diff --git a/README.md b/README.md index 361b53a..bd38a7a 100644 --- a/README.md +++ b/README.md @@ -150,26 +150,27 @@ We haven't fully implemented all the features, but the remaining work is tracked Bootstrap a brand new Ubuntu 22.04 DigitalOcean VPS into NixOS: ```sh -nix run .#bootstrap-host -- [--admin ] [ssh-identity-file] -nix run .#bootstrap-host -- [--admin ] [ssh-identity-file] +nix run .#bootstrap-host -- --admin [ssh-identity-file] +nix run .#bootstrap-host -- --admin [ssh-identity-file] ``` Example: ```sh -nix run .#bootstrap-host -- main-wiki root@203.0.113.10 ~/.ssh/do-bootstrap nix run .#bootstrap-host -- --admin jet main-wiki root@203.0.113.10 ~/.ssh/do-bootstrap -nix run .#bootstrap-host -- root@203.0.113.10 root@203.0.113.11 ~/.ssh/do-bootstrap +nix run .#bootstrap-host -- --admin jet root@203.0.113.10 root@203.0.113.11 ~/.ssh/do-bootstrap ``` +`--admin ` is required. The admin must exist in `siteConfig.adminUsers` in `flake.nix`. + What bootstrap does: - copies a first-boot module to the host - runs `nixos-infect` on the Ubuntu VPS -- converts the machine to NixOS with the `jet` admin user +- converts the machine to NixOS with the requested admin user - disables direct root SSH - fixes the known bad IPv6 routes generated by `nixos-infect` -- verifies that `jet` login and `sudo` work and that the host reaches `running` +- verifies that the requested admin login and `sudo` work and that the host reaches `running` What bootstrap is not: diff --git a/scripts/bootstrap-host.sh b/scripts/bootstrap-host.sh index be9f27b..78fd40e 100644 --- a/scripts/bootstrap-host.sh +++ b/scripts/bootstrap-host.sh @@ -3,8 +3,8 @@ set -euo pipefail usage() { cat <<'USAGE' Usage: - nix run .#bootstrap-host -- [--admin ] [ssh-identity-file] - nix run .#bootstrap-host -- [--admin ] [ssh-identity-file] + nix run .#bootstrap-host -- --admin [ssh-identity-file] + nix run .#bootstrap-host -- --admin [ssh-identity-file] USAGE } @@ -17,21 +17,23 @@ fi admin_users_json='@ADMIN_USERS_JSON@' -bootstrap_admin="jet" +pinned_nix_install_url='https://releases.nixos.org/nix/nix-2.24.14/install' + +bootstrap_admin="" ssh_identity_file="" main_target="" replica_target="" failures=() -if [ "${1:-}" = "--admin" ]; then - if [ "$#" -lt 4 ]; then - usage - exit 1 - fi - bootstrap_admin="$2" - shift 2 +if [ "${1:-}" != "--admin" ] || [ "$#" -lt 4 ]; then + printf 'Bootstrap requires --admin \n' >&2 + usage + exit 1 fi +bootstrap_admin="$2" +shift 2 + if [ "$#" -lt 2 ] || [ "$#" -gt 3 ]; then usage exit 1 @@ -70,7 +72,7 @@ make_host_module() { local module_file="$1" local admin_name="$2" - cat > "$module_file" <<'MODULE' + cat > "$module_file" </dev/null || true; curl -fsSL https://raw.githubusercontent.com/elitak/nixos-infect/36f48d8feb89ca508261d7390355144fc0048932/nixos-infect | env PROVIDER=digitalocean doNetConf=y NIX_CHANNEL=nixos-24.05 NIXOS_IMPORT=./host-bootstrap.nix bash -x' || true + "umount /boot/efi 2>/dev/null || true; curl -fsSL https://raw.githubusercontent.com/elitak/nixos-infect/36f48d8feb89ca508261d7390355144fc0048932/nixos-infect | env NIX_INSTALL_URL='$pinned_nix_install_url' PROVIDER=digitalocean doNetConf=y NIX_CHANNEL=nixos-24.05 NIXOS_IMPORT=./host-bootstrap.nix bash -x" || true printf 'Waiting for %s to reboot into NixOS\n' "$host_name" for try in $(seq 1 60); do