Merge branch 'main' into patch-1

Author: axelsimon

.github/workflows/auto-merge.yaml

@@ -0,0 +1,14 @@
+name: Auto Merge Dependency Updates
+on:
+  - pull_request_target
+jobs:
+  auto-merge-dependency-updates:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
+    concurrency:
+      group: "auto-merge:${{ github.head_ref }}"
+      cancel-in-progress: true
+    steps:
+      - uses: Mic92/auto-merge@main

.github/workflows/update-flake-lock.yml

@@ -0,0 +1,31 @@
+name: "Update flakes"
+on:
+  repository_dispatch:
+  workflow_dispatch:
+  schedule:
+    - cron: "51 2 * * 0"
+
+jobs:
+  createPullRequest:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Install Nix
+        uses: cachix/install-nix-action@v31
+        with:
+          extra_nix_config: |
+            access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
+      - uses: actions/create-github-app-token@v1
+        id: app-token
+        with:
+          app-id: ${{ vars.CI_APP_ID }}
+          private-key: ${{ secrets.CI_APP_PRIVATE_KEY }}
+      - name: Update flakes
+        run: nix flake update
+      - name: Create Pull Request
+        uses: peter-evans/create-pull-request@v7
+        with:
+          title: Update flakes
+          token: ${{ steps.app-token.outputs.token }}
+          labels: |
+            auto-merge

docs/howtos/INDEX.md

@@ -10,6 +10,8 @@
 
 [Installing on a machine with no operating system](./no-os.md)
 
+[Kexec on systems with limited RAM](./limited-ram.md)
+
 [Copying files to the new installation](./extra-files.md)
 
 [Using your own kexec image](./custom-kexec.md)

docs/howtos/limited-ram.md

@@ -0,0 +1,29 @@
+# Kexec on Systems with Limited RAM
+
+When working with nixos-anywhere on systems with limited RAM (around 1GB), you
+can use the `--no-disko-deps` option to reduce memory usage during installation.
+
+## How it works
+
+The `--no-disko-deps` option uploads only the disko partitioning script without
+including its dependencies. This significantly reduces memory usage because:
+
+1. The installer normally stores all dependencies in memory
+2. Partitioning tools can be quite large when bundled with their dependencies
+
+## Usage example
+
+```bash
+nix run github:nix-community/nixos-anywhere -- --no-disko-deps --flake <path to configuration>#<configuration name> --target-host root@<ip address>
+```
+
+## Trade-off
+
+While this approach saves memory, it means the partitioning tools will be
+whatever versions are available on the target system, rather than the specific
+versions defined in your NixOS configuration. This could potentially lead to
+version inconsistencies between the partitioning tools and the NixOS system
+being installed.
+
+This trade-off is usually acceptable for memory-constrained environments where
+installation would otherwise fail due to insufficient RAM.

docs/howtos/use-without-flakes.md

@@ -78,5 +78,5 @@ step:
 Run `nixos-anywhere` as follows:
 
 ```bash
-nixos-anywhere --store-paths $(nix-build -A config.system.build.disko -A config.system.build.toplevel --no-out-link) root@machine
+nixos-anywhere --store-paths $(nix-build -A config.system.build.formatScript -A config.system.build.toplevel --no-out-link) root@machine
 ```

