generate random password for root as initial configuration

Some cloud providers allow web console login (Hetzner Cloud, for example). You can then login and fix network issues (if any). This change generates a password for root, so it is 1 step easier to do.
2024-09-20 06:02:00 +00:00 · 2019-10-10 11:59:51 +02:00 · 2019-10-10 11:59:51 +02:00 · f562ed2b12
commit f562ed2b12
parent ba58e54ee9
1 changed files with 17 additions and 0 deletions
--- a/17
+++ b/17
@ -4,11 +4,17 @@

 set -e -o pipefail

+ROOT_PASSWORD=
+
 makeConf() {
  # Skip everything if main config already present
  [[ -e /etc/nixos/configuration.nix ]] && return 0
  # NB <<"EOF" quotes / $ ` in heredocs, <<EOF does not
  mkdir -p /etc/nixos
+  # generate some default password, to make login possible if network is down
+  set +o pipefail
+  ROOT_PASSWORD="$(cat /dev/urandom | tr -dc _A-Z-a-z-0-9 | head -c12)"
+  set -o pipefail
  # Prevent grep for sending error code 1 (and halting execution) when no lines are selected : https://www.unix.com/man-page/posix/1P/grep
  local IFS=$'\n'; keys=($(grep -vE '^[[:space:]]*(#|$)' /root/.ssh/authorized_keys || [[ $? == 1 ]])) 
  local network_import=""
@ -29,6 +35,9 @@ makeConf() {
  users.users.root.openssh.authorizedKeys.keys = [$(for key in "${keys[@]}"; do echo -n "
    \"$key\""; done)
  ];
+  $([ -n "$ROOT_PASSWORD" ] && echo "
+    users.users.root.password = ''$ROOT_PASSWORD'';
+  ")
 }
 EOF
  # If you rerun this later, be sure to prune the filesSystems attr
@ -262,6 +271,14 @@ makeConf
 infect
 removeSwap

+
+if [ -n "$ROOT_PASSWORD" ]; then
+  echo "-----"
+  echo "Root password set: $ROOT_PASSWORD"
+  echo "You can use it if instance is not reachable through SSH. Don't forget to change it after infection complete."
+  echo "-----"
+fi
+
 if [[ -z "$NO_REBOOT" ]]; then
  reboot
 fi