{ pkgs, config, ... }: { system.build = rec { image = pkgs.runCommand "image" { buildInputs = [ pkgs.nukeReferences ]; } '' mkdir $out cp ${config.system.build.kernel}/bzImage $out/kernel cp ${config.system.build.netbootRamdisk}/initrd $out/initrd echo "init=${builtins.unsafeDiscardStringContext config.system.build.toplevel}/init ${toString config.boot.kernelParams}" > $out/cmdline nuke-refs $out/kernel ''; kexec_script = pkgs.writeTextFile { executable = true; name = "kexec-nixos"; text = '' #!${pkgs.stdenv.shell} export PATH=${pkgs.kexectools}/bin:${pkgs.cpio}/bin:$PATH set -x cd $(mktemp -d) pwd mkdir initrd pushd initrd cat /ssh_pubkey >> authorized_keys find -type f | cpio -o -H newc | gzip -9 > ../extra.gz popd cat ${image}/initrd extra.gz > final.gz kexec -l ${image}/kernel --initrd=final.gz --append="init=${builtins.unsafeDiscardStringContext config.system.build.toplevel}/init ${toString config.boot.kernelParams}" sync echo "executing kernel, filesystems will be improperly umounted" kexec -e ''; }; kexec_tarball = pkgs.callPackage { storeContents = [ { object = config.system.build.kexec_script; symlink = "/kexec_nixos"; } ]; contents = []; }; kexec_tarball_self_extract_script = pkgs.writeTextFile { executable = true; name = "kexec-nixos"; text = '' #!/bin/sh ARCHIVE=`awk '/^__ARCHIVE_BELOW__/ { print NR + 1; exit 0; }' $0` tail -n+$ARCHIVE $0 | tar xJ -C / /kexec_nixos exit 0 __ARCHIVE_BELOW__ ''; }; kexec_bundle = pkgs.runCommand "kexec_bundle" {} '' cat \ ${kexec_tarball_self_extract_script} \ ${kexec_tarball}/tarball/nixos-system-${kexec_tarball.system}.tar.xz \ > $out chmod +x $out ''; }; boot.initrd.postMountCommands = '' mkdir -p /mnt-root/root/.ssh/ cp /authorized_keys /mnt-root/root/.ssh/ ''; }