torkleyy/setup-nix.sh

## setup-nix.sh
#! /usr/bin/env bash

# Script to install NixOS from the Hetzner Cloud NixOS bootable ISO image.
# (tested with Hetzner's `NixOS 20.03 (amd64/minimal)` ISO image).
#
# This script wipes the disk of the server!
#
# Instructions:
#
# 1. Mount the above mentioned ISO image from the Hetzner Cloud GUI
#    and reboot the server into it; do not run the default system (e.g. Ubuntu).
# 2. To be able to SSH straight in (recommended), you must replace hardcoded pubkey
#    further down in the section labelled "Replace this by your SSH pubkey" by you own,
#    and host the modified script way under a URL of your choosing
#    (e.g. gist.github.com with git.io as URL shortener service).
# 3. Run on the server:
#
#       # Replace this URL by your own that has your pubkey in
#       curl -L https://raw.githubusercontent.com/nix-community/nixos-install-scripts/master/hosters/hetzner-cloud/nixos-install-hetzner-cloud.sh | sudo bash
#
#    This will install NixOS and power off the server.
# 4. Unmount the ISO image from the Hetzner Cloud GUI.
# 5. Turn the server back on from the Hetzner Cloud GUI.
#
# To run it from the Hetzner Cloud web terminal without typing it down,
# you can either select it and then middle-click onto the web terminal, (that pastes
# to it), or use `xdotool` (you have e.g. 3 seconds to focus the window):
#
#     sleep 3 && xdotool type --delay 50 'curl YOUR_URL_HERE | sudo bash'
#
# (In the xdotool invocation you may have to replace chars so that
# the right chars appear on the US-English keyboard.)
#
# If you do not replace the pubkey, you'll be running with my pubkey, but you can
# change it afterwards by logging in via the Hetzner Cloud web terminal as `root`
# with empty password.

set -e

# Hetzner Cloud OS images grow the root partition to the size of the local
# disk on first boot. In case the NixOS live ISO is booted immediately on
# first powerup, that does not happen. Thus we need to grow the partition
# by deleting and re-creating it.
sgdisk -d 1 /dev/sda
sgdisk -N 1 /dev/sda
partprobe /dev/sda

mkfs.ext4 -F /dev/sda1 # wipes all data!

mount /dev/sda1 /mnt

nixos-generate-config --root /mnt

# Delete trailing `}` from `configuration.nix` so that we can append more to it.
sed -i -E 's:^\}\s*$::g' /mnt/etc/nixos/configuration.nix

# Extend/override default `configuration.nix`:
echo '
  boot.loader.grub.devices = [ "/dev/sda" ];

  # Initial empty root password for easy login:
  users.users.root.initialHashedPassword = "";
  services.openssh.permitRootLogin = "prohibit-password";

  services.openssh.enable = true;

