diff options
| author | Florian Klink <flokli@flokli.de> | 2023-05-15T16·55+0300 |
|---|---|---|
| committer | clbot <clbot@tvl.fyi> | 2023-05-16T09·55+0000 |
| commit | 14a8ea9eab6ddf5b5ea78b7e480e2acf4f03bc62 (patch) | |
| tree | c1f2b550cb3b39a73e2b4a101ddfa9fda6938fde /ops | |
| parent | bb4d80797404d77a28a5eebe6c379285264b8c2d (diff) | |
feat(ops/terraform/deploy-nixos): make target_user_ssh_key optional r/6143
In case `target_user_ssh_key` points to an empty string, nixos-copy.sh just doesn't set `IdentityFile=` at all. This allows using deploy-nixos without any explicitly passed ssh keys, but picking up whatever ssh setup the user has configured locally. Change-Id: If335ce8434627e61da13bf6923b9767085af08a5 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8576 Autosubmit: flokli <flokli@flokli.de> Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
Diffstat (limited to 'ops')
| -rw-r--r-- | ops/terraform/deploy-nixos/main.tf | 1 | ||||
| -rwxr-xr-x | ops/terraform/deploy-nixos/nixos-copy.sh | 22 |
2 files changed, 14 insertions, 9 deletions
diff --git a/ops/terraform/deploy-nixos/main.tf b/ops/terraform/deploy-nixos/main.tf index 4a3dc08f6c..e07e9eb956 100644 --- a/ops/terraform/deploy-nixos/main.tf +++ b/ops/terraform/deploy-nixos/main.tf @@ -37,6 +37,7 @@ variable "target_user" { variable "target_user_ssh_key" { description = "SSH key to use for connecting to the target" type = string + default = "" sensitive = true } diff --git a/ops/terraform/deploy-nixos/nixos-copy.sh b/ops/terraform/deploy-nixos/nixos-copy.sh index 62cfc713b9..449002bbe5 100755 --- a/ops/terraform/deploy-nixos/nixos-copy.sh +++ b/ops/terraform/deploy-nixos/nixos-copy.sh @@ -1,19 +1,23 @@ #!/usr/bin/env bash # -# Copies a NixOS system to a target host, using the provided key. +# Copies a NixOS system to a target host, using the provided key, +# or whatever ambient key is configured if the key is not set. set -ueo pipefail -scratch="$(mktemp -d)" -trap 'rm -rf -- "${scratch}"' EXIT - -echo -n "$DEPLOY_KEY" > $scratch/id_deploy -chmod 0600 $scratch/id_deploy - export NIX_SSHOPTS="\ -o StrictHostKeyChecking=no\ -o UserKnownHostsFile=/dev/null\ - -o GlobalKnownHostsFile=/dev/null\ - -o IdentityFile=$scratch/id_deploy" + -o GlobalKnownHostsFile=/dev/null" + +# If DEPLOY_KEY was passed, write it to $scratch/id_deploy +if [ -n "${DEPLOY_KEY-}" ]; then + scratch="$(mktemp -d)" + trap 'rm -rf -- "${scratch}"' EXIT + + echo -n "$DEPLOY_KEY" > $scratch/id_deploy + chmod 0600 $scratch/id_deploy + export NIX_SSHOPTS="$NIX_SSHOPTS -o IdentityFile=$scratch/id_deploy" +fi nix-copy-closure \ --to ${TARGET_USER}@${TARGET_HOST} \ |