feat: Use identity_file as a deployment key
#452
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Will now use the provided `-i` (identity_file) as a stable deployment key - if specified - rather than always generating a random ephemeral SSH key. This is primarily useful for the following reasons: - error recovery - controlled phases *Error Recovery* If `nixos-anywhere` stops with an error, we might want to connect remotely to the deployed machine. With the ephemeral key this might not be possible, because we don't necessarily have access to it anymore. *Controlled Phases* It is already possible to control which phases should be run. With an ephemeral key outside our control we are not able to resume the phases with a second `nixos-anywhere` invocation, because a different deployment key will now be generated.
|
This pull request has been mentioned on NixOS Discourse. There might be relevant details there: https://discourse.nixos.org/t/2025-01-15-clan-weekly-changelog/58874/1 |
|
@mergify queue |
❌ Command disallowed due to command restrictions in the Mergify configuration.
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Will now use the provided
-i(identity_file) as a stable deployment key - if specified - rather than always generating a random ephemeral SSH key.This is primarily useful for the following reasons:
Error Recovery
If
nixos-anywherestops with an error, we might want to connect remotely to the deployed machine. With the ephemeral key this might not be possible, because we don't necessarily have access to it anymore.Controlled Phases
It is already possible to control which phases should be run. With an ephemeral key outside our control we are not able to resume the phases with a second
nixos-anywhereinvocation, because a different deployment key will now be generated.