Saturday, 28 January 2017

NixOS, Root SSH install media for bootstrapping headless system

I've needed a CI Build system and a self-hosted Git repo for a while now. By chance, a friend was selling an old blade server, so I grabbed it. We have the space in the house, but we don't have anywhere to put a VGA monitor/keyboard. So, I need an install image that will launch sshd, permit a root login (with some default password) that I can use to bootstrap the system.

Additionally, after talking with some other friends about making an automated deployment system to reduce the amount of manual maintenance I need (I need something I can just fire-and-forget) rather than using Docker to deploy my services, it was suggested that I should look into called NixOS.

Looking it over, I'm very interested: the description's of Hydra sound like they solve a lot of problems I've had with CI/Build environments - notably, that dependencies aren't tracked by the build system and there's no way to control changes to the build environment.

NixOS has a built in tool for building custom liveCDs, which should be perfect for the headless installer... Except for one problem... NixOS's documentation kinda sucks. Which is a shame.

Thanks to some help from the #nixos irc channel on freenode, and the manual, I've managed to build that image.

1. These steps can only be performed from an existing nixos environment.

2. Check-out the nixos-small repository, then cd into it.
git clone --branch nixos-16.09-small https://github.com/NixOS/nixpkgs-channels.git nixpkgs
cd  nixpkgs/nixos
3.  Create a configuration file modules/installer/cd-dvd/installation-cd-ssh.nix
{ config, lib, pkgs, ... }:
{
  imports =
    [ ./installation-cd-base.nix
    ];
  environment.systemPackages =
    [
      pkgs.vim
    ];
  services.openssh.enable=true;
  services.openssh.permitRootLogin="yes";
  systemd.services.sshd.wantedBy = lib.mkForce [ "multi-user.target" ];

  users.extraUsers.root = {
    initialPassword = "PregeneratedPassword";
  };
}
4. Build the iso
 nix-build -A config.system.build.isoImage -I nixos-config=modules/installer/cd-dvd/installation-cd-ssh.nix
Done.

No comments:

Post a Comment