  users.users.root.openssh.authorizedKeys.keys = [
    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDbBZj9jVXGy6wES75LqEX+gpOZAa2A9YyKCvQhlRSPf4qbuZ/yPd/AkLgpYtrgE8ItAjBzTZdmLwPSUJ5aD5uBAC1sWjLjJGWPGUvRibgZABF6ELY4B799Ptc9VHvYTHAhbkXqU2u/ze6lgiy2thZUIiD9rgPSG7f8eeKtJeYINj7GL1UxW3NQNU/yZqJDkFP8ZweOF5QhLXYsOTnw3OgwQWl1LNpUdIBekh9HqVuTxwOYs81Xe9Tu7lvKyKt9JAjoeC+49SJR0CEV+XsDHtyn5+KgNo0SfuCi9Lyt/CG5Bq0Bh3k1yObeCAPV1G8k5swdj3M+pxRPY2pgwFUSChiskkIyvt2HQvv8TpqtCY73iSyDr4n532Rf8D8dcEDNoBiKoG5Of7BIZciqid3yOEhP6ES2tg9/EyCRDVd1MgzN2CyXCuDN5/4UafXoDg1lssdEdQEAMAJupvQTISyrKAsAmWVX1+BBWjkqy3mhTkdwCCnoRc8ImXh6nKfeGDFGBe5j3RIxb6S1sOLimxnQntc6ioXlLKPJE3P3wkveH/WLaSBx3crcmqH8WVZqrRR/WhS2nqbNiGpCTemyMeUmGKG0qcFynFjoJL3zTfCd21yGKS0yyv8lBQ3pxT0TH9MeEH2SQi7fX4kBnAUr8xbHW8QlKRvaYyzaeev/nu3uoXEIOQ== thomas@thomas-thinkpad"
    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDbZ9TnqegDnirPhFfZddVkt/PSm9OI/3ML+mNurS37K1f3X5hGImZvOYVjNi+/Dxu5fYcOInSYIt2BWL0GAH4L/R7HKOZfGDsGL+LH28VlVZdiKxzeiWXlQEQkdn94lpci/BVzSqMepbLAP0uQEaz74tprDrqf10uMbyGfrsSoFYsDjXXFfVl0YAR0Jt3p85nHRtiDCe6Bxg/OZjS1Xfr5vOKArAqkOOBKiPOQCQMH6Kv+AMwo8MtCQCx64mhyFsx1+/MUx+9vJ5LprERve6FfNCbbA+MRbCQwUh6nXXaQnUd9Kmp3ps4cypoKYVAqcnnEQG1R8pBNV01tEuGNhY2qKOpW+fks3yt+knlW7R+3GLV1E/TGQYWY8s6c3UzaMHrzOhcihRBfwtxtVDAru2LXNtKX4olHJ3/cr+qh3YukR1snK5z3My9VVMaPuSDbxOYP7b0uG5CVqG8VfYN6FjvdStcyNim5q7+GY4ypUTLH9GRyPY8l/IILCcXzo+YQdzszNpskiXk8y0O8vjY3Gw93K/kXoJbYqWxi4ms+gmxdJVzzjxIFaCSZe8klIL7MFLw1yARims1e3U1qX6Zfe6Vn61ecuKHoJ5txmNlsHSH4/e1Wl1wxG0aqF+FAxu7jScbN9oRCjTWLQhKDqmLjwXzIpukTq5ovq9gTspNGYRNy7Q== thomas@thomas-win10"
  ];
}
' >> /mnt/etc/nixos/configuration.nix

nixos-install --no-root-passwd

poweroff
	#! /usr/bin/env bash

	# Script to install NixOS from the Hetzner Cloud NixOS bootable ISO image.
	# (tested with Hetzner's `NixOS 20.03 (amd64/minimal)` ISO image).
	#
	# This script wipes the disk of the server!
	#
	# Instructions:
	#
	# 1. Mount the above mentioned ISO image from the Hetzner Cloud GUI
	# and reboot the server into it; do not run the default system (e.g. Ubuntu).
	# 2. To be able to SSH straight in (recommended), you must replace hardcoded pubkey
	# further down in the section labelled "Replace this by your SSH pubkey" by you own,
	# and host the modified script way under a URL of your choosing
	# (e.g. gist.github.com with git.io as URL shortener service).
	# 3. Run on the server:
	#
	# # Replace this URL by your own that has your pubkey in
	# curl -L https://raw.githubusercontent.com/nix-community/nixos-install-scripts/master/hosters/hetzner-cloud/nixos-install-hetzner-cloud.sh \| sudo bash
	#
	# This will install NixOS and power off the server.
	# 4. Unmount the ISO image from the Hetzner Cloud GUI.
	# 5. Turn the server back on from the Hetzner Cloud GUI.
	#
	# To run it from the Hetzner Cloud web terminal without typing it down,
	# you can either select it and then middle-click onto the web terminal, (that pastes
	# to it), or use `xdotool` (you have e.g. 3 seconds to focus the window):
	#
	# sleep 3 && xdotool type --delay 50 'curl YOUR_URL_HERE \| sudo bash'
	#
	# (In the xdotool invocation you may have to replace chars so that
	# the right chars appear on the US-English keyboard.)
	#
	# If you do not replace the pubkey, you'll be running with my pubkey, but you can
	# change it afterwards by logging in via the Hetzner Cloud web terminal as `root`
	# with empty password.

	set -e

	# Hetzner Cloud OS images grow the root partition to the size of the local
	# disk on first boot. In case the NixOS live ISO is booted immediately on
	# first powerup, that does not happen. Thus we need to grow the partition
	# by deleting and re-creating it.
	sgdisk -d 1 /dev/sda
	sgdisk -N 1 /dev/sda
	partprobe /dev/sda

	mkfs.ext4 -F /dev/sda1 # wipes all data!

