feat(ops/terraform/deploy-nixos): make target_user_ssh_key optional
In case `target_user_ssh_key` points to an empty string, nixos-copy.sh just doesn't set `IdentityFile=` at all. This allows using deploy-nixos without any explicitly passed ssh keys, but picking up whatever ssh setup the user has configured locally. Change-Id: If335ce8434627e61da13bf6923b9767085af08a5 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8576 Autosubmit: flokli <flokli@flokli.de> Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
This commit is contained in:
parent
bb4d807974
commit
14a8ea9eab
2 changed files with 14 additions and 9 deletions
|
@ -37,6 +37,7 @@ variable "target_user" {
|
||||||
variable "target_user_ssh_key" {
|
variable "target_user_ssh_key" {
|
||||||
description = "SSH key to use for connecting to the target"
|
description = "SSH key to use for connecting to the target"
|
||||||
type = string
|
type = string
|
||||||
|
default = ""
|
||||||
sensitive = true
|
sensitive = true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,19 +1,23 @@
|
||||||
#!/usr/bin/env bash
|
#!/usr/bin/env bash
|
||||||
#
|
#
|
||||||
# Copies a NixOS system to a target host, using the provided key.
|
# Copies a NixOS system to a target host, using the provided key,
|
||||||
|
# or whatever ambient key is configured if the key is not set.
|
||||||
set -ueo pipefail
|
set -ueo pipefail
|
||||||
|
|
||||||
scratch="$(mktemp -d)"
|
|
||||||
trap 'rm -rf -- "${scratch}"' EXIT
|
|
||||||
|
|
||||||
echo -n "$DEPLOY_KEY" > $scratch/id_deploy
|
|
||||||
chmod 0600 $scratch/id_deploy
|
|
||||||
|
|
||||||
export NIX_SSHOPTS="\
|
export NIX_SSHOPTS="\
|
||||||
-o StrictHostKeyChecking=no\
|
-o StrictHostKeyChecking=no\
|
||||||
-o UserKnownHostsFile=/dev/null\
|
-o UserKnownHostsFile=/dev/null\
|
||||||
-o GlobalKnownHostsFile=/dev/null\
|
-o GlobalKnownHostsFile=/dev/null"
|
||||||
-o IdentityFile=$scratch/id_deploy"
|
|
||||||
|
# If DEPLOY_KEY was passed, write it to $scratch/id_deploy
|
||||||
|
if [ -n "${DEPLOY_KEY-}" ]; then
|
||||||
|
scratch="$(mktemp -d)"
|
||||||
|
trap 'rm -rf -- "${scratch}"' EXIT
|
||||||
|
|
||||||
|
echo -n "$DEPLOY_KEY" > $scratch/id_deploy
|
||||||
|
chmod 0600 $scratch/id_deploy
|
||||||
|
export NIX_SSHOPTS="$NIX_SSHOPTS -o IdentityFile=$scratch/id_deploy"
|
||||||
|
fi
|
||||||
|
|
||||||
nix-copy-closure \
|
nix-copy-closure \
|
||||||
--to ${TARGET_USER}@${TARGET_HOST} \
|
--to ${TARGET_USER}@${TARGET_HOST} \
|
||||||
|
|
Loading…
Reference in a new issue