blob: 250a9211df506e8a16dfa68bcc4ee8c46f43c6c2 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
|
#! /usr/bin/env bash
# Script to install NixOS from the Hetzner Cloud NixOS bootable ISO image.
# (tested with Hetzner's `NixOS 20.03 (amd64/minimal)` ISO image).
#
# This script wipes the disk of the server!
#
# Instructions:
#
# 1. Mount the above mentioned ISO image from the Hetzner Cloud GUI
# and reboot the server into it; do not run the default system (e.g. Ubuntu).
# 2. To be able to SSH straight in (recommended), you must replace hardcoded pubkey
# further down in the section labelled "Replace this by your SSH pubkey" by you own,
# and host the modified script way under a URL of your choosing
# (e.g. gist.github.com with git.io as URL shortener service).
# 3. Run on the server:
#
# # Replace this URL by your own that has your pubkey in
# curl -L https://home.alanpearce.eu/public/hetzner.sh | sudo bash
#
# This will install NixOS and power off the server.
# 4. Unmount the ISO image from the Hetzner Cloud GUI.
# 5. Turn the server back on from the Hetzner Cloud GUI.
#
# To run it from the Hetzner Cloud web terminal without typing it down,
# you can either select it and then middle-click onto the web terminal, (that pastes
# to it), or use `xdotool` (you have e.g. 3 seconds to focus the window):
#
# sleep 3 && xdotool type --delay 50 'curl YOUR_URL_HERE | sudo bash'
#
# (In the xdotool invocation you may have to replace chars so that
# the right chars appear on the US-English keyboard.)
#
# If you do not replace the pubkey, you'll be running with my pubkey, but you can
# change it afterwards by logging in via the Hetzner Cloud web terminal as `root`
# with empty password.
set -e
# Hetzner Cloud OS images grow the root partition to the size of the local
# disk on first boot. In case the NixOS live ISO is booted immediately on
# first powerup, that does not happen. Thus we need to grow the partition
# by deleting and re-creating it.
sgdisk -d 1 /dev/sda
sgdisk -N 1 /dev/sda
partprobe /dev/sda
mkfs.ext4 -F /dev/sda1 # wipes all data!
mount /dev/sda1 /mnt
nixos-generate-config --root /mnt
# Delete trailing `}` from `configuration.nix` so that we can append more to it.
sed -i -E 's:^\}\s*$::g' /mnt/etc/nixos/configuration.nix
# Extend/override default `configuration.nix`:
echo '
boot.loader.grub.devices = [ "/dev/sda" ];
# Initial empty root password for easy login:
users.users.root.initialHashedPassword = "";
services.openssh = {
permitRootLogin = "prohibit-password";
enable = true;
};
programs.fish.enable = true;
users.users.root = {
initialHashedPassword = "";
shell = "${pkgs.fish}/bin/fish";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII8VIII+598QOBxi/52O1Kb19RdUdX0aZmS1/dNoyqc5 alan@hetzner"
];
};
}
' >> /mnt/etc/nixos/configuration.nix
nixos-install --no-root-passwd
poweroff
|