docs/reference.md

@@ -19,12 +19,17 @@ TODO: Populate this guide properly
 <!-- `$ bash ./src/nixos-anywhere.sh --help` -->
 
 ```
-Usage: nixos-anywhere [options] <ssh-host>
+Usage: nixos-anywhere [options] [<ssh-host>]
 
 Options:
 
 * -f, --flake <flake_uri>
-  set the flake to install the system from.
+  set the flake to install the system from. i.e.
+  nixos-anywhere --flake .#mymachine
+  Also supports variants:
+  nixos-anywhere --flake .#nixosConfigurations.mymachine.config.virtualisation.vmVariant
+* --target-host <ssh-host>
+  set the SSH target host to deploy onto.
 * -i <identity_file>
   selects which SSH private key file to use.
 * -p, --ssh-port <ssh_port>
@@ -43,6 +48,8 @@ Options:
   use another kexec tarball to bootstrap NixOS
 * --kexec-extra-flags
   extra flags to add into the call to kexec, e.g. "--no-sync"
+* --ssh-store-setting <key> <value>
+  ssh store settings appended to the store URI, e.g. "compress true". <value> needs to be URI encoded.
 * --post-kexec-ssh-port <ssh_port>
   after kexec is executed, use a custom ssh port to connect. Defaults to 22
 * --copy-host-keys
@@ -60,6 +67,8 @@ Options:
   disable passing --substitute-on-destination to nix-copy
 * --debug
   enable debug output
+* --show-trace
+  show nix build traces
 * --option <key> <value>
   nix option to pass to every nix related command
 * --from <store-uri>
@@ -80,8 +89,15 @@ Options:
 * --disko-mode disko|mount|format
   set the disko mode to format, mount or destroy. Default is disko.
   disko: first unmount and destroy all filesystems on the disks we want to format, then run the create and mount mode
-  mount: mount the partition at the specified root-mountpoint
-  format: create partition tables, zpools, lvms, raids and filesystems (Experimental: Can be run increntally, but use with caution and good backups)
+* --no-disko-deps
+  This will only upload the disko script and not the partitioning tools dependencies.
+  Installers usually have dependencies available.
+  Use this option if your target machine has not enough RAM to store the dependencies in memory.
+* --build-on auto|remote|local
+  sets the build on settings to auto, remote or local. Default is auto.
+  auto: tries to figure out, if the build is possible on the local host, if not falls back gracefully to remote build
+  local: will build on the local host
+  remote: will build on the remote host
 ```
 
 ## Explanation of known error messages

flake.lock

@@ -9,8 +9,10 @@ kexecExtraFlags=""
 sshStoreSettings=""
 enableDebug=""
 nixBuildFlags=()
+diskoAttr=""
 diskoScript=""
 diskoMode="disko"
+diskoDeps=y
 nixosSystem=""
 extraFiles=""
 vmTest="n"
@@ -137,6 +139,10 @@ Options:
 * --disko-mode disko|mount|format
   set the disko mode to format, mount or destroy. Default is disko.
   disko: first unmount and destroy all filesystems on the disks we want to format, then run the create and mount mode
+* --no-disko-deps
+  This will only upload the disko script and not the partitioning tools dependencies.
+  Installers usually have dependencies available.
+  Use this option if your target machine has not enough RAM to store the dependencies in memory.
 * --build-on auto|remote|local
   sets the build on settings to auto, remote or local. Default is auto.
   auto: tries to figure out, if the build is possible on the local host, if not falls back gracefully to remote build
@@ -255,6 +261,9 @@ parseArgs() {
 
       shift
       ;;
+    --no-disko-deps)
+      diskoDeps=n
+      ;;
     --build-on)
       case "$2" in
       auto | local | remote)
@@ -346,6 +355,12 @@ parseArgs() {
     shift
   done
 
+  diskoAttr="${diskoMode}Script"
+
+  if [[ ${diskoDeps} == "n" ]]; then
+    diskoAttr="${diskoAttr}NoDeps"
+  fi
+
   if [[ ${printBuildLogs} == "y" ]]; then
     nixOptions+=("-L")
   fi
@@ -659,7 +674,7 @@ runDisko() {
       --derivation --no-check-sigs
     # If we don't use ssh-ng here, we get `error: operation 'getFSAccessor' is not supported by store`
     diskoScript=$(
-      nixBuild "${flake}#${flakeAttr}.system.build.${diskoMode}Script" \
+      nixBuild "${flake}#${flakeAttr}.system.build.${diskoAttr}" \
         --eval-store auto --store "ssh-ng://$sshConnection?ssh-key=$sshKeyDir%2Fnixos-anywhere&$sshStoreSettings"
     )
   fi
@@ -756,7 +771,7 @@ main() {
   if [[ -n ${flake} ]]; then
     if [[ ${buildOn} == "local" ]] && [[ ${hardwareConfigBackend} == "none" ]]; then
       if [[ ${phases[disko]} == 1 ]]; then
-        diskoScript=$(nixBuild "${flake}#${flakeAttr}.system.build.${diskoMode}Script")
+        diskoScript=$(nixBuild "${flake}#${flakeAttr}.system.build.${diskoAttr}")
       fi
       if [[ ${phases[install]} == 1 ]]; then
         nixosSystem=$(nixBuild "${flake}#${flakeAttr}.system.build.toplevel")
@@ -831,7 +846,7 @@ main() {
 
