From 7400cecd8e37cd854716716f0e1ea824ae2788f8 Mon Sep 17 00:00:00 2001
From: Ethan Reece <git@ethanreece.com>
Date: Fri, 21 Feb 2025 23:16:37 -0600
Subject: [PATCH] Create working Hetzner NixOS install

---
 .gitignore                    |  1 +
 README.md                     |  9 +++++++--
 targets/vpn/configuration.nix | 16 +++++++++++++---
 3 files changed, 21 insertions(+), 5 deletions(-)

diff --git a/.gitignore b/.gitignore
index fcb16da..4e5db05 100644
--- a/.gitignore
+++ b/.gitignore
@@ -5,3 +5,4 @@
 *.tfstate.backup
 *.tfstate.*.backup
 .terraform.lock.hcl
+result
diff --git a/README.md b/README.md
index 5d20d4a..5087831 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 # OpenTofu server configuration
 
-This is an experimental configuration for my Hetzner VPS using OpenTofu and Nix.
+This is an experimental configuration for my Hetzner VPS using OpenTofu and Nix, based on [NixOS/nixos-wiki-infra on Github](https://github.com/NixOS/nixos-wiki-infra).
 
 ## How to use
 
@@ -8,5 +8,10 @@ Copy `.env.example` to `.env` and fill in the values.
 
 To generate a token with Hetzner, go to the project and click `Security -> API Tokens`.
 
-Run `nix develop` to access a shell where OpenTofu is accessible.
+For cross-compiling, you will need to add a builder by visiting the following resources:
+- https://nix.dev/tutorials/nixos/distributed-builds-setup.html
+- https://nix.dev/manual/nix/2.25/advanced-topics/distributed-builds
 
+Run `nix develop` at the root of the project directory to access a shell where OpenTofu is accessible.
+
+In the `targets` directory, go to the system and run the corresponding shell files to make modifications.
diff --git a/targets/vpn/configuration.nix b/targets/vpn/configuration.nix
index f53f603..d7a1af0 100644
--- a/targets/vpn/configuration.nix
+++ b/targets/vpn/configuration.nix
@@ -12,11 +12,14 @@ in
   imports = [
     self.nixosModules.hcloud
   ];
-  users.users.root.openssh.authorizedKeys.keys = nixosVars.ssh_keys;
+  users.users.root = {
+    openssh.authorizedKeys.keys = nixosVars.ssh_keys;
+    initialPassword = "nixos";
+  };
   system.stateVersion = "23.11";
 
   networking = {
-    hostName = "vpn";
+    hostName = "nixos-vpn";
   };
 
   services.openssh = {
@@ -24,7 +27,14 @@ in
     settings.PasswordAuthentication = false;
   };
 
+  services.cloud-init.enable = lib.mkForce false;
+
   boot.supportedFilesystems = ["btrfs"];
-  environment.systemPackages = [pkgs.btrfs-progs];
+  environment.systemPackages = [
+    pkgs.btrfs-progs
+    pkgs.shadow
+    pkgs.vim
+    pkgs.speedtest-cli
+  ];
 }