hetzner-dedicated/zfs: Password for root user

This commit is contained in:
Akshay Mankar 2023-10-13 16:03:09 +02:00
parent 70acd87eff
commit 2878a591a1
Signed by: axeman
GPG key ID: CA08F3AB62369B89

View file

@ -20,11 +20,8 @@
# inspired by https://nixos.wiki/wiki/Install_NixOS_on_Hetzner_Online # inspired by https://nixos.wiki/wiki/Install_NixOS_on_Hetzner_Online
# * This server has 2 SSDs. # * This server has 2 SSDs.
# We put everything on mirror (RAID1 equivalent). # We put everything on mirror (RAID1 equivalent).
# * A root user with empty password is created, so that you can just login # * A root user with a password is created, so that you can just login
# as root and press enter when using the Hetzner spider KVM. # as root when using the Hetzner spider KVM.
# Of course that empty-password login isn't exposed to the Internet.
# Change the password afterwards to avoid anyone with physical access
# being able to login without any authentication.
# * The script reboots at the end. # * The script reboots at the end.
# * exports of env vars are added throughout the script in case you want to run it manually # * exports of env vars are added throughout the script in case you want to run it manually
export LC_ALL=C export LC_ALL=C
@ -400,8 +397,7 @@ cat > /mnt/etc/nixos/configuration.nix <<EOF
"2001:4860:4860::8844" "2001:4860:4860::8844"
]; ];
# Initial empty root password for easy login: users.users.root.initialHashedPassword = "$y$j9T$bIN6GjQkmPMllOcQsq52K0$q0Z5B5.KW/uxXK9fItB8H6HO79RYAcI/ZZdB0Djke32";
users.users.root.initialHashedPassword = "";
services.openssh.permitRootLogin = "prohibit-password"; services.openssh.permitRootLogin = "prohibit-password";
users.users.root.openssh.authorizedKeys.keys = ["$SSH_PUB_KEY"]; users.users.root.openssh.authorizedKeys.keys = ["$SSH_PUB_KEY"];