7

我有带有 nixos 的机器(使用 terraform, config 配置),我想使用deployment.targetHost = ipAddress和连接到它deployment.targetEnv = "none"

但我无法将 nixops 配置为使用/secrets/stage_ssh_keyssh 密钥

这不起作用(实际上这没有记录,我在这里找到了它https://github.com/NixOS/nixops/blob/d4e5b779def1fc9e7cf124930d0148e6bd670051/nixops/backends/none.py#L33-L35

{
  stage =
    { pkgs, ... }:
    {
      deployment.targetHost = (import ./nixos-generated/stage.nix).terraform.ip;
      deployment.targetEnv = "none";

      deployment.none.sshPrivateKey        = builtins.readFile ./secrets/stage_ssh_key;
      deployment.none.sshPublicKey         = builtins.readFile ./secrets/stage_ssh_key.pub;
      deployment.none.sshPublicKeyDeployed = true;

      environment.systemPackages = with pkgs; [
        file
      ];
    };
}

nixops ssh stage导致要求输入密码,预期 - 无密码登录

nixops ssh stage -i ./secrets/stage_ssh_key按预期工作,不询问密码

如何重现:

  • 下载回购
  • rm -rf secrets/*

  • 在中添加 aws 键secrets/aws.nix

    { EC2_ACCESS_KEY="XXXX"; EC2_SECRET_KEY="XXXX"; }

  • nix-shell

  • make generate_stage_ssh_key
  • terraform apply
  • make nixops_create
  • nixops deploy询问密码
4

0 回答 0