   if [[ ${buildOn} != "remote" ]] && [[ -n ${flake} ]] && [[ -z ${diskoScript} ]]; then
     if [[ ${phases[disko]} == 1 ]]; then
-      diskoScript=$(nixBuild "${flake}#${flakeAttr}.system.build.${diskoMode}Script")
+      diskoScript=$(nixBuild "${flake}#${flakeAttr}.system.build.${diskoAttr}")
     fi
     if [[ ${phases[install]} == 1 ]]; then
       nixosSystem=$(nixBuild "${flake}#${flakeAttr}.system.build.toplevel")

src/nixos-anywhere.sh

@@ -26,6 +26,8 @@ module "deploy" {
   instance_id            = local.ipv4
   # useful if something goes wrong
   # debug_logging          = true
+  # build the closure on the remote machine instead of locally
+  # build_on_remote        = true
   # script is below
   extra_files_script     = "${path.module}/decrypt-ssh-secrets.sh"
   disk_encryption_key_scripts = [{
@@ -109,7 +111,7 @@ NixOS without relying on special_args.
     centralizing state in a single repository.
 - **Disadvantages**:
   - Deploying new machines requires tracking additional state. Every time
-    Terraform updates the JSON file, you’ll need to commit these changes to your
+    Terraform updates the JSON file, you'll need to commit these changes to your
     repository.
 
 ### Implementation
@@ -218,6 +220,7 @@ No resources.
 | <a name="input_no_reboot"></a> [no\_reboot](#input_no_reboot)                                                         | DEPRECATED: Use `phases` instead. Do not reboot after installation                                                                                                                                                                                        | `bool`                                                                 | `false`                                                                 |    no    |
 | <a name="input_phases"></a> [phases](#input_phases)                                                                   | Phases to run. See `nixos-anywhere --help` for more information                                                                                                                                                                                           | `set(string)`                                                          | <pre>[<br> "kexec",<br> "disko",<br> "install",<br> "reboot"<br>]</pre> |    no    |
 | <a name="input_special_args"></a> [special\_args](#input_special_args)                                                | A map exposed as NixOS's `specialArgs` thru a file.                                                                                                                                                                                                       | `any`                                                                  | `{}`                                                                    |    no    |
+| <a name="input_build_on_remote"></a> [build\_on\_remote](#input_build_on_remote)                                      | Build the closure on the remote machine instead of building it locally and copying it over                                                                                                                                                                | `bool`                                                                 | `false`                                                                 |    no    |
 | <a name="input_stop_after_disko"></a> [stop\_after\_disko](#input_stop_after_disko)                                   | DEPRECATED: Use `phases` instead. Exit after disko formatting                                                                                                                                                                                             | `bool`                                                                 | `false`                                                                 |    no    |
 | <a name="input_target_host"></a> [target\_host](#input_target_host)                                                   | DNS host to deploy to                                                                                                                                                                                                                                     | `string`                                                               | n/a                                                                     |   yes    |
 | <a name="input_target_port"></a> [target\_port](#input_target_port)                                                   | SSH port used to connect to the target\_host after installing NixOS. If install\_port is not set than this port is also used before installing.                                                                                                           | `number`                                                               | `22`                                                                    |    no    |

terraform/all-in-one.md

@@ -36,6 +36,7 @@ module "install" {
   phases                       = var.phases
   nixos_generate_config_path   = var.nixos_generate_config_path
   nixos_facter_path            = var.nixos_facter_path
+  build_on_remote              = var.build_on_remote
   # deprecated attributes
   stop_after_disko             = var.stop_after_disko
   no_reboot                    = var.no_reboot
@@ -55,6 +56,7 @@ module "nixos-rebuild" {
   target_host = var.target_host
   target_user = var.target_user
   target_port = var.target_port
+  install_bootloader = var.install_bootloader
 }
 
 output "result" {