From 6712970770434ac8d799f6086dbf0117cfb6300e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20Kr=C3=BCger?= Date: Mon, 11 Mar 2024 16:30:14 +0100 Subject: [PATCH 01/11] Add provider autodetection for hetzner (#174) --- nixos-infect | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/nixos-infect b/nixos-infect index ce97278..79a85cc 100644 --- a/nixos-infect +++ b/nixos-infect @@ -4,6 +4,12 @@ set -e -o pipefail +autodetectProvider() { + if [ -e /etc/hetzner-build ]; then + PROVIDER="hetznercloud" + fi +} + makeConf() { # Skip everything if main config already present [[ -e /etc/nixos/configuration.nix ]] && return 0 @@ -375,6 +381,10 @@ infect() { /nix/var/nix/profiles/system/bin/switch-to-configuration boot } +if [ ! -v PROVIDER ]; then + autodetectProvider +fi + [ "$PROVIDER" = "digitalocean" ] && doNetConf=y # digitalocean requires detailed network config to be generated [ "$PROVIDER" = "lightsail" ] && newrootfslabel="nixos" if [[ "$PROVIDER" = "digitalocean" ]] || [[ "$PROVIDER" = "servarica" ]] || [[ "$PROVIDER" = "hetznercloud" ]]; then From 2ef79962d8830020ecc1f09d4fb0b04574a69ac3 Mon Sep 17 00:00:00 2001 From: Star <31732456+harodggg@users.noreply.github.com> Date: Mon, 11 Mar 2024 23:30:52 +0800 Subject: [PATCH 02/11] Update README (#176) * Update README.md Add successful cases running on Google Cloud Debian11 * Update README.md --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 5fcd782..650055c 100644 --- a/README.md +++ b/README.md @@ -106,6 +106,7 @@ runcmd: |CoreOS |2430.0.0 (alpha) | _unable_ |2020-03-30| |Debian |10.3 x64 |**success**|2020-03-30| |Debian |9.12 x64 |**success**|2020-03-30| +|Debian |11 x64 |**success**|2023-11-12| |Fedora |30 x64 |**success**|2020-03-30| |Fedora |31 x64 |**success**|2020-03-30| |FreeBSD |11.3 x64 ufs | _failure_ |2020-03-30| @@ -257,7 +258,7 @@ Requred some Xen modules to work out, after that NixOS erected itself without a |Distribution. | Name | Status | test date| |-------------------------------------|-----------------|-----------|----------| | Ubuntu on Ampere Altra (Arm64) | 20.04 |**success**|2022-09-07| - +| Debian (Amd64) | 11 |**success**|2023-11-12| ### Contabo Tested on Cloud VPS. Contabo sets the hostname to something like `vmi######.contaboserver.net`, Nixos only allows RFC 1035 compliant hostnames ([see here](https://search.nixos.org/options?show=networking.hostName&query=hostname)). Run `hostname something_without_dots` before running the script. If you run the script before changing the hostname - remove the `/etc/nixos/configuration.nix` so it's regenerated with the new hostname. From f6d3db8432ff1002efd943004f60b32edbd072e7 Mon Sep 17 00:00:00 2001 From: Donovan Glover Date: Mon, 11 Mar 2024 15:31:38 +0000 Subject: [PATCH 03/11] chore(docs): Update channel version to 23.05 (#178) --- README.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 650055c..84eefb5 100644 --- a/README.md +++ b/README.md @@ -55,7 +55,7 @@ and most importantly, simply didn't work for me! 4) run the script with: ``` - curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | NIX_CHANNEL=nixos-22.11 bash -x + curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | NIX_CHANNEL=nixos-23.05 bash -x ``` *NB*: This script wipes out the targeted host's root filesystem when it runs to completion. @@ -72,7 +72,7 @@ and supply to it