zeratax · May 10, 2021 20:41
diff --git a/hetzner-nixos-install.sh b/hetzner-nixos-install.sh
 #! /usr/bin/env bash

 # Script to install NixOS from the Hetzner Cloud NixOS bootable ISO image.
 # (tested with Hetzner's `NixOS 20.03 (amd64/minimal)` ISO image).
 # 
 # This script wipes the disk of the server!
 #
 # Instructions:
 #
 # 1. Mount the above mentioned ISO image from the Hetzner Cloud GUI
 #    and reboot the server into it; do not run the default system (e.g. Ubuntu).
 # 2. To be able to SSH straight in (recommended), you must replace hardcoded pubkey
 #    further down in the section labelled "Replace this by your SSH pubkey" by you own,
 #    and host the modified script way under a URL of your choosing
 #    (e.g. gist.github.com with git.io as URL shortener service).
 # 3. Run on the server:
 #
 #       # Replace this URL by your own that has your pubkey in
 #       curl -L https://gist.githubusercontent.com/ZerataX/1751e3e4409d762e5f2cfac12ced5127/raw/9f4c92896847a2c13367c67e5d604568645f4842/hetzner-nixos-install.sh | sudo bash
 # 4. Unmount the ISO image from the Hetzner Cloud GUI.
 # 5. Reboot.
 #
 # To run it from the Hetzner Cloud web terminal without typing it down,
 # you can either select it and then middle-click onto the web terminal, (that pastes
 # to it), or use `xdotool` (you have e.g. 3 seconds to focus the window):
 #
 #     sleep 3 && xdotool type --delay 50 'curl YOUR_URL_HERE | sudo bash'
 #
 # (In the xdotool invocation you may have to replace chars so that
 # the right chars appear on the US-English keyboard.)
 #
 # If you do not replace the pubkey, you'll be running with my pubkey, but you can
 # change it afterwards by logging in via the Hetzner Cloud web terminal as `root`
 # with empty password.

 set -e

 # Hetzner Cloud OS images grow the root partition to the size of the local
 # disk on first boot. In case the NixOS live ISO is booted immediately on
 # first powerup, that does not happen. Thus we need to grow the partition
 # by deleting and re-creating it.
 sgdisk -d 1 /dev/sda
 sgdisk -N 1 /dev/sda
 partprobe /dev/sda

 mkfs.ext4 -F /dev/sda1 # wipes all data!

 mount /dev/sda1 /mnt

 nixos-generate-config --root /mnt

 # Delete trailing `}` from `configuration.nix` so that we can append more to it.
 sed -i -E 's:^\}\s*$::g' /mnt/etc/nixos/configuration.nix

 # Extend/override default `configuration.nix`:
 echo '
  boot.loader.grub.devices = [ "/dev/sda" ];

  # Initial empty root password for easy login:
  users.users.root.initialHashedPassword = "";
  services.openssh.permitRootLogin = "prohibit-password";

  services.openssh.enable = true;

  # Replace this by your SSH pubkey
  users.users.root.openssh.authorizedKeys.keys = [
    "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEA5K62E/ZFLEOIQmzKClxVAP5GmR+6ir+hWxPxK9XfvMZtTtCcnhXBnXNfQlSrX301INy9DiVfN+bRYHS3LU7TUfEcd6E5iwCOH6o9nRVZS7IkJDN/cw0m3co7cFeoayNZylIeACVfM7DwBjzzOXMV3T4hN5LbHkpv63CNTTTQqBaak+CZBQFmzMgIYGiEAi5a3yzZFpVh46JkaasDO2C9SfTNBIuCfaUIAbMbXb09B6FsirBdhndEI2fpT+1jYM0PUeqnxDbYuv5UDwDgKADo/HBAid1X4srJZzMjcnFjtwrazk3/DzyICnZM4R6xuw4cOYiDgfbfYsLYaT70YqFPUw== zeratax" 
    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDH1xtRI30QFFghcJoyHVQ319TyLvKDXRjchYVv0avJOiKZ6blD2zm2iCSwm1XuwKbCLsyLAFdn+uo1uw3Df2gXI3Fe4xsEerOR0fr1NNeC27nvR8zT3obWhYbtuYE7b/xXwnCtQpDHmot3Ii45mJ0hV/p+W7u7rmnZxf6P9GFSXOntIFRx6EKEh20wnfMCsx+mEY2qmZQorAwi1cWzFQf8a8nraeeiqh/EECfGTsZS6SDxUXjm9UrtsKdMGSBdqgpUAcfZZ/97CGgzstmxO/Ff5fJK425fP6Zw73H1QdUaXANKeGDP+AceLGbgGGOR9IOsXbrHvpXd0om7AVoHpJMP pascal"
  ];
 }
 ' >> /mnt/etc/nixos/configuration.nix

