diff --git a/docs/quickstart.md b/docs/quickstart.md index 5f24ca99..7ae463bd 100644 --- a/docs/quickstart.md +++ b/docs/quickstart.md @@ -106,6 +106,12 @@ below. 6. On the target machine, make sure you have access as root via ssh by adding your SSH key to the file `authorized_keys` in the directory `/root/.ssh` + Optionally, bootstrapping can also be performed through password login. For + example through the `image-installer-*` provided by + `nix-community/nixos-images`. Assign your password to the `SSH_PASS` + environment variable and specify `--env-password` as an additional command + line option. This will provide `ssh-copy-id` with the required password. + 7. (Optional) Test your nixos and disko configuration: The following command will automatically test your nixos configuration and diff --git a/src/default.nix b/src/default.nix index e70bcb35..e4656699 100644 --- a/src/default.nix +++ b/src/default.nix @@ -10,6 +10,7 @@ , gawk , findutils , gnused +, sshpass , terraform-docs , lib , makeWrapper @@ -26,6 +27,7 @@ let gawk findutils gnused # needed by ssh-copy-id + sshpass # used to provide password for ssh-copy-id rsync # used to upload extra-files ]; in diff --git a/src/nixos-anywhere.sh b/src/nixos-anywhere.sh index 95801586..7e8dfce0 100755 --- a/src/nixos-anywhere.sh +++ b/src/nixos-anywhere.sh @@ -17,6 +17,9 @@ Options: set an ssh option * -L, --print-build-logs print full build logs +* --env-password + set a password used by ssh-copy-id, the password should be set by + the environment variable SSH_PASS * -s, --store-paths set the store paths to the disko-script and nixos-system directly if this is given, flake is not needed @@ -162,6 +165,9 @@ while [[ $# -gt 0 ]]; do --build-on-remote) build_on_remote=y ;; + --env-password) + env_password=y + ;; --vm-test) vm_test=y ;; @@ -288,14 +294,27 @@ ssh_port=$(echo "$ssh_settings" | awk '/^port / { print $2 }') step Uploading install SSH keys until - ssh-copy-id \ - -i "$ssh_key_dir"/nixos-anywhere.pub \ - -o ConnectTimeout=10 \ - -o UserKnownHostsFile=/dev/null \ - -o StrictHostKeyChecking=no \ - "${ssh_copy_id_args[@]}" \ - "${ssh_args[@]}" \ - "$ssh_connection" + if [[ -n ${env_password-} ]]; then + sshpass -e \ + ssh-copy-id \ + -i "$ssh_key_dir"/nixos-anywhere.pub \ + -o ConnectTimeout=10 \ + -o UserKnownHostsFile=/dev/null \ + -o IdentitiesOnly=yes \ + -o StrictHostKeyChecking=no \ + "${ssh_copy_id_args[@]}" \ + "${ssh_args[@]}" \ + "$ssh_connection" + else + ssh-copy-id \ + -i "$ssh_key_dir"/nixos-anywhere.pub \ + -o ConnectTimeout=10 \ + -o UserKnownHostsFile=/dev/null \ + -o StrictHostKeyChecking=no \ + "${ssh_copy_id_args[@]}" \ + "${ssh_args[@]}" \ + "$ssh_connection" + fi do sleep 3 done