terraform: allow nixos-rebuild to use specified private key for deployment #78
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Mic92
reviewed
Mar 21, 2023
jfroche
force-pushed
the
feat/use-privatekey-for-rebuild
branch
from
620ef74
to
67a9470
Compare
Mic92
reviewed
Mar 27, 2023
Mic92
reviewed
Mar 27, 2023
…yment `nixos-rebuild/deploy.sh` script enable ssh authentication with a given private key through the `SSH_KEY` environment variable. Add additional variable for the private key used for the deployment. To encourage the use of ssh-agent and discourage the storage of deployment keys in the terraform state we do not set the install ssh key as the default for the deployment key. Co-authored-by: Jörg Thalheim <Mic92@users.noreply.github.com>
jfroche
force-pushed
the
feat/use-privatekey-for-rebuild
branch
from
6dffcac
to
16143cd
Compare
zimbatm
reviewed
Mar 29, 2023
| variable "ssh_private_key" { | ||
| type = string | ||
| description = "Content of private key used to connect to the target_host. If set to - no key is passed to openssh and ssh will back to its own configuration" | ||
| default = "-" |
There was a problem hiding this comment.
Do you know why the dash is needed?
There was a problem hiding this comment.
because the check is explicitly for "-" in here: https://github.com/numtide/nixos-anywhere/blob/main/terraform/nixos-rebuild/deploy.sh#L22
There was a problem hiding this comment.
What is the "-" check for though?
There was a problem hiding this comment.
because not setting the value is more complicated in terraform than setting a dummy value which basically means: "no value"
|
Have just run this with |
Lassulus
approved these changes
Mar 29, 2023
|
bors merge |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
nixos-rebuild/deploy.shscript enable ssh authentication with a given private key through theSSH_KEYenvironment variable.Add additional variable for the private key used for the deployment.
To encourage the use of ssh-agent and discourage the storage of deployment keys in the terraform state we do not set the install ssh key as the default for the deployment key.