From f872740e6d89f239800dc7b6074319c8d93ca453 Mon Sep 17 00:00:00 2001 From: aabccd021 Date: Sat, 19 Oct 2024 20:43:01 +0700 Subject: [PATCH 1/2] refactor: encode ssh store URL --- src/nixos-anywhere.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/nixos-anywhere.sh b/src/nixos-anywhere.sh index 53def26a..61462963 100755 --- a/src/nixos-anywhere.sh +++ b/src/nixos-anywhere.sh @@ -638,7 +638,7 @@ runDisko() { # If we don't use ssh-ng here, we get `error: operation 'getFSAccessor' is not supported by store` diskoScript=$( nixBuild "${flake}#${flakeAttr}.system.build.${diskoMode}Script" \ - --eval-store auto --store "ssh-ng://$sshConnection?ssh-key=$sshKeyDir/nixos-anywhere" + --eval-store auto --store "ssh-ng://$sshConnection?ssh-key=$sshKeyDir%2Fnixos-anywhere" ) fi @@ -650,17 +650,17 @@ nixosInstall() { local nixosSystem=$1 if [[ -n ${nixosSystem} ]]; then step Uploading the system closure - nixCopy --to "ssh://$sshConnection?remote-store=local?root=/mnt" "$nixosSystem" + nixCopy --to "ssh://$sshConnection?remote-store=local%3Froot=%2Fmnt" "$nixosSystem" elif [[ ${buildOn} == "remote" ]]; then step Building the system closure # We need to do a nix copy first because nix build doesn't have --no-check-sigs # Use ssh:// here to avoid https://github.com/NixOS/nix/issues/7359 - nixCopy --to "ssh://$sshConnection?remote-store=local?root=/mnt" "${flake}#${flakeAttr}.system.build.toplevel" \ + nixCopy --to "ssh://$sshConnection?remote-store=local%3Froot=%2Fmnt" "${flake}#${flakeAttr}.system.build.toplevel" \ --derivation --no-check-sigs # If we don't use ssh-ng here, we get `error: operation 'getFSAccessor' is not supported by store` nixosSystem=$( nixBuild "${flake}#${flakeAttr}.system.build.toplevel" \ - --eval-store auto --store "ssh-ng://$sshConnection?ssh-key=$sshKeyDir/nixos-anywhere&remote-store=local?root=/mnt" + --eval-store auto --store "ssh-ng://$sshConnection?ssh-key=$sshKeyDir%2Fnixos-anywhere&remote-store=local%3Froot=%2Fmnt" ) fi From 6cd5f738a5e95b245369de9f105bdde1b1de4ef1 Mon Sep 17 00:00:00 2001 From: aabccd021 Date: Sat, 19 Oct 2024 20:48:08 +0700 Subject: [PATCH 2/2] feat: add option --ssh-store-settings --- docs/cli.md | 2 ++ src/nixos-anywhere.sh | 23 +++++++++++++++++------ 2 files changed, 19 insertions(+), 6 deletions(-) diff --git a/docs/cli.md b/docs/cli.md index 6cde612e..d2577552 100644 --- a/docs/cli.md +++ b/docs/cli.md @@ -29,6 +29,8 @@ Options: use another kexec tarball to bootstrap NixOS * --kexec-extra-flags extra flags to add into the call to kexec, e.g. "--no-sync" +* --ssh-store-setting + ssh store settings appended to the store URI, e.g. "compress true". needs to be URI encoded. * --post-kexec-ssh-port after kexec is executed, use a custom ssh port to connect. Defaults to 22 * --copy-host-keys diff --git a/src/nixos-anywhere.sh b/src/nixos-anywhere.sh index 61462963..f9893a3c 100755 --- a/src/nixos-anywhere.sh +++ b/src/nixos-anywhere.sh @@ -6,6 +6,7 @@ flake="" flakeAttr="" kexecUrl="" kexecExtraFlags="" +sshStoreSettings="" enableDebug="" nixBuildFlags=() diskoScript="" @@ -94,6 +95,8 @@ Options: use another kexec tarball to bootstrap NixOS * --kexec-extra-flags extra flags to add into the call to kexec, e.g. "--no-sync" +* --ssh-store-setting + ssh store settings appended to the store URI, e.g. "compress true". needs to be URI encoded. * --post-kexec-ssh-port after kexec is executed, use a custom ssh port to connect. Defaults to 22 * --copy-host-keys @@ -213,6 +216,14 @@ parseArgs() { kexecExtraFlags=$2 shift ;; + --ssh-store-setting) + key=$2 + shift + value=$2 + shift + sshStoreSettings+="$sshStoreSettings$key=$value&" + shift + ;; --post-kexec-ssh-port) postKexecSshPort=$2 shift @@ -628,17 +639,17 @@ runDisko() { runSsh "umask 077; mkdir -p \"$(dirname "$path")\"; cat > $path" <"${diskEncryptionKeys[$path]}" done if [[ -n ${diskoScript} ]]; then - nixCopy --to "ssh://$sshConnection" "$diskoScript" + nixCopy --to "ssh://$sshConnection?$sshStoreSettings" "$diskoScript" elif [[ ${buildOn} == "remote" ]]; then step Building disko script # We need to do a nix copy first because nix build doesn't have --no-check-sigs # Use ssh:// here to avoid https://github.com/NixOS/nix/issues/7359 - nixCopy --to "ssh://$sshConnection" "${flake}#${flakeAttr}.system.build.${diskoMode}Script" \ + nixCopy --to "ssh://$sshConnection?$sshStoreSettings" "${flake}#${flakeAttr}.system.build.${diskoMode}Script" \ --derivation --no-check-sigs # If we don't use ssh-ng here, we get `error: operation 'getFSAccessor' is not supported by store` diskoScript=$( nixBuild "${flake}#${flakeAttr}.system.build.${diskoMode}Script" \ - --eval-store auto --store "ssh-ng://$sshConnection?ssh-key=$sshKeyDir%2Fnixos-anywhere" + --eval-store auto --store "ssh-ng://$sshConnection?ssh-key=$sshKeyDir%2Fnixos-anywhere&$sshStoreSettings" ) fi @@ -650,17 +661,17 @@ nixosInstall() { local nixosSystem=$1 if [[ -n ${nixosSystem} ]]; then step Uploading the system closure - nixCopy --to "ssh://$sshConnection?remote-store=local%3Froot=%2Fmnt" "$nixosSystem" + nixCopy --to "ssh://$sshConnection?remote-store=local%3Froot=%2Fmnt&$sshStoreSettings" "$nixosSystem" elif [[ ${buildOn} == "remote" ]]; then step Building the system closure # We need to do a nix copy first because nix build doesn't have --no-check-sigs # Use ssh:// here to avoid https://github.com/NixOS/nix/issues/7359 - nixCopy --to "ssh://$sshConnection?remote-store=local%3Froot=%2Fmnt" "${flake}#${flakeAttr}.system.build.toplevel" \ + nixCopy --to "ssh://$sshConnection?remote-store=local%3Froot=%2Fmnt&$sshStoreSettings" "${flake}#${flakeAttr}.system.build.toplevel" \ --derivation --no-check-sigs # If we don't use ssh-ng here, we get `error: operation 'getFSAccessor' is not supported by store` nixosSystem=$( nixBuild "${flake}#${flakeAttr}.system.build.toplevel" \ - --eval-store auto --store "ssh-ng://$sshConnection?ssh-key=$sshKeyDir%2Fnixos-anywhere&remote-store=local%3Froot=%2Fmnt" + --eval-store auto --store "ssh-ng://$sshConnection?ssh-key=$sshKeyDir%2Fnixos-anywhere&remote-store=local%3Froot=%2Fmnt&$sshStoreSettings" ) fi