Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add var.ssh_options to pass additional SSH options to nixos-rebuild #427

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

add var.ssh_options to pass additional SSH options to nixos-rebuild #427

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
d0ea698
add var.ssh_options to pass additional SSH options to nixos-rebuild
threddast Nov 19, 2024
a03c430
change ssh_options to a list of strings
threddast Dec 5, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
52 changes: 27 additions & 25 deletions terraform/all-in-one.md
View file
Open in desktop

Large diffs are not rendered by default.

1 change: 1 addition & 0 deletions terraform/all-in-one/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,7 @@ module "nixos-rebuild" {
target_host = var.target_host
target_user = var.target_user
target_port = var.target_port
ssh_options = var.ssh_options
}

output "result" {
Expand Down
9 changes: 9 additions & 0 deletions terraform/all-in-one/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,15 @@ variable "target_port" {
default = 22
}

variable "ssh_options" {
type = map(string)
description = "Additional options to pass to the SSH command used to connect to the target_host after installing NixOS."
default = {
UserKnownHostsFile = "/dev/null"
StrictHostKeyChecking = "no"
}
}

variable "instance_id" {
type = string
description = "The instance id of the target_host, used to track when to reinstall the machine"
Expand Down
17 changes: 9 additions & 8 deletions terraform/nixos-rebuild.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,14 +50,15 @@ No modules.

## Inputs

| Name | Description | Type | Default | Required |
| -------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------ | -------- | -------- | :------: |
| <a name="input_ignore_systemd_errors"></a> [ignore\_systemd\_errors](#input_ignore_systemd_errors) | Ignore systemd errors happening during deploy | `bool` | `false` | no |
| <a name="input_nixos_system"></a> [nixos\_system](#input_nixos_system) | The nixos system to deploy | `string` | n/a | yes |
| <a name="input_ssh_private_key"></a> [ssh\_private\_key](#input_ssh_private_key) | Content of private key used to connect to the target\_host. If set to - no key is passed to openssh and ssh will use its own configuration | `string` | `"-"` | no |
| <a name="input_target_host"></a> [target\_host](#input_target_host) | DNS host to deploy to | `string` | n/a | yes |
| <a name="input_target_port"></a> [target\_port](#input_target_port) | SSH port used to connect to the target\_host | `number` | `22` | no |
| <a name="input_target_user"></a> [target\_user](#input_target_user) | User to deploy as | `string` | `"root"` | no |
| Name | Description | Type | Default | Required |
|----------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------|----------------|-------------------------------------------------------------------------------------------|:--------:|
| <a name="input_ignore_systemd_errors"></a> [ignore\_systemd\_errors](#input_ignore_systemd_errors) | Ignore systemd errors happening during deploy | `bool` | `false` | no |
| <a name="input_nixos_system"></a> [nixos\_system](#input_nixos_system) | The nixos system to deploy | `string` | n/a | yes |
| <a name="input_ssh_private_key"></a> [ssh\_private\_key](#input_ssh_private_key) | Content of private key used to connect to the target\_host. If set to - no key is passed to openssh and ssh will use its own configuration | `string` | `"-"` | no |
| <a name="input_target_host"></a> [target\_host](#input_target_host) | DNS host to deploy to | `string` | n/a | yes |
| <a name="input_target_port"></a> [target\_port](#input_target_port) | SSH port used to connect to the target\_host | `number` | `22` | no |
| <a name="input_target_user"></a> [target\_user](#input_target_user) | User to deploy as | `string` | `"root"` | no |
| <a name="input_ssh_options"></a> [ssh\_options](#input_ssh_options) | Additional options to pass to the SSH command | `list(string)` | <pre>[<br> "-o UserKnownHostsFile=/dev/null"<br> "-o StrictHostKeyChecking=no"<br>]</pre> | no |

## Outputs

Expand Down
3 changes: 1 addition & 2 deletions terraform/nixos-rebuild/deploy.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,7 @@ workDir=$(mktemp -d)
trap 'rm -rf "$workDir"' EXIT

sshOpts=(-p "${TARGET_PORT}")
sshOpts+=(-o UserKnownHostsFile=/dev/null)
sshOpts+=(-o StrictHostKeyChecking=no)
Comment on lines -23 to -24
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This changes the current behavior in nixos-anywhere, if you are not using terraform.

sshOpts+=($SSH_OPTIONS)

set +x
if [[ -n ${SSH_KEY+x} && ${SSH_KEY} != "-" ]]; then
Expand Down
1 change: 1 addition & 0 deletions terraform/nixos-rebuild/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ resource "null_resource" "nixos-rebuild" {
provisioner "local-exec" {
environment = {
SSH_KEY = var.ssh_private_key
SSH_OPTIONS = join(" ", var.ssh_options)
}
command = "${path.module}/deploy.sh ${var.nixos_system} ${var.target_user} ${var.target_host} ${var.target_port} ${var.ignore_systemd_errors}"
}
Expand Down
9 changes: 9 additions & 0 deletions terraform/nixos-rebuild/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,15 @@ variable "target_port" {
default = 22
}

variable "ssh_options" {
type = list(string)
description = "Additional options to pass to the SSH command"
default = [
"-o UserKnownHostsFile=/dev/null",
"-o StrictHostKeyChecking=no"
]
}

variable "ssh_private_key" {
type = string
description = "Content of private key used to connect to the target_host. If set to - no key is passed to openssh and ssh will use its own configuration"
Expand Down
Loading