Infect with a prebuilt flake?

[yajo]

I'm using flakes to configure my NixOS machines. More or less as explained here.

The point is that, if I add the flake configuration before infection, and then infect it, the new system will be configured using the /etc/nixo/configuration.nix file generated in the infection script, instead of using the /etc/nixos/flake.nix that I already put there before.

Is there a way to preconfigure the system before infection so that, after infected, it's directly booted to the system flake?

[ykis-0-0]

I've tried modified this script and successfully got it working for my flake. Here's how:

Prerequisites

Seems you'll need to have the flake well-defined, or else the box will get stuck somewhere right after it reboots

The big thing

We'll need to look here:

nixos-infect/nixos-infect

Lines 286 to 299 in 318fc51

	[[ -z "$NIX_CHANNEL" ]] && NIX_CHANNEL="nixos-22.05"
	nix-channel --remove nixpkgs
	nix-channel --add "https://nixos.org/channels/$NIX_CHANNEL" nixos
	nix-channel --update
	export NIXOS_CONFIG="${NIXOS_CONFIG:-/etc/nixos/configuration.nix}"
	nix-env --set \
	-I nixpkgs=$HOME/.nix-defexpr/channels/nixos \
	-f '<nixpkgs/nixos>' \
	-p /nix/var/nix/profiles/system \
	-A system

That's where the /etc/nixos/configuration.nix got built. We'll need to get around that and replace with some nix build thingy, which should be something like this:

# Flake adaptations
nix \
  --extra-experimental-features "nix-command flakes" \
build \
  --profile /nix/var/nix/profiles/system \
  "${FLAKE_URL}#nixosConfigurations.${NIXOS_CONFIG_NAME}.config.system.build.toplevel"

[aabccd021]

Following script works for me (tested on contabo).
Should we add flake support to nixos-infect?

curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect \
  | NIX_CHANNEL=nixos-23.05 NO_REBOOT=true bash -x \
&& { cat > /etc/nixos/flake.nix << 'EOF'
{
  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05";
  };

  outputs = inputs:
    {
      nixosConfigurations.contabo-nixos = inputs.nixpkgs.lib.nixosSystem {
        system = "x86_64-linux";
        modules = [
          ./configuration.nix
          ({ pkgs, ... }: {
            nix = {
              registry.nixpkgs.flake = inputs.nixpkgs;
              settings.experimental-features = [ "nix-command" "flakes" ];
              package = pkgs.nixFlakes;
            };
            system.stateVersion = "23.05";
          })
        ];
      };
    };
}
EOF
} \
&& /root/.nix-profile/bin/nix build \
  --extra-experimental-features "nix-command flakes" \
  /etc/nixos/#nixosConfigurations.contabo-nixos.config.system.build.toplevel
result/activate
result/bin/switch-to-configuration switch
reboot

[tcurdt]

Turning this into something like this would be fantastic:

curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | NIX_FLAKE=git+ssh://git@github.com/tcurdt/nixcfg.git#utm bash -x

Even better if would also allow for passing a key for decrypting credentials

curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | NIX_SECRETS_KEY="SOMEKEY" NIX_FLAKE=git+ssh://git@github.com/tcurdt/nixcfg.git#utm bash -x