added a script to ssh and remount /nix/.rw-store before install.

Then I ran into another issue. If the disk is encrypted, even if I don't run the reboot phase, the deploy part of the terraform module does run and causes it to fail because a reboot is needed. I think nixos-anywhere could be written to auto-unlock the disk if it has the key (from disk_encryption_key_scripts) but this is probably over-complicating things. Though some mention of this issue in the docs would be nice.

For this I disabled the reboot phase and added a post install script where I reboot, wait with ssh on the correct port (2222 for my initrd config), then send the password (ssh ... "echo $SECRET | cryptsetup-askpass", note this always return 1), then wait for the system to be live again.

Having debugged all this I also think having these scripts would be useful in general for debugging issues as well.

Proposed Solution

A pre/post install script option. In my fork I just sourced the scripts so they can have access to the variables nixos-anywhere uses ($sshConnection, etc) as at least for the post install script I required access to both the local and remote.

Alternatives Considered

Have more specific workarounds for the specific issues mentioned. idk, I'm open to ideas.

Feature Type

New command-line option

Use Case

No response

Implementation Ideas

No response

Additional Context

No response

[Mic92]

This should be already possible by running only selected phases with --phases and than running custom code in-between. This is what we do in clan.

[AlansCodeLog]

Aaaah, I get it now, though if you have a link to where you use it like this that would be helpful.

Maybe it was me (am still learning terraform) but it wasn't obvious to me I could/should do that.

It would be good to mention it more explicitly, especially in the all in one module which I don't know how it can possibly work with an encrypted disk and yet it mentions disk decryption scripts.

Would you be open to a PR to add something to the docs?

[Mic92]

We do not use this in Terraform. Might be possible as well with phases? Here is the python code: https://git.clan.lol/clan/clan-core/src/commit/e593d5da34f49da0af21fd6db63766ebbb5101ba/pkgs/clan-cli/clan_lib/machines/install.py#L241