diff --git a/terraform/all-in-one.md b/terraform/all-in-one.md
index bac0ac3a..97691464 100644
--- a/terraform/all-in-one.md
+++ b/terraform/all-in-one.md
@@ -202,6 +202,7 @@ No resources.
| Name | Description | Type | Default | Required |
| --------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------- | ---------------------------------------------------------------------------- | :------: |
| [build\_on\_remote](#input_build_on_remote) | Build the closure on the remote machine instead of building it locally and copying it over | `bool` | `false` | no |
+| [copy\_host\_keys](#input_copy_host_keys) | copy over existing /etc/ssh/ssh\_host\_* host keys to the installation | `bool` | `false` | no |
| [debug\_logging](#input_debug_logging) | Enable debug logging | `bool` | `false` | no |
| [deployment\_ssh\_key](#input_deployment_ssh_key) | Content of private key used to deploy to the target\_host after initial installation. To ensure maximum security, it is advisable to connect to your host using ssh-agent instead of relying on this variable | `string` | `null` | no |
| [disk\_encryption\_key\_scripts](#input_disk_encryption_key_scripts) | Each script will be executed locally. Output of each will be created at the given path to disko during installation. The keys will be not copied to the final system | list(object({
path = string
script = string
})) | `[]` | no |
diff --git a/terraform/all-in-one/main.tf b/terraform/all-in-one/main.tf
index fd4ec71d..36a570b4 100644
--- a/terraform/all-in-one/main.tf
+++ b/terraform/all-in-one/main.tf
@@ -39,6 +39,7 @@ module "install" {
nixos_generate_config_path = var.nixos_generate_config_path
nixos_facter_path = var.nixos_facter_path
build_on_remote = var.build_on_remote
+ copy_host_keys = var.copy_host_keys
# deprecated attributes
stop_after_disko = var.stop_after_disko
no_reboot = var.no_reboot
diff --git a/terraform/all-in-one/variables.tf b/terraform/all-in-one/variables.tf
index 4cc33757..177cce04 100644
--- a/terraform/all-in-one/variables.tf
+++ b/terraform/all-in-one/variables.tf
@@ -149,3 +149,9 @@ variable "install_bootloader" {
description = "Install/re-install the bootloader"
default = false
}
+
+variable "copy_host_keys" {
+ type = bool
+ description = "copy over existing /etc/ssh/ssh_host_* host keys to the installation"
+ default = false
+}
diff --git a/terraform/install.md b/terraform/install.md
index 7494c2ce..27f61bc5 100644
--- a/terraform/install.md
+++ b/terraform/install.md
@@ -64,6 +64,7 @@ No modules.
| Name | Description | Type | Default | Required |
| --------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------- | ---------------------------------------------------------------------------- | :------: |
| [build\_on\_remote](#input_build_on_remote) | Build the closure on the remote machine instead of building it locally and copying it over | `bool` | `false` | no |
+| [copy\_host\_keys](#input_copy_host_keys) | copy over existing /etc/ssh/ssh\_host\_* host keys to the installation | `bool` | `false` | no |
| [debug\_logging](#input_debug_logging) | Enable debug logging | `bool` | `false` | no |
| [disk\_encryption\_key\_scripts](#input_disk_encryption_key_scripts) | Each script will be executed locally. Output of each will be created at the given path to disko during installation. The keys will be not copied to the final system | list(object({
path = string
script = string
})) | `[]` | no |
| [extra\_environment](#input_extra_environment) | Extra environment variables to be set during installation. This can be useful to set extra variables for the extra\_files\_script or disk\_encryption\_key\_scripts | `map(string)` | `{}` | no |
diff --git a/terraform/install/main.tf b/terraform/install/main.tf
index 175da60a..b9a1df13 100644
--- a/terraform/install/main.tf
+++ b/terraform/install/main.tf
@@ -18,6 +18,7 @@ locals {
phases = join(",", local.phases)
nixos_generate_config_path = var.nixos_generate_config_path
nixos_facter_path = var.nixos_facter_path
+ copy_host_keys = var.copy_host_keys
})
}
diff --git a/terraform/install/run-nixos-anywhere.sh b/terraform/install/run-nixos-anywhere.sh
index 1d259a1e..fc12a9cc 100755
--- a/terraform/install/run-nixos-anywhere.sh
+++ b/terraform/install/run-nixos-anywhere.sh
@@ -44,6 +44,9 @@ if [[ ${input[target_pass]} != null ]]; then
export SSHPASS=${input[target_pass]}
args+=("--env-password")
fi
+if [[ ${input[copy_host_keys]} == "true" ]]; then
+ args+=("--copy-host-keys")
+fi
tmpdir=$(mktemp -d)
cleanup() {
diff --git a/terraform/install/variables.tf b/terraform/install/variables.tf
index 7caec0f8..284f2c13 100644
--- a/terraform/install/variables.tf
+++ b/terraform/install/variables.tf
@@ -121,3 +121,9 @@ variable "nixos_facter_path" {
description = "Path to which to write a `facter.json` generated by `nixos-facter`. This option cannot be set at the same time as `nixos_generate_config_path`."
default = ""
}
+
+variable "copy_host_keys" {
+ type = bool
+ description = "copy over existing /etc/ssh/ssh_host_* host keys to the installation"
+ default = false
+}