Created
March 18, 2018 16:17
-
-
Save mpscholten/1a12fca4a21fca4fb485148595ffd9b3 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Original by Adrien Devresse shared on the nix-dev mailing list (https://nixos.org/nix-dev/2016-June/020732.html) | |
# With a few modifications | |
# globals | |
NIX_DAEMON_USER="nixbld1" | |
NIX_PATH_CONTENT="$NIX_PATH" | |
TMP_SSH_CONFIG_DIR="$(mktemp -d /tmp/nix-ssh-config-XXXXXXXXX)" | |
## configure ssh agent location | |
## | |
if [[ -e ${SSH_AUTH_SOCK} ]]; then | |
NIX_PATH_CONTENT="ssh-auth-sock=${SSH_AUTH_SOCK}:${NIX_PATH_CONTENT}" | |
setfacl -m "u:${NIX_DAEMON_USER}:rwx" ${SSH_AUTH_SOCK} | |
setfacl -m "u:${NIX_DAEMON_USER}:rwx" "$(dirname ${SSH_AUTH_SOCK})" | |
else | |
echo "Error: ssh-agent environment variable SSH_AUTH_SOCK is not existing" >&2 | |
fi | |
## configure ssh config path | |
mkdir -p ${TMP_SSH_CONFIG_DIR}/.ssh | |
TMP_SSH_CONFIG_FILE="${TMP_SSH_CONFIG_DIR}/.ssh/config" | |
## use ssh_config user file as initial template | |
## if it exists | |
## to forward user alias and parameters | |
## | |
if [[ -e ${HOME}/.ssh/config ]]; then | |
cp ${HOME}/.ssh/config ${TMP_SSH_CONFIG_FILE} | |
else | |
touch ${TMP_SSH_CONFIG_FILE} | |
fi | |
## Disable strict host key checking | |
## Needed to have the nix-daemon able to read | |
## a file not owned by him without throwing | |
## a SSH error | |
## | |
cat >> ${TMP_SSH_CONFIG_FILE} << EOF | |
Host * | |
StrictHostKeyChecking no | |
UserKnownHostsFile /dev/null | |
EOF | |
setfacl -m "u:${NIX_DAEMON_USER}:rwx" -R ${TMP_SSH_CONFIG_DIR} | |
NIX_PATH_CONTENT="ssh-config-file=${TMP_SSH_CONFIG_FILE}:${NIX_PATH_CONTENT}" | |
NIX_PATH=${NIX_PATH_CONTENT} nixos-rebuild switch |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment