From 483c55c0aba7d13744388341c3aba9ca7f414cc6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Fri, 25 Nov 2022 10:13:32 +0100 Subject: [PATCH 1/2] kexec-installer: also support authorized_keys2 --- nix/kexec-installer.nix | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/nix/kexec-installer.nix b/nix/kexec-installer.nix index 698f850..1a9151b 100644 --- a/nix/kexec-installer.nix +++ b/nix/kexec-installer.nix @@ -19,10 +19,13 @@ pwd mkdir -p initrd/ssh pushd initrd - if [ -e /root/.ssh/authorized_keys ]; then - # workaround for debian shenanigans - grep -o '\(ssh-[^ ]* .*\)' /root/.ssh/authorized_keys >> ssh/authorized_keys - fi + for key in /root/.ssh/authorized_keys /root/.ssh/authorized_keys2; do + if [ -e "$key" ]; then + # workaround for debian shenanigans + grep -o '\(ssh-[^ ]* .*\)' "$key" >> ssh/authorized_keys + fi + done + # Typically for NixOS if [ -e /etc/ssh/authorized_keys.d/root ]; then cat /etc/ssh/authorized_keys.d/root >> ssh/authorized_keys fi From f545a4b82efa2be9daba09b45aa789c2fc4aeace Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Fri, 25 Nov 2022 10:43:14 +0100 Subject: [PATCH 2/2] README: mention authorized_keys2 --- README.md | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 39c9ea0..58afc60 100644 --- a/README.md +++ b/README.md @@ -32,9 +32,13 @@ curl -L https://github.com/nix-community/nixos-images/releases/download/nixos-un ``` The script copies existing sshd host keys and ssh keys from -`/root/.ssh/authorized_keys` and `/etc/ssh/authorized_keys.d/root` to the booted nixos machine. The actual kexec happens with a slight delay (6s). -This allows for easier integration into automated nixos installation scripts, since you can cleanly disconnect from the running machine before the kexec takes place. -The tarball is also designed to be run from NixOS, which can be useful for new installations +`/root/.ssh/authorized_keys`, `/root/.ssh/authorized_keys2` and +`/etc/ssh/authorized_keys.d/root` to the booted nixos machine. + +The actual kexec happens with a slight delay (6s). This allows for easier +integration into automated nixos installation scripts, since you can cleanly +disconnect from the running machine before the kexec takes place. The tarball +is also designed to be run from NixOS, which can be useful for new installations We also have [kexec-bundle](https://github.com/nix-community/nixos-images/releases/download/nixos-unstable/kexec-bundle-x86_64-linux), which is a self-extracting archive from [nixos-generators](https://github.com/nix-community/nixos-generators). This version unpacks itself to `/` and possibly overlays the existing `/nix/store` with its own files.