Install NixOS on Hetzner Online: Difference between revisions
imported>Nh2 Link how to install NixOS on Hetzner Cloud |
imported>Zimbatm added Bootstrap from the Rescue System section |
||
| Line 74: | Line 74: | ||
} | } | ||
</syntaxHighlight> | </syntaxHighlight> | ||
== Bootstrap from the Rescue System == | |||
Here are some quick notes on how to bootstrap. Inspiration comes from https://github.com/ofborg/infrastructure/commit/0712a5cf871b7a6d2fbbd2df539d3cd90ab8fa1f | |||
and https://github.com/andir/infra/tree/master/bootstrap | |||
The main principle is that we will go from: Rescue system, kexec into a NixOS system, finally install the system. | |||
First, reboot the machine in Rescue mode. Make sure to select your SSH public key. SSH into the machine: | |||
<nowiki> | |||
# Create a user, because the nix installer | |||
useradd foo | |||
mkdir /nix | |||
chown foo /nix | |||
su foo | |||
cd | |||
# Install Nix | |||
curl -L https://nixos.org/nix/install | bash | |||
# Install nixos-generators | |||
nix-env -f https://github.com/nix-community/nixos-generators/archive/master.tar.gz -i | |||
# Create a initial config, just to kexec into | |||
cat <<EOF > config.nix | |||
{ | |||
services.openssh.enable = true; | |||
users.users.root.openssh.authorizedKeys.keys = [ | |||
# Replace with your public key | |||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDGB1Pog97SWdV2UEA40V+3bML+lSZXEd48zCRlS/eGbY3rsXfgUXb5FIBulN9cET9g0OOAKeCZBR1Y2xXofiHDYkhk298rHDuir6cINuoMGUO7VsygUfKguBy63QMPHYnJBE1h+6sQGu/3X9G2o/0Ys2J+lZv4+N7Hqolhbg/Cu6/LUCsJM/udqTVwJGEqszDWPtuuTAIS6utB1QdL9EZT5WBb1nsNyHnIlCnoDKZvrrO9kM0FGKhjJG2skd3+NqmLhYIDhRhZvRnL9c8U8uozjbtj/N8L/2VCRzgzKmvu0Y1cZMWeAAdyqG6LoyE7xGO+SF4Vz1x6JjS9VxnZipIB zimbatm@nixos" | |||
]; | |||
} | |||
EOF | |||
# Generate the kexec script | |||
nixos-generate -o ./result -f kexec-bundle -c ./config.nix | |||
# Switch to the new system | |||
./result | |||
</nowiki> | |||
At this point the shell should stop responding. Kill the shell and ssh back into the machine. The server public key will have changed. | |||
<nowiki> | |||
format() { | |||
parted -s "$1" -- mklabel msdos | |||
parted -s "$1" -- mkpart primary 1MiB 512MiB | |||
parted -s "$1" -- set 1 boot on | |||
parted -s "$1" -- mkpart primary 512MiB 100% | |||
parted -s "$1" -- print | |||
} | |||
# In this particular machine we have two NVMe disks | |||
format /dev/nvme0n1 | |||
format /dev/nvme1n1 | |||
# Here we create a single btrfs volume using both disks. Change as needed | |||
# TODO: Use boot.loader.grub.mirroredBoots | |||
mkfs.ext2 /dev/nvme0n1p1 | |||
mkfs.btrfs -d raid0 -m raid1 -L nixos /dev/nvme0n1p2 /dev/nvme1n1p2 | |||
# Mount the disks | |||
mount /dev/disk/by-label/nixos /mnt | |||
mount /dev/nvme0n1p1 /mnt/boot | |||
# Generate the NixOS configuration. | |||
nixos-generate-config --root /mnt | |||
</nowiki> | |||
At this point, edit the /mnt/etc/nixos/configuration.nix and tune as needed. I just added the following lines: | |||
<nowiki> | |||
boot.loader.grub.device = "/dev/nvme0n1"; | |||
services.openssh.enable = true; | |||
users.users.root.openssh.authorizedKeys.keys = [ | |||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDGB1Pog97SWdV2UEA40V+3bML+lSZXEd48zCRlS/eGbY3rsXfgUXb5FIBulN9cET9g0OOAKeCZBR1Y2xXofiHDYkhk298rHDuir6cINuoMGUO7VsygUfKguBy63QMPHYnJBE1h+6sQGu/3X9G2o/0Ys2J+lZv4+N7Hqolhbg/Cu6/LUCsJM/udqTVwJGEqszDWPtuuTAIS6utB1QdL9EZT5WBb1nsNyHnIlCnoDKZvrrO9kM0FGKhjJG2skd3+NqmLhYIDhRhZvRnL9c8U8uozjbtj/N8L/2VCRzgzKmvu0Y1cZMWeAAdyqG6LoyE7xGO+SF4Vz1x6JjS9VxnZipIB zimbatm@nixos" | |||
]; | |||
</nowiki> | |||
Finally run `nixos-install`, and then reboot the machine. | |||
Voila! (after 1000 steps) | |||