the following example yaml stanzas: #cloud-config runcmd: - - curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | PROVIDER=digitalocean NIX_CHANNEL=nixos-22.11 bash 2>&1 | tee /tmp/infect.log + - curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | PROVIDER=digitalocean NIX_CHANNEL=nixos-23.05 bash 2>&1 | tee /tmp/infect.log ``` #### Potential tweaks: @@ -90,7 +90,7 @@ write_files: environment.systemPackages = with pkgs; [ vim ]; } runcmd: - - curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | PROVIDER=digitalocean NIXOS_IMPORT=./host.nix NIX_CHANNEL=nixos-22.11 bash 2>&1 | tee /tmp/infect.log + - curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | PROVIDER=digitalocean NIXOS_IMPORT=./host.nix NIX_CHANNEL=nixos-23.05 bash 2>&1 | tee /tmp/infect.log ``` @@ -128,7 +128,7 @@ To set up a NixOS Vultr server, instantiate an Ubuntu box with the following "Cl ```bash #!/bin/sh -curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | NIX_CHANNEL=nixos-22.11 bash +curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | NIX_CHANNEL=nixos-23.05 bash ``` Allow for a few minutes over the usual Ubuntu deployment time for NixOS to download & install itself. @@ -148,7 +148,7 @@ When creating a server provide the following yaml as "Cloud config": #cloud-config runcmd: - - curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | PROVIDER=hetznercloud NIX_CHANNEL=nixos-22.11 bash 2>&1 | tee /tmp/infect.log + - curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | PROVIDER=hetznercloud NIX_CHANNEL=nixos-23.05 bash 2>&1 | tee /tmp/infect.log ``` #### Tested on @@ -275,7 +275,7 @@ build time or using `ssh-copy-id` before running nixos-infect ``` #!/bin/sh -curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | NIX_CHANNEL=nixos-22.11 bash 2>&1 | tee /tmp/infect.log +curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | NIX_CHANNEL=nixos-23.05 bash 2>&1 | tee /tmp/infect.log ``` #### Tested on @@ -303,7 +303,7 @@ Tested on vServer. The network configuration seems to be important so the same t ### ServArica Requires the same static network settings that Digital Ocean does. - curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | PROVIDER=servarica NIX_CHANNEL=nixos-22.11 bash + curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | PROVIDER=servarica NIX_CHANNEL=nixos-23.05 bash #### Tested on |Distribution| Name | Status | test date| @@ -334,7 +334,7 @@ write_files: environment.systemPackages = with pkgs; [ tmux ]; } runcmd: - - curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | NIXOS_IMPORT=./host.nix NIX_CHANNEL=nixos-22.10 bash 2>&1 | tee /tmp/infect.log + - curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | NIXOS_IMPORT=./host.nix NIX_CHANNEL=nixos-23.05 bash 2>&1 | tee /tmp/infect.log ``` #### Tested on @@ -350,7 +350,7 @@ and have a copy of the private key on your local box. On RackNerd's Ubuntu 20.04, there's no `curl` by default, so `wget -O-` needs to be used instead: ```command -# wget -O- https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | NIX_CHANNEL=nixos-22.11 bash -x +# wget -O- https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | NIX_CHANNEL=nixos-23.05 bash -x ``` #### Tested on From de39be8be746bf62ceca023ec7b8df2aea82a8a5 Mon Sep 17 00:00:00 2001 From: Sridhar Ratnakumar <3998+srid@users.noreply.github.com> Date: Mon, 11 Mar 2024 11:32:00 -0400 Subject: [PATCH 04/11] readme/DO: Mark ubuntu 23.10 as failure (#180) --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 84eefb5..4b32ec9 100644 --- a/README.md +++ b/README.md @@ -121,6 +121,7 @@ runcmd: |Ubuntu |20.04 x64 |**success**|2022-03-23| |Ubuntu |22.04 x64 |**success**|2023-06-05| |Ubuntu |22.10 x64 | _failure_ |2023-06-05| +|Ubuntu |23.10 x64 | _failure_ |2023-11-16| ### Vultr To set up a NixOS Vultr server, instantiate an Ubuntu box with the following "Cloud-Init User-Data": From 20b43baa2ad09a61efb4d0696eeccd47c1b59b00 Mon Sep 17 00:00:00 2001 From: Donovan Glover Date: Mon, 11 Mar 2024 15:32:24 +0000 Subject: [PATCH 05/11] chore: Rename boot.cleanTmpDir to boot.tmp.cleanOnBoot (#181) --- nixos-infect | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos-infect b/nixos-infect index 79a85cc..1b614bf 100644 --- a/nixos-infect +++ b/nixos-infect @@ -41,7 +41,7 @@ makeConf() { $NIXOS_IMPORT ]; - boot.cleanTmpDir = true; + boot.tmp.cleanOnBoot = true; zramSwap.enable = ${zramswap}; networking.hostName = "$(hostname -s)"; networking.domain = "$(hostname -d)"; From 095fcbc28d3dd6edf80d567f781f423b4f913436 Mon Sep 17 00:00:00 2001 From: iosmanthus Date: Mon, 11 Mar 2024 23:33:32 +0800 Subject: [PATCH 06/11] change lightsail boot device to /dev/nvme0n1 (#186) * change lightsail boot device to /dev/nvme0n1 Signed-off-by: iosmanthus * fix missing import Signed-off-by: iosmanthus --------- Signed-off-by: iosmanthus --- nixos-infect | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/nixos-infect b/nixos-infect index 1b614bf..a190d7f 100644 --- a/nixos-infect +++ b/nixos-infect @@ -96,9 +96,10 @@ EOF makeLightsailConf() { mkdir -p /etc/nixos cat > /etc/nixos/configuration.nix << EOF -{ config, pkgs, modulesPath, ... }: +{ config, pkgs, modulesPath, lib, ... }: { imports = [ "\${modulesPath}/virtualisation/amazon-image.nix" ]; + boot.loader.grub.device = lib.mkForce "/dev/nvme0n1"; } EOF } From bbe94a11758e4a0ab1ff9f5a1f512dc0b4ae9fd6 Mon Sep 17 00:00:00 2001 From: Dominik Gleich Date: Mon, 11 Mar 2024 16:34:16 +0100 Subject: [PATCH 07/11] fix: Authorized keys parsing and extraction (#187) * add support for SK authorized keys nixos-infect incorrectly handles * Update nixos-infect * Replace space with [[:space:]] * Fix possible security issue --- nixos-infect | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos-infect b/nixos-infect index a190d7f..77a3769 100644 --- a/nixos-infect +++ b/nixos-infect @@ -26,7 +26,7 @@ makeConf() { local IFS=$'\n' for trypath in /root/.ssh/authorized_keys /home/$SUDO_USER/.ssh/authorized_keys $HOME/.ssh/authorized_keys; do [[ -r "$trypath" ]] \ - && keys=$(sed -E 's/^.*((ssh|ecdsa)-[^[:space:]]+)[[:space:]]+([^[:space:]]+)([[:space:]]*.*)$/\1 \3\4/' "$trypath") \ + && keys=$(sed -E 's/^[^#].*[[:space:]]((sk-ssh|sk-ecdsa|ssh|ecdsa)-[^[:space:]]+)[[:space:]]+([^[:space:]]+)([[:space:]]*.