krebs.build.scripts.init: don't try to use privkey
^_^
This commit is contained in:
tv
parent
0e069d964e
commit
4946561e0a
@ -33,7 +33,6 @@ let
|
|||||||
default =
|
default =
|
||||||
let
|
let
|
||||||
inherit (config.krebs.build) host;
|
inherit (config.krebs.build) host;
|
||||||
inherit (host.ssh) privkey;
|
|
||||||
in
|
in
|
||||||
''
|
''
|
||||||
#! /bin/sh
|
#! /bin/sh
|
||||||
@ -41,7 +40,7 @@ let
|
|||||||
|
|
||||||
hostname=${host.name}
|
hostname=${host.name}
|
||||||
secrets_dir=${config.krebs.build.source.dir.secrets.path}
|
secrets_dir=${config.krebs.build.source.dir.secrets.path}
|
||||||
key_type=${privkey.type}
|
key_type=ed25519
|
||||||
key_file=$secrets_dir/ssh.id_$key_type
|
key_file=$secrets_dir/ssh.id_$key_type
|
||||||
key_comment=$hostname
|
key_comment=$hostname
|
||||||
|
|
||||||
@ -49,8 +48,6 @@ let
|
|||||||
echo "Warning: privkey already exists: $key_file" >&2
|
echo "Warning: privkey already exists: $key_file" >&2
|
||||||
else
|
else
|
||||||
ssh-keygen \
|
ssh-keygen \
|
||||||
${optionalString (privkey.bits != null)
|
|
||||||
"-b ${toString privkey.bits}"} \
|
|
||||||
-C "$key_comment" \
|
-C "$key_comment" \
|
||||||
-t "$key_type" \
|
-t "$key_type" \
|
||||||
-f "$key_file" \
|
-f "$key_file" \
|
||||||
@ -62,7 +59,6 @@ let
|
|||||||
|
|
||||||
cat<<EOF
|
cat<<EOF
|
||||||
# put following into config.krebs.hosts.$hostname:
|
# put following into config.krebs.hosts.$hostname:
|
||||||
ssh.privkey = <secrets/ssh.id_$key_type>;
|
|
||||||
ssh.pubkey = $(echo $pubkey | jq -R .);
|
ssh.pubkey = $(echo $pubkey | jq -R .);
|
||||||
EOF
|
EOF
|
||||||
'';
|
'';
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user