mirror of
https://github.com/nix-community/nixos-anywhere.git
synced 2024-07-14 19:40:42 +03:00
terraform: allow nixos-rebuild to use specified private key for deployment
`nixos-rebuild/deploy.sh` script enable ssh authentication with a given private key through the `SSH_KEY` environment variable. Add additional variable for the private key used for the deployment. To encourage the use of ssh-agent and discourage the storage of deployment keys in the terraform state we do not set the install ssh key as the default for the deployment key. Co-authored-by: Jörg Thalheim <Mic92@users.noreply.github.com>
This commit is contained in:
parent
ad954defb3
commit
16143cd8c0
@ -22,7 +22,7 @@ module "install" {
|
||||
target_port = var.target_port
|
||||
nixos_partitioner = module.partitioner-build.result.out
|
||||
nixos_system = module.system-build.result.out
|
||||
ssh_private_key = var.ssh_private_key
|
||||
ssh_private_key = var.install_ssh_key
|
||||
debug_logging = var.debug_logging
|
||||
instance_id = var.instance_id
|
||||
}
|
||||
@ -33,6 +33,7 @@ module "nixos-rebuild" {
|
||||
]
|
||||
source = "../nixos-rebuild"
|
||||
nixos_system = module.system-build.result.out
|
||||
ssh_private_key = var.deployment_ssh_key
|
||||
target_host = var.target_host
|
||||
target_user = var.target_user
|
||||
}
|
||||
|
@ -51,9 +51,15 @@ variable "instance_id" {
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "ssh_private_key" {
|
||||
variable "install_ssh_key" {
|
||||
type = string
|
||||
description = "Content of private key used to connect to the target_host"
|
||||
description = "Content of private key used to connect to the target_host during initial installation"
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "deployment_ssh_key" {
|
||||
type = string
|
||||
description = "Content of private key used to deploy to the target_host after initial installation. To ensure maximum security, it is advisable to connect to your host using ssh-agent instead of relying on this variable"
|
||||
default = null
|
||||
}
|
||||
|
||||
|
@ -3,6 +3,10 @@ resource "null_resource" "nixos-rebuild" {
|
||||
store_path = var.nixos_system
|
||||
}
|
||||
provisioner "local-exec" {
|
||||
environment = {
|
||||
SSH_KEY = var.ssh_private_key
|
||||
}
|
||||
|
||||
command = "${path.module}/deploy.sh ${var.nixos_system} ${var.target_user}@${var.target_host} ${var.target_port}"
|
||||
}
|
||||
}
|
||||
|
@ -19,3 +19,9 @@ variable "target_port" {
|
||||
description = "SSH port used to connect to the target_host"
|
||||
default = 22
|
||||
}
|
||||
|
||||
variable "ssh_private_key" {
|
||||
type = string
|
||||
description = "Content of private key used to connect to the target_host. If set to - no key is passed to openssh and ssh will back to its own configuration".
|
||||
default = "-"
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user