bootstrapping

default bootstrap password

think this is required

pw update

pseudoterm

change pw

flake.nix

@@ -23,17 +23,16 @@
     inputs@{ self, nixpkgs, ... }:
     let
       kclib = import ./lib.nix {
-        nixpkgs = inputs.nixpkgs;
         inputs = inputs;
       };
     in
     {
       nixosConfigurations = {
-        tailscale-proxy = kclib.mkHost {
+        bootstrap = kclib.mkHost {
-          name = "tailscale-proxy";
+          name = "bootstrap";
         };
-        entrypoint = kclib.mkHost {
+        etcd0 = kclib.mkHost {
-          name = "entrypoint";
+          name = "etcd0";
         };
         hydra = kclib.mkHost {
           name = "hydra";

hosts/base/hardware-config.nix

@@ -1,7 +1,5 @@
 {
-  config,
   lib,
-  pkgs,
   modulesPath,
   ...
 }:

hosts/bootstrap/default.nix

@@ -0,0 +1,7 @@
+{ ... }:
+{
+  kropcloud = {
+    networking.enable = false;
+    admin.password = "changeme";
+  };
+}

hosts/etcd0/default.nix

@@ -0,0 +1,18 @@
+{ ... }:
+{
+  kropcloud =
+    let
+      serverIp = "192.168.1.161";
+    in
+    {
+      services = {
+      };
+      networking = {
+        ipv4 = {
+          address = serverIp;
+          prefixLength = 24;
+          defaultGateway = "192.168.1.1";
+        };
+      };
+    };
+}

lib.nix

@@ -1,5 +1,4 @@
 {
-  nixpkgs,
   inputs,
 }:
 {
@@ -8,7 +7,7 @@
       name,
       arch ? "x86_64-linux",
     }:
-    nixpkgs.lib.nixosSystem {
+    inputs.nixpkgs.lib.nixosSystem {
       system = arch;
       modules = [
         ./hosts/base

nixosModules/users/default.nix

@@ -14,6 +14,11 @@ in
       default = [ ];
       description = "List of SSH public keys to authorize for the admin user.";
     };
+    password = lib.mkOption {
+      type = lib.types.nullOr lib.types.str;
+      default = null;
+      description = "Password for the admin user. Should be used only for initial setup.";
+    };
   };
 
   config = {
@@ -21,11 +26,15 @@ in
     age.secrets.mypassword.file = ../../secrets/mypassword.age;
 
     # Define the admin user
-    users.users.${cfg.user} = {
+    users = {
-      passwordFile = config.age.secrets.mypassword.path;
+      mutableUsers = false;
-      isNormalUser = true;
+      users.${cfg.user} = {
-      extraGroups = [ "wheel" ];
+        password = if cfg.password != null then cfg.password else null;
-      openssh.authorizedKeys.keys = cfg.sshKeys;
+        hashedPasswordFile = if cfg.password != null then null else config.age.secrets.mypassword.path;
+        isNormalUser = true;
+        extraGroups = [ "wheel" ];
+        openssh.authorizedKeys.keys = cfg.sshKeys;
+      };
     };
   };
 }

scripts/bootstrap.sh

@@ -0,0 +1,23 @@
+#!/usr/bin/env bash
+
+# Parameters
+ip=$1
+if [ -z "$ip" ]; then
+    echo "Usage: $0 <ip>"
+    exit 1
+fi
+
+# This script is used to bootstrap nixos machine so I can get their ssh keys
+
+nix run \
+    github:nix-community/nixos-anywhere \
+    -- \
+    --flake '.#bootstrap' \
+    --target-host root@$ip \
+    --build-on-remote
+
+ret=$?
+if [ $ret -ne 0 ]; then
+    echo "Failed to bootstrap $ip"
+    exit $ret
+fi

scripts/install.sh

@@ -0,0 +1,34 @@
+#!/usr/bin/env bash
+
+# Parameters
+ip=$1
+host=$2
+if [ -z "$ip" ] || [ -z "$host" ]; then
+    echo "Usage: $0 <ip> <host>"
+    exit 1
+fi
+
+# This script is used to bootstrap nixos machine so I can get their ssh keys
+
+nixos-rebuild boot \
+    --flake ".#$host" \
+    --fast \
+    --target-host krop@$ip \
+    --build-host krop@$ip \
+    --use-remote-sudo
+
+ret=$?
+if [ $ret -ne 0 ]; then
+    echo "Failed to install $host"
+    exit $ret
+fi
+
+echo "Successfully installed $host, rebooting"
+
+ssh -t krop@$ip "sudo reboot now"
+
+ret=$?
+if [ $ret -ne 0 ]; then
+    echo "Failed to reboot $host"
+    exit $ret
+fi

scripts/update.sh

@@ -0,0 +1,25 @@
+#!/usr/bin/env bash
+
+# Parameters
+ip=$1
+if [ -z "$ip" ]; then
+    echo "Usage: $0 <ip>"
+    exit 1
+fi
+
+# This script is used to bootstrap nixos machine so I can get their ssh keys
+
+nixos-rebuild switch \
+    --flake ".#$host" \
+    --fast \
+    --target-host krop@$ip \
+    --build-host krop@$ip \
+    --use-remote-sudo
+
+ret=$?
+if [ $ret -ne 0 ]; then
+    echo "Failed to update $ip"
+    exit $ret
+fi
+
+echo "Successfully updated $ip, rebooting"