Import server configurations

1 files changed, 81 insertions, 0 deletions

diff --git a/setup/hetzner.sh b/setup/hetzner.sh
new file mode 100755
index 00000000..250a9211
--- /dev/null
+++ b/setup/hetzner.sh
@@ -0,0 +1,81 @@
+#! /usr/bin/env bash
+
+# Script to install NixOS from the Hetzner Cloud NixOS bootable ISO image.
+# (tested with Hetzner's `NixOS 20.03 (amd64/minimal)` ISO image).
+#
+# This script wipes the disk of the server!
+#
+# Instructions:
+#
+# 1. Mount the above mentioned ISO image from the Hetzner Cloud GUI
+#    and reboot the server into it; do not run the default system (e.g. Ubuntu).
+# 2. To be able to SSH straight in (recommended), you must replace hardcoded pubkey
+#    further down in the section labelled "Replace this by your SSH pubkey" by you own,
+#    and host the modified script way under a URL of your choosing
+#    (e.g. gist.github.com with git.io as URL shortener service).
+# 3. Run on the server:
+#
+#       # Replace this URL by your own that has your pubkey in
+#       curl -L https://home.alanpearce.eu/public/hetzner.sh | sudo bash
+#
+#    This will install NixOS and power off the server.
+# 4. Unmount the ISO image from the Hetzner Cloud GUI.
+# 5. Turn the server back on from the Hetzner Cloud GUI.
+#
+# To run it from the Hetzner Cloud web terminal without typing it down,
+# you can either select it and then middle-click onto the web terminal, (that pastes
+# to it), or use `xdotool` (you have e.g. 3 seconds to focus the window):
+#
+#     sleep 3 && xdotool type --delay 50 'curl YOUR_URL_HERE | sudo bash'
+#
+# (In the xdotool invocation you may have to replace chars so that
+# the right chars appear on the US-English keyboard.)
+#
+# If you do not replace the pubkey, you'll be running with my pubkey, but you can
+# change it afterwards by logging in via the Hetzner Cloud web terminal as `root`
+# with empty password.
+
+set -e
+
+# Hetzner Cloud OS images grow the root partition to the size of the local
+# disk on first boot. In case the NixOS live ISO is booted immediately on
+# first powerup, that does not happen. Thus we need to grow the partition
+# by deleting and re-creating it.
+sgdisk -d 1 /dev/sda
+sgdisk -N 1 /dev/sda
+partprobe /dev/sda
+
+mkfs.ext4 -F /dev/sda1 # wipes all data!
+
+mount /dev/sda1 /mnt
+
+nixos-generate-config --root /mnt
+
+# Delete trailing `}` from `configuration.nix` so that we can append more to it.
+sed -i -E 's:^\}\s*$::g' /mnt/etc/nixos/configuration.nix
+
+# Extend/override default `configuration.nix`:
+echo '
+  boot.loader.grub.devices = [ "/dev/sda" ];
+
+  # Initial empty root password for easy login:
+  users.users.root.initialHashedPassword = "";
+  services.openssh = {
+    permitRootLogin = "prohibit-password";
+    enable = true;
+  };
+
+	programs.fish.enable = true;
+  users.users.root = {
+    initialHashedPassword = "";
+    shell = "${pkgs.fish}/bin/fish";
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII8VIII+598QOBxi/52O1Kb19RdUdX0aZmS1/dNoyqc5 alan@hetzner"
+    ];
+  };
+}
+' >> /mnt/etc/nixos/configuration.nix
+
+nixos-install --no-root-passwd
+
+poweroff