add draft scripts for hetzner install
Signed-off-by: ahuston-0 <aliceghuston@gmail.com>
This commit is contained in:
parent
2fa062bdc2
commit
5c3367310a
27
utils/hetzner-install.sh
Normal file
27
utils/hetzner-install.sh
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
#!/usr/bin/env nix
|
||||||
|
#! nix shell nixpkgs#bash nixpkgs#git --command bash
|
||||||
|
|
||||||
|
set -o errexit # abort on nonzero exitstatus
|
||||||
|
set -o nounset # abort on unbound variable
|
||||||
|
set -o pipefail # don't hide errors within pipes
|
||||||
|
|
||||||
|
MACHINENAME="hetzner-bridge"
|
||||||
|
|
||||||
|
sudo mkdir /root/.ssh
|
||||||
|
sudo chmod 700 /root/.ssh
|
||||||
|
sudo ssh-keygen -t ed25519 -o -a 100 -f "/root/.ssh/id_ed25519_giteadeploy" -q -N "" -C "$MACHINENAME" || echo "key already exists"
|
||||||
|
|
||||||
|
sudo cat /root/.ssh/id_ed25519_giteadeploy.pub
|
||||||
|
|
||||||
|
sudo ssh-keygen -A
|
||||||
|
|
||||||
|
nix --extra-experimental-features 'flakes nix-command' shell nixpkgs#git
|
||||||
|
nix --extra-experimental-features 'flakes nix-command' store gc
|
||||||
|
FLAKE="git+ssh://gitea@nayeonie.com:2222/ahuston-0/nix-dotfiles?ref=feature/hetzner-bridge#hetzner-bridge"
|
||||||
|
DISK_DEVICE=/dev/sda
|
||||||
|
sudo nix \
|
||||||
|
--extra-experimental-features 'flakes nix-command' \
|
||||||
|
run github:nix-community/disko#disko-install -- \
|
||||||
|
--flake "$FLAKE" \
|
||||||
|
--write-efi-boot-entries \
|
||||||
|
--disk main "$DISK_DEVICE"
|
||||||
35
utils/hetzner-nixos-anywhere.sh
Normal file
35
utils/hetzner-nixos-anywhere.sh
Normal file
@ -0,0 +1,35 @@
|
|||||||
|
#!/usr/bin/env nix
|
||||||
|
#! nix shell nixpkgs#bash nixpkgs#mktemp nixpkgs#openssh nixpkgs#nixos-anywhere nixpkgs#sops --command bash
|
||||||
|
|
||||||
|
echoerr() { printf "%s\n" "$*" >&2; }
|
||||||
|
|
||||||
|
if (( $# != 1 )); then
|
||||||
|
echoerr "usage: $0 <hostname>"
|
||||||
|
fi
|
||||||
|
|
||||||
|
HOSTNAME=$1
|
||||||
|
|
||||||
|
# Create a temporary directory
|
||||||
|
temp=$(mktemp -d)
|
||||||
|
|
||||||
|
# Function to cleanup temporary directory on exit
|
||||||
|
cleanup() {
|
||||||
|
rm -rf "$temp"
|
||||||
|
}
|
||||||
|
trap cleanup EXIT
|
||||||
|
|
||||||
|
# Create the directory where sshd expects to find the host keys
|
||||||
|
install -d -m755 "$temp/etc/ssh"
|
||||||
|
|
||||||
|
# Create host keys
|
||||||
|
ssh-keygen -A -f "$temp/etc/ssh/"
|
||||||
|
|
||||||
|
# Set the correct permissions so sshd will accept the key
|
||||||
|
chmod 600 "$temp/etc/ssh/ssh_host_ed25519_key"
|
||||||
|
|
||||||
|
AGEKEY=$(ssh-to-age < "$temp/etc/ssh/ssh_host_ed25519_key.pub")
|
||||||
|
|
||||||
|
echo "$AGEKEY" | tee "./$HOSTNAME.age"
|
||||||
|
|
||||||
|
# Install NixOS to the host system with our secrets
|
||||||
|
nixos-anywhere --extra-files "$temp" --flake '.#your-host' root@yourip
|
||||||
Loading…
x
Reference in New Issue
Block a user