feat(ops/terraform/deploy-nixos): make target_user_ssh_key optional

In case `target_user_ssh_key` points to an empty string, nixos-copy.sh
just doesn't set `IdentityFile=` at all.

This allows using deploy-nixos without any explicitly passed ssh keys,
but picking up whatever ssh setup the user has configured locally.

Change-Id: If335ce8434627e61da13bf6923b9767085af08a5
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8576
Autosubmit: flokli <flokli@flokli.de>
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
This commit is contained in:
Florian Klink 2023-05-15 19:55:49 +03:00 committed by clbot
parent bb4d807974
commit 14a8ea9eab
2 changed files with 14 additions and 9 deletions

View file

@ -37,6 +37,7 @@ variable "target_user" {
variable "target_user_ssh_key" { variable "target_user_ssh_key" {
description = "SSH key to use for connecting to the target" description = "SSH key to use for connecting to the target"
type = string type = string
default = ""
sensitive = true sensitive = true
} }

View file

@ -1,19 +1,23 @@
#!/usr/bin/env bash #!/usr/bin/env bash
# #
# Copies a NixOS system to a target host, using the provided key. # Copies a NixOS system to a target host, using the provided key,
# or whatever ambient key is configured if the key is not set.
set -ueo pipefail set -ueo pipefail
scratch="$(mktemp -d)"
trap 'rm -rf -- "${scratch}"' EXIT
echo -n "$DEPLOY_KEY" > $scratch/id_deploy
chmod 0600 $scratch/id_deploy
export NIX_SSHOPTS="\ export NIX_SSHOPTS="\
-o StrictHostKeyChecking=no\ -o StrictHostKeyChecking=no\
-o UserKnownHostsFile=/dev/null\ -o UserKnownHostsFile=/dev/null\
-o GlobalKnownHostsFile=/dev/null\ -o GlobalKnownHostsFile=/dev/null"
-o IdentityFile=$scratch/id_deploy"
# If DEPLOY_KEY was passed, write it to $scratch/id_deploy
if [ -n "${DEPLOY_KEY-}" ]; then
scratch="$(mktemp -d)"
trap 'rm -rf -- "${scratch}"' EXIT
echo -n "$DEPLOY_KEY" > $scratch/id_deploy
chmod 0600 $scratch/id_deploy
export NIX_SSHOPTS="$NIX_SSHOPTS -o IdentityFile=$scratch/id_deploy"
fi
nix-copy-closure \ nix-copy-closure \
--to ${TARGET_USER}@${TARGET_HOST} \ --to ${TARGET_USER}@${TARGET_HOST} \