Installing nixos with justdoit
.
@cleverca22 came up with all of this, wrote the justdoit.nix file, and showed me how to use it.
This repo is just a condensed version with some documentation showing others how to use it.
Users of this should know that it is extremely unsafe and it is possible to
brick the target system.
- Install NixOS with
justdoit
, a convenience script that takes care of a lot of nitty-gritty system setup for you, especially if you are using zfs.
- Define a NixOS configuration that can be built into a bootable NixOS ramdisk for any server with a linux kernel that has kexec enabled
- Define a NixOS configuration that gets placed onto the target host, which gets used by
nixos-install
(invoked byjustdoit
) - Deploy the NixOS ramdisk to the server
- Boot from that ramdisk
- Run
justdoit
- Profit
- A source machine running Linux/MacOS with Nix installed. You will need to enable flakes and nix-command.
- A target machine running the Linux kernel with kexec enabled.
Edit configuration.nix to your liking. Necessary things:
- Imports (netboot-minimal.nix, kexec.nix, justdoit.nix)
- Networking. You can use
wpa\_supplicant
or network manager. - authorized ssh keys for the root user. This is so you can ssh to the machine after booting the NixOS ramdisk.
- Configure
kexec.justdoit
. See justdoit.nix for available options. This will require knowing things about the target system, most of which you can find out viafdisk -l
. - importing
autoreboot.nix
is not necessary, HOWEVER, it is a useful safety net. If the network isn't working on kexec, it will be impossible to recover the machine. Autoreboot will reboot automatically at the end of each hour. It needs to be stopped immediately before executingjustdoit
. See the example provided configuration.nix for reference.
Edit target-config.nix to your liking. This will be the resulting configuration
on the new system after justdoit
has finished and NixOS has been forcibly
installed on the target. You will probably want networking and ssh keys on this,
but it's not necessary unless you don't have physical access to the machine.
You can use an existing NixOS configuration for this (e.g. your NixOS config).
Know that it should import ./hardware-configuration.nix
and ./generated.nix
,
but these are files that are generated by justdoit
, and not things you should
provide. See the example provided target-config.nix for reference.
$ nix build '.#nixosConfigurations.nike.config.system.build.kexec_tarball' -j4
[chessai@source-nixos:~/nike]$ nix build '.#nixosConfigurations.nike.config.system.build.kexec_tarball' -j4
[chessai@source-nixos:~/nike]$ export TARGET_IP=<some_ip>
[chessai@source-nixos:~/nike]$ scp result/tarball/nixos-system-x86_64-linux.tar.xz $TARGET_IP:.
[chessai@source-nixos:~/nike]$ ssh $TARGET_IP
[chessai@target-ubuntu:~]$ sudo -i
[sudo] password for chessai:
[root@target-ubuntu:~]# cd /
[root@target-ubuntu:/]# tar -xf /home/chessai/nixos-system-x86_64-linux.tar.xz
[root@target-ubuntu:/]# ./kexec_nixos
executing kernel, filesystems will be improperly unmounted
Connection to $TARGET_IP closed.
[chessai@source-nixos:~/nike]$ ping $TARGET_IP
PING $TARGET_IP ($TARGET_IP) 56(84) bytes of data.
64 bytes from $TARGET_IP: icmp_seq=1 ttl=64 time=0.197 ms
64 bytes from $TARGET_IP: icmp_seq=2 ttl=64 time=0.121 ms
64 bytes from $TARGET_IP: icmp_seq=3 ttl=64 time=0.181 ms
^C
[chessai@source-nixos:~/nike]$ ssh root@$TARGET_IP
The authenticity of host '$TARGET_IP ($TARGET_IP)' can't be established.
ED25519 key fingerprint is SHA256:o1Tl49CuK6Ipd5gT6GaNfotsgVMJcdxr2FZbGrmhqmE.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '$TARGET_IP' (ED25519) to the list of known hosts.
Last login: Fri Dec 9 05:47:11 2016
[root@kexec:~]# wpa_passphrase $SSID $PASSWORD >> /etc/wpa_supplicant.conf
[root@kexec:~]# systemctl restart wpa_supplicant.service
[root@kexec:~]# systemctl stop autoreboot.timer
[root@kexec:~]# justdoit
[root@kexec:~]# shutdown -r now