Infect with a prebuilt flake?

I'm using flakes to configure my NixOS machines. More or less as explained here.

The point is that, if I add the flake configuration before infection, and then infect it, the new system will be configured using the /etc/nixo/configuration.nix file generated in the infection script, instead of using the /etc/nixos/flake.nix that I already put there before.

Is there a way to preconfigure the system before infection so that, after infected, it's directly booted to the system flake?

I've tried modified this script and successfully got it working for my flake. Here's how:

Prerequisites

Seems you'll need to have the flake well-defined, or else the box will get stuck somewhere right after it reboots

The big thing

We'll need to look here:

nixos-infect/nixos-infect

Lines 286 to 299 in 318fc51

    
           [[ -z "$NIX_CHANNEL" ]] && NIX_CHANNEL="nixos-22.05" 
        
           nix-channel --remove nixpkgs 
        
           nix-channel --add "https://nixos.org/channels/$NIX_CHANNEL" nixos 
        
           nix-channel --update 
        
           export NIXOS_CONFIG="${NIXOS_CONFIG:-/etc/nixos/configuration.nix}" 
        
           nix-env --set \ 
        
             -I nixpkgs=$HOME/.nix-defexpr/channels/nixos \ 
        
             -f '<nixpkgs/nixos>' \ 
        
             -p /nix/var/nix/profiles/system \ 
        
             -A system

That's where the /etc/nixos/configuration.nix got built. We'll need to get around that and replace with some nix build thingy, which should be something like this:

# Flake adaptations
nix \
  --extra-experimental-features "nix-command flakes" \
build \
  --profile /nix/var/nix/profiles/system \
  "${FLAKE_URL}#nixosConfigurations.${NIXOS_CONFIG_NAME}.config.system.build.toplevel"

Following script works for me (tested on contabo).
Should we add flake support to nixos-infect?

curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect \
  | NIX_CHANNEL=nixos-23.05 NO_REBOOT=true bash -x \
&& { cat > /etc/nixos/flake.nix << 'EOF'
{
  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05";
  };

  outputs = inputs:
    {
      nixosConfigurations.contabo-nixos = inputs.nixpkgs.lib.nixosSystem {
        system = "x86_64-linux";
        modules = [
          ./configuration.nix
          ({ pkgs, ... }: {
            nix = {
              registry.nixpkgs.flake = inputs.nixpkgs;
              settings.experimental-features = [ "nix-command" "flakes" ];
              package = pkgs.nixFlakes;
            };
            system.stateVersion = "23.05";
          })
        ];
      };
    };
}
EOF
} \
&& /root/.nix-profile/bin/nix build \
  --extra-experimental-features "nix-command flakes" \
  /etc/nixos/#nixosConfigurations.contabo-nixos.config.system.build.toplevel
result/activate
result/bin/switch-to-configuration switch
reboot

Turning this into something like this would be fantastic:

curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | NIX_FLAKE=git+ssh://git@github.com/tcurdt/nixcfg.git#utm bash -x

Even better if would also allow for passing a key for decrypting credentials

curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | NIX_SECRETS_KEY="SOMEKEY" NIX_FLAKE=git+ssh://git@github.com/tcurdt/nixcfg.git#utm bash -x


	[[ -z "$NIX_CHANNEL" ]] && NIX_CHANNEL="nixos-22.05"
	nix-channel --remove nixpkgs
	nix-channel --add "https://nixos.org/channels/$NIX_CHANNEL" nixos
	nix-channel --update

	export NIXOS_CONFIG="${NIXOS_CONFIG:-/etc/nixos/configuration.nix}"

	nix-env --set \
	-I nixpkgs=$HOME/.nix-defexpr/channels/nixos \
	-f '<nixpkgs/nixos>' \
	-p /nix/var/nix/profiles/system \
	-A system