generate random password for root as initial configuration

Some cloud providers allow web console login (Hetzner Cloud, for example).
You can then login and fix network issues (if any).

This change generates a password for root, so it is 1 step easier to do.
This commit is contained in:
Danylo Hlynskyi 2019-10-10 11:59:51 +02:00
parent ba58e54ee9
commit f562ed2b12

View file

@ -4,11 +4,17 @@
set -e -o pipefail set -e -o pipefail
ROOT_PASSWORD=
makeConf() { makeConf() {
# Skip everything if main config already present # Skip everything if main config already present
[[ -e /etc/nixos/configuration.nix ]] && return 0 [[ -e /etc/nixos/configuration.nix ]] && return 0
# NB <<"EOF" quotes / $ ` in heredocs, <<EOF does not # NB <<"EOF" quotes / $ ` in heredocs, <<EOF does not
mkdir -p /etc/nixos mkdir -p /etc/nixos
# generate some default password, to make login possible if network is down
set +o pipefail
ROOT_PASSWORD="$(cat /dev/urandom | tr -dc _A-Z-a-z-0-9 | head -c12)"
set -o pipefail
# Prevent grep for sending error code 1 (and halting execution) when no lines are selected : https://www.unix.com/man-page/posix/1P/grep # Prevent grep for sending error code 1 (and halting execution) when no lines are selected : https://www.unix.com/man-page/posix/1P/grep
local IFS=$'\n'; keys=($(grep -vE '^[[:space:]]*(#|$)' /root/.ssh/authorized_keys || [[ $? == 1 ]])) local IFS=$'\n'; keys=($(grep -vE '^[[:space:]]*(#|$)' /root/.ssh/authorized_keys || [[ $? == 1 ]]))
local network_import="" local network_import=""
@ -29,6 +35,9 @@ makeConf() {
users.users.root.openssh.authorizedKeys.keys = [$(for key in "${keys[@]}"; do echo -n " users.users.root.openssh.authorizedKeys.keys = [$(for key in "${keys[@]}"; do echo -n "
\"$key\""; done) \"$key\""; done)
]; ];
$([ -n "$ROOT_PASSWORD" ] && echo "
users.users.root.password = ''$ROOT_PASSWORD'';
")
} }
EOF EOF
# If you rerun this later, be sure to prune the filesSystems attr # If you rerun this later, be sure to prune the filesSystems attr
@ -262,6 +271,14 @@ makeConf
infect infect
removeSwap removeSwap
if [ -n "$ROOT_PASSWORD" ]; then
echo "-----"
echo "Root password set: $ROOT_PASSWORD"
echo "You can use it if instance is not reachable through SSH. Don't forget to change it after infection complete."
echo "-----"
fi
if [[ -z "$NO_REBOOT" ]]; then if [[ -z "$NO_REBOOT" ]]; then
reboot reboot
fi fi