feat: add bootstrap config for initial ssh configuation

2026-03-14 14:28:27 -07:00 · 2026-03-14 14:28:27 -07:00 · a4ae929c4e
commit a4ae929c4e
parent 7576c1636e
2 changed files with 32 additions and 23 deletions
--- a/flake.nix
+++ b/flake.nix
@ -17,19 +17,25 @@
    let
      system = "x86_64-linux";
      pkgs = nixpkgs.legacyPackages.${system};
-      serverHost = "root@compsigh-minecraft";
-
      deploy = pkgs.writeShellScriptBin "nhs" ''
        nh os switch --hostname compsigh-minecraft --target-host root@compsigh-minecraft path:. "$@"
      '';
-      mcWhitelist = pkgs.writeShellScriptBin "mc-whitelist" ''
-        ssh ${serverHost} "docker exec minecraft rcon-cli whitelist add $1"
-      '';
-      mcCmd = pkgs.writeShellScriptBin "mc-cmd" ''
-        ssh ${serverHost} "docker exec minecraft rcon-cli $*"
-      '';
      mcLogs = pkgs.writeShellScriptBin "mc-logs" ''
-        ssh ${serverHost} "docker logs --tail ''${1:-100} -f minecraft"
+        ssh root@compsigh-minecraft "docker logs --tail ''${1:-100} -f minecraft"
+      '';
+      bootstrap = pkgs.writeShellScriptBin "mc-bootstrap" ''
+        set -euo pipefail
+        IP="''${1:?Usage: mc-bootstrap <server-ip>}"
+        echo "==> Installing NixOS (bootstrap config with port 22 open)..."
+        nix run github:nix-community/nixos-anywhere -- --flake path:.#compsigh-minecraft-bootstrap "root@$IP"
+        echo ""
+        echo "==> Removing old host key..."
+        ssh-keygen -R "$IP"
+        echo ""
+        echo "==> Fetching new server host key..."
+        echo "Run: ssh root@$IP cat /etc/ssh/ssh_host_ed25519_key.pub"
+        echo "Then update secrets/secrets.nix with the new key and run: agenix -r"
+        echo "Then run: nhs"
      '';
    in
    {
@ -44,11 +50,25 @@
        ];
      };

+      # Bootstrap config: opens port 22 on public interface for initial setup
+      nixosConfigurations.compsigh-minecraft-bootstrap = nixpkgs.lib.nixosSystem {
+        inherit system;
+        specialArgs = { inherit inputs; };
+        modules = [
+          disko.nixosModules.disko
+          inputs.agenix.nixosModules.default
+          ./disk-config.nix
+          ./configuration.nix
+          {
+            networking.firewall.allowedTCPPorts = [ 22 ];
+          }
+        ];
+      };
+
      devShells.${system}.default = pkgs.mkShell {
        packages = [
          deploy
-          mcWhitelist
-          mcCmd
+          bootstrap
          mcLogs
          pkgs.nh
          inputs.agenix.packages.${system}.default
@ -56,9 +76,8 @@

        shellHook = ''
          echo "compsigh minecraft server"
+          echo "  mc-bootstrap — first-time install (mc-bootstrap <ip>)"
          echo "  nhs          — deploy to server"
-          echo "  mc-whitelist — add a player (mc-whitelist PlayerName)"
-          echo "  mc-cmd       — run rcon command (mc-cmd whitelist list)"
          echo "  mc-logs      — tail server logs"
          echo "  agenix       — manage secrets"
        '';