pkgs/clerie-system-remote-install: Install NixOS system remotely without evaluating anything on remote

2025-02-21 20:33:01 +01:00 · 2025-02-21 20:33:01 +01:00 · 99c82a2898
commit 99c82a2898
parent 427820aa37
4 changed files with 39 additions and 0 deletions
--- a/flake.nix
+++ b/flake.nix
@ -135,6 +135,7 @@
      inherit (pkgs)
        clerie-backup
        clerie-keys
+        clerie-system-remote-install
        clerie-system-upgrade
        clerie-merge-nixfiles-update
        clerie-update-nixfiles
--- a/pkgs/clerie-system-remote-install/clerie-system-remote-install.sh
+++ b/pkgs/clerie-system-remote-install/clerie-system-remote-install.sh
@ -0,0 +1,31 @@
+#!/usr/bin/env bash
+
+set -xeuo pipefail
+
+SYSTEM="$1"
+REMOTE_HOST="$2"
+REMOTE_ROOT="$3"
+
+nix copy "${SYSTEM}" --to "ssh://${REMOTE_HOST}?remote-store=${REMOTE_ROOT}"
+
+ssh "${REMOTE_HOST}" -- nix-env --store "${REMOTE_ROOT}" -p "${REMOTE_ROOT}/nix/var/nix/profiles/system" --set "${SYSTEM}"
+
+ssh "${REMOTE_HOST}" -- mkdir -p "${REMOTE_ROOT}/tmp"
+TMPSH="$(ssh "${REMOTE_HOST}" -- mktemp -p "${REMOTE_ROOT}/tmp")"
+
+# shellcheck disable=SC2087
+ssh "${REMOTE_HOST}" -- tee "${TMPSH}" <<EOF
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+nix-env --store "${REMOTE_ROOT}" -p "${REMOTE_ROOT}/nix/var/nix/profiles/system" --set "${SYSTEM}"
+mkdir -m 0775 -p "${REMOTE_ROOT}/etc"
+touch "${REMOTE_ROOT}/etc/NIXOS"
+
+ln -sfn /proc/mounts "${REMOTE_ROOT}/etc/mtab"
+
+NIXOS_INSTALL_BOOTLOADER=1 nixos-enter --root "${REMOTE_ROOT}" -c "/run/current-system/bin/switch-to-configuration boot"
+EOF
+
+ssh "${REMOTE_HOST}" -- bash "${TMPSH}"
--- a/pkgs/clerie-system-remote-install/default.nix
+++ b/pkgs/clerie-system-remote-install/default.nix
@ -0,0 +1,6 @@
+{ pkgs, ... }:
+
+pkgs.writeShellApplication {
+  name = "clerie-system-remote-install";
+  text = builtins.readFile ./clerie-system-remote-install.sh;
+}
--- a/pkgs/overlay.nix
+++ b/pkgs/overlay.nix
@ -1,6 +1,7 @@
 final: prev: {
  clerie-backup = final.callPackage ./clerie-backup {};
  clerie-keys = final.callPackage ./clerie-keys {};
+  clerie-system-remote-install = final.callPackage ./clerie-system-remote-install {};
  clerie-system-upgrade = final.callPackage ./clerie-system-upgrade/clerie-system-upgrade.nix {};
  clerie-merge-nixfiles-update = final.callPackage ./clerie-update-nixfiles/clerie-merge-nixfiles-update.nix {};
  clerie-sops = final.callPackage ./clerie-sops/clerie-sops.nix {};