	mount /dev/sda1 /mnt

	nixos-generate-config --root /mnt

	# Delete trailing `}` from `configuration.nix` so that we can append more to it.
	sed -i -E 's:^\}\s*$::g' /mnt/etc/nixos/configuration.nix

	# Extend/override default `configuration.nix`:
	echo '
	boot.loader.grub.devices = [ "/dev/sda" ];

	# Initial empty root password for easy login:
	users.users.root.initialHashedPassword = "";
	services.openssh.permitRootLogin = "prohibit-password";

	services.openssh.enable = true;

	users.users.root.openssh.authorizedKeys.keys = [
	"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDbBZj9jVXGy6wES75LqEX+gpOZAa2A9YyKCvQhlRSPf4qbuZ/yPd/AkLgpYtrgE8ItAjBzTZdmLwPSUJ5aD5uBAC1sWjLjJGWPGUvRibgZABF6ELY4B799Ptc9VHvYTHAhbkXqU2u/ze6lgiy2thZUIiD9rgPSG7f8eeKtJeYINj7GL1UxW3NQNU/yZqJDkFP8ZweOF5QhLXYsOTnw3OgwQWl1LNpUdIBekh9HqVuTxwOYs81Xe9Tu7lvKyKt9JAjoeC+49SJR0CEV+XsDHtyn5+KgNo0SfuCi9Lyt/CG5Bq0Bh3k1yObeCAPV1G8k5swdj3M+pxRPY2pgwFUSChiskkIyvt2HQvv8TpqtCY73iSyDr4n532Rf8D8dcEDNoBiKoG5Of7BIZciqid3yOEhP6ES2tg9/EyCRDVd1MgzN2CyXCuDN5/4UafXoDg1lssdEdQEAMAJupvQTISyrKAsAmWVX1+BBWjkqy3mhTkdwCCnoRc8ImXh6nKfeGDFGBe5j3RIxb6S1sOLimxnQntc6ioXlLKPJE3P3wkveH/WLaSBx3crcmqH8WVZqrRR/WhS2nqbNiGpCTemyMeUmGKG0qcFynFjoJL3zTfCd21yGKS0yyv8lBQ3pxT0TH9MeEH2SQi7fX4kBnAUr8xbHW8QlKRvaYyzaeev/nu3uoXEIOQ== thomas@thomas-thinkpad"
	"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDbZ9TnqegDnirPhFfZddVkt/PSm9OI/3ML+mNurS37K1f3X5hGImZvOYVjNi+/Dxu5fYcOInSYIt2BWL0GAH4L/R7HKOZfGDsGL+LH28VlVZdiKxzeiWXlQEQkdn94lpci/BVzSqMepbLAP0uQEaz74tprDrqf10uMbyGfrsSoFYsDjXXFfVl0YAR0Jt3p85nHRtiDCe6Bxg/OZjS1Xfr5vOKArAqkOOBKiPOQCQMH6Kv+AMwo8MtCQCx64mhyFsx1+/MUx+9vJ5LprERve6FfNCbbA+MRbCQwUh6nXXaQnUd9Kmp3ps4cypoKYVAqcnnEQG1R8pBNV01tEuGNhY2qKOpW+fks3yt+knlW7R+3GLV1E/TGQYWY8s6c3UzaMHrzOhcihRBfwtxtVDAru2LXNtKX4olHJ3/cr+qh3YukR1snK5z3My9VVMaPuSDbxOYP7b0uG5CVqG8VfYN6FjvdStcyNim5q7+GY4ypUTLH9GRyPY8l/IILCcXzo+YQdzszNpskiXk8y0O8vjY3Gw93K/kXoJbYqWxi4ms+gmxdJVzzjxIFaCSZe8klIL7MFLw1yARims1e3U1qX6Zfe6Vn61ecuKHoJ5txmNlsHSH4/e1Wl1wxG0aqF+FAxu7jScbN9oRCjTWLQhKDqmLjwXzIpukTq5ovq9gTspNGYRNy7Q== thomas@thomas-win10"
	];
	}
	' >> /mnt/etc/nixos/configuration.nix

	nixos-install --no-root-passwd

	poweroff