KropCloud/machines-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

bootstrapping

Browse source 
default bootstrap password

think this is required

pw update

pseudoterm

change pw
This commit is contained in:
Jakub Kropáček 2025-01-02 16:21:43 +01:00
parent 3d7a1d7b44
commit 08a7004dda
10 changed files with 126 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
flake.nix
View file

@ -23,17 +23,16 @@
inputs@{ self, nixpkgs, ... }:
let
kclib = import ./lib.nix {
nixpkgs = inputs.nixpkgs;
inputs = inputs;
};
in
{
nixosConfigurations = {
tailscale-proxy = kclib.mkHost {
name = "tailscale-proxy";
bootstrap = kclib.mkHost {
name = "bootstrap";
};
entrypoint = kclib.mkHost {
name = "entrypoint";
etcd0 = kclib.mkHost {
name = "etcd0";
};
hydra = kclib.mkHost {
name = "hydra";

2
hosts/base/hardware-config.nix
View file

@ -1,7 +1,5 @@
{
config,
lib,
pkgs,
modulesPath,
...
}:

7
hosts/bootstrap/default.nix Normal file
View file

@ -0,0 +1,7 @@
{ ... }:
{
kropcloud = {
networking.enable = false;
admin.password = "changeme";
};
}

18
hosts/etcd0/default.nix Normal file
View file

@ -0,0 +1,18 @@
{ ... }:
{
kropcloud =
let
serverIp = "192.168.1.161";
in
{
services = {
};
networking = {
ipv4 = {
address = serverIp;
prefixLength = 24;
defaultGateway = "192.168.1.1";
};
};
};
}

3
lib.nix
View file

@ -1,5 +1,4 @@
{
nixpkgs,
inputs,
}:
{
@ -8,7 +7,7 @@
name,
arch ? "x86_64-linux",
}:
nixpkgs.lib.nixosSystem {
inputs.nixpkgs.lib.nixosSystem {
system = arch;
modules = [
./hosts/base

13
nixosModules/users/default.nix
View file

@ -14,6 +14,11 @@ in
default = [ ];
description = "List of SSH public keys to authorize for the admin user.";
};
password = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
description = "Password for the admin user. Should be used only for initial setup.";
};
};
config = {
@ -21,11 +26,15 @@ in
age.secrets.mypassword.file = ../../secrets/mypassword.age;
# Define the admin user
users.users.${cfg.user} = {
passwordFile = config.age.secrets.mypassword.path;
users = {
mutableUsers = false;
users.${cfg.user} = {
password = if cfg.password != null then cfg.password else null;
hashedPasswordFile = if cfg.password != null then null else config.age.secrets.mypassword.path;
isNormalUser = true;
extraGroups = [ "wheel" ];
openssh.authorizedKeys.keys = cfg.sshKeys;
};
};
};
}

23
scripts/bootstrap.sh Executable file
View file

@ -0,0 +1,23 @@
#!/usr/bin/env bash
# Parameters
ip=$1
if [ -z "$ip" ]; then
echo "Usage: $0 <ip>"
exit 1
fi
# This script is used to bootstrap nixos machine so I can get their ssh keys
nix run \
github:nix-community/nixos-anywhere \
-- \
--flake '.#bootstrap' \
--target-host root@$ip \
--build-on-remote
ret=$?
if [ $ret -ne 0 ]; then
echo "Failed to bootstrap $ip"
exit $ret
fi

34
scripts/install.sh Executable file
View file

@ -0,0 +1,34 @@
#!/usr/bin/env bash
# Parameters
ip=$1
host=$2
if [ -z "$ip" ] || [ -z "$host" ]; then
echo "Usage: $0 <ip> <host>"
exit 1
fi
# This script is used to bootstrap nixos machine so I can get their ssh keys
nixos-rebuild boot \
--flake ".#$host" \
--fast \
--target-host krop@$ip \
--build-host krop@$ip \
--use-remote-sudo
ret=$?
if [ $ret -ne 0 ]; then
echo "Failed to install $host"
exit $ret
fi
echo "Successfully installed $host, rebooting"
ssh -t krop@$ip "sudo reboot now"
ret=$?
if [ $ret -ne 0 ]; then
echo "Failed to reboot $host"
exit $ret
fi

25
scripts/update.sh Executable file
View file

@ -0,0 +1,25 @@
#!/usr/bin/env bash
# Parameters
ip=$1
if [ -z "$ip" ]; then
echo "Usage: $0 <ip>"
exit 1
fi
# This script is used to bootstrap nixos machine so I can get their ssh keys
nixos-rebuild switch \
--flake ".#$host" \
--fast \
--target-host krop@$ip \
--build-host krop@$ip \
--use-remote-sudo
ret=$?
if [ $ret -ne 0 ]; then
echo "Failed to update $ip"
exit $ret
fi
echo "Successfully updated $ip, rebooting"

BIN
secrets/mypassword.age
View file

Binary file not shown.