dhess · July 16, 2018 05:30
diff --git a/gistfile1.txt b/gistfile1.txt
 { config, lib, pkgs, ... }:

 let

 in
 {

  # Deploy the Hydra's GitHub SSH key, so that it can pull from my
  # private repos.
  #
  # Note that in order to make use of this, we also need to install
  # the GitHub host key in the system's known_hosts.

  programs.ssh.knownHosts = [
    {
      hostNames = [ "github.com" ];
      publicKeyFile = ./github.com.pub;
    }
  ];

  deployment.keys."hydra-github" = {
    text = "your-private-key-here";
    user = "hydra";
    group = "hydra";
    permissions = "0400";
  };

  systemd.services.install-hydra-github-key = rec {
    description = "Install the Hydra GitHub key";
    after = [ "hydra-github-key.service" ];
    wants = after;
    wantedBy = [ "multi-user.target" ];
    script = ''
      mkdir -p ~hydra/.ssh || true
      chmod 0700 ~hydra/.ssh
      cp -pf /run/keys/hydra-github ~hydra/.ssh/id_ed25519
      chown -R hydra:hydra ~hydra/.ssh
      chmod 0400 ~hydra/.ssh/id_ed25519
    '';
  };

 }
	{ config, lib, pkgs, ... }:

	let

	in
	{

	# Deploy the Hydra's GitHub SSH key, so that it can pull from my
	# private repos.
	#
	# Note that in order to make use of this, we also need to install
	# the GitHub host key in the system's known_hosts.

	programs.ssh.knownHosts = [
	{
	hostNames = [ "github.com" ];
	publicKeyFile = ./github.com.pub;
	}
	];

	deployment.keys."hydra-github" = {
	text = "your-private-key-here";
	user = "hydra";
	group = "hydra";
	permissions = "0400";
	};

	systemd.services.install-hydra-github-key = rec {
	description = "Install the Hydra GitHub key";
	after = [ "hydra-github-key.service" ];
	wants = after;
	wantedBy = [ "multi-user.target" ];
	script = ''
	mkdir -p ~hydra/.ssh \|\| true
	chmod 0700 ~hydra/.ssh
	cp -pf /run/keys/hydra-github ~hydra/.ssh/id_ed25519
	chown -R hydra:hydra ~hydra/.ssh
	chmod 0400 ~hydra/.ssh/id_ed25519
	'';
	};

	}
No results found