about summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--ops/terraform/deploy-nixos/main.tf1
-rwxr-xr-xops/terraform/deploy-nixos/nixos-copy.sh22
2 files changed, 14 insertions, 9 deletions
diff --git a/ops/terraform/deploy-nixos/main.tf b/ops/terraform/deploy-nixos/main.tf
index 4a3dc08f6c85..e07e9eb95614 100644
--- a/ops/terraform/deploy-nixos/main.tf
+++ b/ops/terraform/deploy-nixos/main.tf
@@ -37,6 +37,7 @@ variable "target_user" {
 variable "target_user_ssh_key" {
   description = "SSH key to use for connecting to the target"
   type        = string
+  default     = ""
   sensitive   = true
 }
 
diff --git a/ops/terraform/deploy-nixos/nixos-copy.sh b/ops/terraform/deploy-nixos/nixos-copy.sh
index 62cfc713b935..449002bbe512 100755
--- a/ops/terraform/deploy-nixos/nixos-copy.sh
+++ b/ops/terraform/deploy-nixos/nixos-copy.sh
@@ -1,19 +1,23 @@
 #!/usr/bin/env bash
 #
-# Copies a NixOS system to a target host, using the provided key.
+# Copies a NixOS system to a target host, using the provided key,
+# or whatever ambient key is configured if the key is not set.
 set -ueo pipefail
 
-scratch="$(mktemp -d)"
-trap 'rm -rf -- "${scratch}"' EXIT
-
-echo -n "$DEPLOY_KEY" > $scratch/id_deploy
-chmod 0600 $scratch/id_deploy
-
 export NIX_SSHOPTS="\
     -o StrictHostKeyChecking=no\
     -o UserKnownHostsFile=/dev/null\
-    -o GlobalKnownHostsFile=/dev/null\
-    -o IdentityFile=$scratch/id_deploy"
+    -o GlobalKnownHostsFile=/dev/null"
+
+# If DEPLOY_KEY was passed, write it to $scratch/id_deploy
+if [ -n "${DEPLOY_KEY-}" ]; then
+  scratch="$(mktemp -d)"
+  trap 'rm -rf -- "${scratch}"' EXIT
+
+  echo -n "$DEPLOY_KEY" > $scratch/id_deploy
+  chmod 0600 $scratch/id_deploy
+  export NIX_SSHOPTS="$NIX_SSHOPTS -o IdentityFile=$scratch/id_deploy"
+fi
 
 nix-copy-closure \
   --to ${TARGET_USER}@${TARGET_HOST} \