*)$/\1 \3\4/' "$trypath") \ && [[ ! -z "$keys" ]] \ && break done From 45e2361a9e58a126153afea8ef36e96878b3cdc7 Mon Sep 17 00:00:00 2001 From: Jonah Dahlquist Date: Mon, 11 Mar 2024 08:34:49 -0700 Subject: [PATCH 08/11] Resolved symlink to nixpkgs channel before passing to nix-env command (#191) Co-authored-by: Jonah Bron --- nixos-infect | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos-infect b/nixos-infect index 77a3769..8b4f33b 100644 --- a/nixos-infect +++ b/nixos-infect @@ -345,7 +345,7 @@ infect() { export NIXOS_CONFIG="${NIXOS_CONFIG:-/etc/nixos/configuration.nix}" nix-env --set \ - -I nixpkgs=$HOME/.nix-defexpr/channels/nixos \ + -I nixpkgs=$(realpath $HOME/.nix-defexpr/channels/nixos) \ -f '' \ -p /nix/var/nix/profiles/system \ -A system From 69819871dcced600959ab1c875702acbe6dccc29 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jean-Fran=C3=A7ois=20Roche?= Date: Mon, 11 Mar 2024 16:40:15 +0100 Subject: [PATCH 09/11] Add option to use a custom nix install URL (#195) This change allow users to specify a custom nix install URL to use another nix version than the latest stable or to use another installer script. --- nixos-infect | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nixos-infect b/nixos-infect index 8b4f33b..06f0171 100644 --- a/nixos-infect +++ b/nixos-infect @@ -325,8 +325,8 @@ infect() { # TODO use addgroup and adduser as fallbacks #addgroup nixbld -g 30000 || true #for i in {1..10}; do adduser -DH -G nixbld nixbld$i || true; done - - curl -L https://nixos.org/nix/install | sh -s -- --no-channel-add + NIX_INSTALL_URL="${NIX_INSTALL_URL:-https://nixos.org/nix/install}" + curl -L "${NIX_INSTALL_URL}" | sh -s -- --no-channel-add # shellcheck disable=SC1090 source ~/.nix-profile/etc/profile.d/nix.sh From db45635db2aac13fa4c4d2f6d7426c5a542c8d95 Mon Sep 17 00:00:00 2001 From: "Anthony M. Cook" Date: Mon, 11 Mar 2024 10:41:39 -0500 Subject: [PATCH 10/11] Remove redundant DO check (#198) Removed line performs the same check and the same action as the block a couple lines below Co-authored-by: Eric Litak From 5ef3f953d32ab92405b280615718e0b80da2ebe6 Mon Sep 17 00:00:00 2001 From: Jonah Dahlquist Date: Mon, 11 Mar 2024 08:41:57 -0700 Subject: [PATCH 11/11] Logged my experince using on GCP with an e2-micro (#193) * Added log of success/failure on GCP * Reformatted GCP table --------- Co-authored-by: Eric Litak --- README.md | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 4b32ec9..1cc44be 100644 --- a/README.md +++ b/README.md @@ -256,10 +256,14 @@ Requred some Xen modules to work out, after that NixOS erected itself without a ### Google Cloud Platform #### Tested on -|Distribution. | Name | Status | test date| -|-------------------------------------|-----------------|-----------|----------| -| Ubuntu on Ampere Altra (Arm64) | 20.04 |**success**|2022-09-07| -| Debian (Amd64) | 11 |**success**|2023-11-12| +|Distribution | Name | Status | test date| Machine type | +|-------------------------------------|-----------------|-----------|----------|--------------| +| Debian | 11 |**success**|2023-11-12|ec2-micro | +| Debian (Amd64) | 11 |**success**|2023-11-12| | +| Ubuntu on Ampere Altra (Arm64) | 20.04 |**success**|2022-09-07| | +| Ubuntu | 20.04 |**success**|2022-09-07|Ampere Ultra | +| Ubuntu | 20.04 |-failure- |2023-11-12|ec2-micro | + ### Contabo Tested on Cloud VPS. Contabo sets the hostname to something like `vmi######.contaboserver.net`, Nixos only allows RFC 1035 compliant hostnames ([see here](https://search.nixos.org/options?show=networking.hostName&query=hostname)). Run `hostname something_without_dots` before running the script. If you run the script before changing the hostname - remove the `/etc/nixos/configuration.nix` so it's regenerated with the new hostname.