Merge #86

bors[bot] · Lassulus · web-flow · commit 28be7391b4bf · 2023-04-27T09:46:54.000Z
86: add --build-on-remote flag r=Mic92 a=Lassulus



Co-authored-by: lassulus &lt;git@lassul.us&gt;
diff --git a/src/nixos-anywhere.sh b/src/nixos-anywhere.sh
@@ -30,6 +30,8 @@ Options:
   nix option to pass to every nix related command
 * --from store-uri
   URL of the source Nix store to copy the nixos and disko closure from
+* --build-on-remote
+  build the closure on the remote machine instead of locally and copy-closuring it
 USAGE
 }
 
@@ -109,6 +111,9 @@ while [[ $# -gt 0 ]]; do
   --no-substitute-on-destination)
     substitute_on_destination=n
     ;;
+  --build-on-remote)
+    build_on_remote=y
+    ;;
 
   *)
     if [[ -z ${ssh_connection-} ]]; then
@@ -145,7 +150,7 @@ nix_copy() {
     "$@"
 }
 nix_build() {
-  nix build \
+  NIX_SSHOPTS="-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i $ssh_key_dir/nixos-anywhere" nix build \
     --print-out-paths \
     --no-link \
     "${nix_options[@]}" \
@@ -173,8 +178,10 @@ if [[ -n ${flake-} ]]; then
     echo 'For example, to use the output nixosConfigurations.foo from the flake.nix, append "#foo" to the flake-uri.' >&2
     exit 1
   fi
-  disko_script=$(nix_build "${flake}#nixosConfigurations.\"${flakeAttr}\".config.system.build.disko")
-  nixos_system=$(nix_build "${flake}#nixosConfigurations.\"${flakeAttr}\".config.system.build.toplevel")
+  if [[ ${build_on_remote-n} == "n" ]]; then
+    disko_script=$(nix_build "${flake}#nixosConfigurations.\"${flakeAttr}\".config.system.build.disko")
+    nixos_system=$(nix_build "${flake}#nixosConfigurations.\"${flakeAttr}\".config.system.build.toplevel")
+  fi
 elif [[ -n ${disko_script-} ]] && [[ -n ${nixos_system-} ]]; then
   if [[ ! -e ${disko_script} ]] || [[ ! -e ${nixos_system} ]]; then
     abort "${disko_script} and ${nixos_system} must be existing store-paths"
@@ -293,6 +300,14 @@ for path in "${!disk_encryption_keys[@]}"; do
   ssh_ "umask 077; cat > $path" <"${disk_encryption_keys[$path]}"
 done
 
+pubkey=$(ssh-keyscan -t ed25519 "${ssh_connection//*@/}" 2>/dev/null | sed -e 's/^[^ ]* //' | base64 -w0)
+
+if [[ -n ${disko_script-} ]] && [[ ${build_on_remote-n} == "y" ]]; then
+  disko_script=$(
+    nix_build "${flake}#nixosConfigurations.\"${flakeAttr}\".config.system.build.disko" \
+      --builders "ssh://$ssh_connection?base64-ssh-public-host-key=$pubkey&ssh-key=$ssh_key_dir/nixos-anywhere $is_arch-linux"
+  )
+fi
 nix_copy --to "ssh://$ssh_connection" "$disko_script"
 ssh_ "$disko_script"
 
@@ -303,7 +318,14 @@ if [[ ${stop_after_disko-n} == "y" ]]; then
   exit 0
 fi
 
+if [[ -n ${nixos_system-} ]] && [[ ${build_on_remote-n} == "y" ]]; then
+  nixos_system=$(
+    nix_build "${flake}#nixosConfigurations.\"${flakeAttr}\".config.system.build.toplevel" \
+      --builders "ssh://$ssh_connection?remote-store=local?root=/mnt&base64-ssh-public-host-key=$pubkey&ssh-key=$ssh_key_dir/nixos-anywhere $is_arch-linux"
+  )
+fi
 nix_copy --to "ssh://$ssh_connection?remote-store=local?root=/mnt" "$nixos_system"
+
 if [[ -n ${extra_files-} ]]; then
   if [[ -d $extra_files ]]; then
     extra_files="$extra_files/"
