search

nix-community / nixos-anywhere

install nixos everywhere via ssh [maintainer=@numtide]
https://nix-community.github.io/nixos-anywhere/
MIT License
1.26k stars 90 forks source link

Unable to enable flakes on target easily #307

Open cowboyai opened 3 months ago

cowboyai commented 3 months ago

If there is a way to do this, it is not documented well. If it is documented, where is it? https://github.com/nix-community/nixos-anywhere/blob/main/docs/howtos/no-os.md

This talks about a bunch of manual steps... Can we make an installer ISO that just does this? Of course we can, but there is nothing in the docs to tell us how.

It tells us how do do this WITHOUT flakes, but the installed system defaults to no flakes, which is very frustrating to have to manually go install and is very counter-intuitive if you are installing FROM flakes and the target I want should have flakes enabled.

Currently I have to do weird things like force an addition of a flake.nix into /etc/nixos as well as change the /etc/nix/nix.conf to be sure flakes are enabled and it feels strange to do so.

Most people are already using flakes (or at least they are encourage to do so...) and this undocumented way to turn on flakes is defeating the whole purpose of nixos-anywhere when you want flakes enabled everywhere. Optimally, it should be a simple setting that is well documented. I am certainly willing to issue a pull request to do this, but my hacked technique is not optimal and if there is a better way I'd like to discuss it.

cowboyai commented 2 months ago

when deploying with nixos-anywhere... 

### Installing NixOS ###
Pseudo-terminal will not be allocated because stdin is not a terminal.
Warning: Permanently added '192.168.1.23' (ED25519) to the list of known hosts.
installing the boot loader...
setting up /etc...
Initializing machine ID from random generator.
Created "/boot/EFI".
Created "/boot/EFI/systemd".
Created "/boot/EFI/BOOT".
Created "/boot/loader".
Created "/boot/loader/entries".
Created "/boot/EFI/Linux".
Copied "/nix/store/y6mag03hj8b2hnlcj682xvp2aid7yg7y-systemd-255.4/lib/systemd/boot/efi/systemd-bootx64.efi" to "/boot/EFI/systemd/systemd-bootx64.efi".
Copied "/nix/store/y6mag03hj8b2hnlcj682xvp2aid7yg7y-systemd-255.4/lib/systemd/boot/efi/systemd-bootx64.efi" to "/boot/EFI/BOOT/BOOTX64.EFI".
! Mount point '/boot' which backs the random seed file is world accessible, which is a security hole! !
! Random seed file '/boot/loader/.#bootctlrandom-seedf977d9c7a4802c09' is world accessible, which is a security hole! !
Random seed file /boot/loader/random-seed successfully written (32 bytes).
Created EFI boot entry "Linux Boot Manager".
installation finished!
umount: /mnt/boot unmounted
umount: /mnt/data unmounted
umount: /mnt unmounted
Connection to 192.168.1.23 closed by remote host.
### Waiting for the machine to become reachable again ###
kex_exchange_identification: read: Connection reset by peer
Connection reset by 192.168.1.23 port 22
### Done! ###

no errors...

on reboot, I get this: image

cowboyai commented 2 months ago

RESOLVED... in my case it appears to have been a missing kernel module... I think "vmd" or "sr_mod"... with these two added, the boot sector is written correctly. That was the only change and the deploy worked.