 nixos-install --no-root-passwd

 reboot
	#! /usr/bin/env bash

	# Script to install NixOS from the Hetzner Cloud NixOS bootable ISO image.
	# (tested with Hetzner's `NixOS 20.03 (amd64/minimal)` ISO image).
	#
	# This script wipes the disk of the server!
	#
	# Instructions:
	#
	# 1. Mount the above mentioned ISO image from the Hetzner Cloud GUI
	# and reboot the server into it; do not run the default system (e.g. Ubuntu).
	# 2. To be able to SSH straight in (recommended), you must replace hardcoded pubkey
	# further down in the section labelled "Replace this by your SSH pubkey" by you own,
	# and host the modified script way under a URL of your choosing
	# (e.g. gist.github.com with git.io as URL shortener service).
	# 3. Run on the server:
	#
	# # Replace this URL by your own that has your pubkey in
	# curl -L https://gist.githubusercontent.com/ZerataX/1751e3e4409d762e5f2cfac12ced5127/raw/9f4c92896847a2c13367c67e5d604568645f4842/hetzner-nixos-install.sh \| sudo bash
	# 4. Unmount the ISO image from the Hetzner Cloud GUI.
	# 5. Reboot.
	#
	# To run it from the Hetzner Cloud web terminal without typing it down,
	# you can either select it and then middle-click onto the web terminal, (that pastes
	# to it), or use `xdotool` (you have e.g. 3 seconds to focus the window):
	#
	# sleep 3 && xdotool type --delay 50 'curl YOUR_URL_HERE \| sudo bash'
	#
	# (In the xdotool invocation you may have to replace chars so that
	# the right chars appear on the US-English keyboard.)
	#
	# If you do not replace the pubkey, you'll be running with my pubkey, but you can
	# change it afterwards by logging in via the Hetzner Cloud web terminal as `root`
	# with empty password.

	set -e

	# Hetzner Cloud OS images grow the root partition to the size of the local
	# disk on first boot. In case the NixOS live ISO is booted immediately on
	# first powerup, that does not happen. Thus we need to grow the partition
	# by deleting and re-creating it.
	sgdisk -d 1 /dev/sda
	sgdisk -N 1 /dev/sda
	partprobe /dev/sda

	mkfs.ext4 -F /dev/sda1 # wipes all data!

	mount /dev/sda1 /mnt

	nixos-generate-config --root /mnt

	# Delete trailing `}` from `configuration.nix` so that we can append more to it.
	sed -i -E 's:^\}\s*$::g' /mnt/etc/nixos/configuration.nix

	# Extend/override default `configuration.nix`:
	echo '
	boot.loader.grub.devices = [ "/dev/sda" ];

	# Initial empty root password for easy login:
	users.users.root.initialHashedPassword = "";
	services.openssh.permitRootLogin = "prohibit-password";

	services.openssh.enable = true;

	# Replace this by your SSH pubkey
	users.users.root.openssh.authorizedKeys.keys = [
	"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEA5K62E/ZFLEOIQmzKClxVAP5GmR+6ir+hWxPxK9XfvMZtTtCcnhXBnXNfQlSrX301INy9DiVfN+bRYHS3LU7TUfEcd6E5iwCOH6o9nRVZS7IkJDN/cw0m3co7cFeoayNZylIeACVfM7DwBjzzOXMV3T4hN5LbHkpv63CNTTTQqBaak+CZBQFmzMgIYGiEAi5a3yzZFpVh46JkaasDO2C9SfTNBIuCfaUIAbMbXb09B6FsirBdhndEI2fpT+1jYM0PUeqnxDbYuv5UDwDgKADo/HBAid1X4srJZzMjcnFjtwrazk3/DzyICnZM4R6xuw4cOYiDgfbfYsLYaT70YqFPUw== zeratax"
	"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDH1xtRI30QFFghcJoyHVQ319TyLvKDXRjchYVv0avJOiKZ6blD2zm2iCSwm1XuwKbCLsyLAFdn+uo1uw3Df2gXI3Fe4xsEerOR0fr1NNeC27nvR8zT3obWhYbtuYE7b/xXwnCtQpDHmot3Ii45mJ0hV/p+W7u7rmnZxf6P9GFSXOntIFRx6EKEh20wnfMCsx+mEY2qmZQorAwi1cWzFQf8a8nraeeiqh/EECfGTsZS6SDxUXjm9UrtsKdMGSBdqgpUAcfZZ/97CGgzstmxO/Ff5fJK425fP6Zw73H1QdUaXANKeGDP+AceLGbgGGOR9IOsXbrHvpXd0om7AVoHpJMP pascal"
	];
	}
	' >> /mnt/etc/nixos/configuration.nix

	nixos-install --no-root-passwd

	reboot