Install NixOS on Hetzner Online: Difference between revisions

Line 163:

Voila! (after 1000 steps)

~~== Bootstrap with cloud-init ==~~

~~Create a server with the Debian 11 image (using the web interface or the hcloud cli tool) and provide the following "user data" for cloud-init:~~

~~<syntaxHighlight lang=yaml>~~

~~#cloud-config~~

~~runcmd:~~

~~- set -e~~

~~- /root/install-nix~~

- /root/.nix-profile/bin/nix --extra-experimental-features "nix-command flakes" build -L github:BBBSnowball/nixcfg#nixosConfigurations.hetzner-temp.config.system.build.toplevel --out-link /root/system && /root/.nix-profile/bin/nix-env -p /nix/var/nix/profiles/system --set /root/system

~~# NixOS manual suggests this. Not really needed here because we do a multi-user install.~~

~~- chown -R 0.0 /nix~~

~~- touch /etc/NIXOS~~

~~- echo "etc/nixos" >/etc/NIXOS_LUSTRATE~~

~~- echo "root/.ssh/authorized_keys" >>/etc/NIXOS_LUSTRATE~~

~~- echo "etc/ssh-shared-secret" >>/etc/NIXOS_LUSTRATE~~

~~- echo "var/lib/systemd/random-seed" >>/etc/NIXOS_LUSTRATE~~

- rm -rf /boot/efi/*

~~- mkdir /boot/efi/{EFI/systemd,EFI/BOOT} -p~~

~~- /nix/var/nix/profiles/system/bin/switch-to-configuration boot~~

~~- reboot~~

~~write_files:~~

~~- path: /root/install-nix~~

~~permissions: '0755'~~

~~content: |~~

~~#!/bin/bash~~

~~set -xe~~

~~apt update && apt install -y gnupg2 sudo~~

~~# Nix installer refuses to run as root...~~

~~useradd --create-home -G sudo user~~

~~sudo -u user curl --fail -o ~user/install-nix-2.5.1 https://releases.nixos.org/nix/nix-2.5.1/install~~

~~sudo -u user curl --fail -o ~user/install-nix-2.5.1.asc https://releases.nixos.org/nix/nix-2.5.1/install.asc~~

~~cp ~user/install-nix-2.5.1{,.asc} ~/~~

~~sha256sum -c <<<'e265dfd8e80223633a9726009b42c534ac3d5f2b6da5ad6432ca1f6ea88206d0 /root/install-nix-2.5.1'~~

~~echo 'user ALL=(ALL:ALL) NOPASSWD: ALL' >>/etc/sudoers~~

~~yes | sudo -u user sh ~user/install-nix-2.5.1 --daemon --no-channel-add~~

~~</syntaxHighlight>~~

Change the third command to use your own flake (or fetch your config in some other way). The authorized_keys file is not removed so you can login with the SSH keys that you choose when creating the server. If it doesn't reboot to NixOS, check the syntax of your user data (and keep the first line!) and have a look at the log: journalctl --unit cloud-final

~~Your config has to replace the Debian bootloader. There is an EFI partition but the server uses legacy boot so make sure to replace the legacy bootloader, i.e. configure boot.loader.* to not use EFI.~~

~~I use [https://github.com/BBBSnowball/groot/blob/5ca69fbb339404c9104467f0eadf234ee960aa23/hcloud-create.sh this helper script] to create the server and retrieve its SSH host key.~~

You can remove /old-root after booting into NixOS, which will free up about 1 GB. There is some interesting metadata in /old-root/var/lib/cloud/instances (e.g. the IP address) but you can also fetch similar information from [https://docs.hetzner.cloud/#server-metadata Hetzner's API].

[[Category:Server]]

@@ Line 163: / Line 163: @@
 Voila! (after 1000 steps)
-== Bootstrap with cloud-init ==
-Create a server with the Debian 11 image (using the web interface or the hcloud cli tool) and provide the following "user data" for cloud-init:
-<syntaxHighlight lang=yaml>
-#cloud-config
-runcmd:
-- set -e
-- /root/install-nix
-- /root/.nix-profile/bin/nix --extra-experimental-features "nix-command flakes" build -L github:BBBSnowball/nixcfg#nixosConfigurations.hetzner-temp.config.system.build.toplevel --out-link /root/system && /root/.nix-profile/bin/nix-env -p /nix/var/nix/profiles/system --set /root/system
-# NixOS manual suggests this. Not really needed here because we do a multi-user install.
-- chown -R 0.0 /nix
-- touch /etc/NIXOS
-- echo "etc/nixos" >/etc/NIXOS_LUSTRATE
-- echo "root/.ssh/authorized_keys" >>/etc/NIXOS_LUSTRATE
-- echo "etc/ssh-shared-secret" >>/etc/NIXOS_LUSTRATE
-- echo "var/lib/systemd/random-seed" >>/etc/NIXOS_LUSTRATE
-- rm -rf /boot/efi/*
-- mkdir /boot/efi/{EFI/systemd,EFI/BOOT} -p
-- /nix/var/nix/profiles/system/bin/switch-to-configuration boot
-- reboot
-write_files:
-- path: /root/install-nix
-  permissions: '0755'
-  content: |
-    #!/bin/bash
-    set -xe
-    apt update && apt install -y gnupg2 sudo
-    # Nix installer refuses to run as root...
-    useradd --create-home -G sudo user
-    sudo -u user  curl --fail -o ~user/install-nix-2.5.1 https://releases.nixos.org/nix/nix-2.5.1/install
-    sudo -u user  curl --fail -o ~user/install-nix-2.5.1.asc https://releases.nixos.org/nix/nix-2.5.1/install.asc
-    cp ~user/install-nix-2.5.1{,.asc} ~/
-    sha256sum -c <<<'e265dfd8e80223633a9726009b42c534ac3d5f2b6da5ad6432ca1f6ea88206d0  /root/install-nix-2.5.1'
-    echo 'user ALL=(ALL:ALL) NOPASSWD: ALL' >>/etc/sudoers
-    yes | sudo -u user  sh ~user/install-nix-2.5.1 --daemon --no-channel-add
-</syntaxHighlight>
-Change the third command to use your own flake (or fetch your config in some other way). The authorized_keys file is not removed so you can login with the SSH keys that you choose when creating the server. If it doesn't reboot to NixOS, check the syntax of your user data (and keep the first line!) and have a look at the log: journalctl --unit cloud-final
-Your config has to replace the Debian bootloader. There is an EFI partition but the server uses legacy boot so make sure to replace the legacy bootloader, i.e. configure boot.loader.* to not use EFI.
-I use [https://github.com/BBBSnowball/groot/blob/5ca69fbb339404c9104467f0eadf234ee960aa23/hcloud-create.sh this helper script] to create the server and retrieve its SSH host key.
-You can remove /old-root after booting into NixOS, which will free up about 1 GB. There is some interesting metadata in /old-root/var/lib/cloud/instances (e.g. the IP address) but you can also fetch similar information from [https://docs.hetzner.cloud/#server-metadata Hetzner's API].
 [[Category:Server]]