| # Original by Adrien Devresse shared on the nix-dev mailing list (https://nixos.org/nix-dev/2016-June/020732.html) | |
| # With a few modifications | |
| # globals | |
| NIX_DAEMON_USER="nixbld1" | |
| NIX_PATH_CONTENT="$NIX_PATH" | |
| TMP_SSH_CONFIG_DIR="$(mktemp -d /tmp/nix-ssh-config-XXXXXXXXX)" | |
| ## configure ssh agent location | |
| ## | |
| if [[ -e ${SSH_AUTH_SOCK} ]]; then | |
| NIX_PATH_CONTENT="ssh-auth-sock=${SSH_AUTH_SOCK}:${NIX_PATH_CONTENT}" | |
| setfacl -m "u:${NIX_DAEMON_USER}:rwx" ${SSH_AUTH_SOCK} | |
| setfacl -m "u:${NIX_DAEMON_USER}:rwx" "$(dirname ${SSH_AUTH_SOCK})" | |
| else | |
| echo "Error: ssh-agent environment variable SSH_AUTH_SOCK is not existing" >&2 | |
| fi | |
| ## configure ssh config path | |
| mkdir -p ${TMP_SSH_CONFIG_DIR}/.ssh | |
| TMP_SSH_CONFIG_FILE="${TMP_SSH_CONFIG_DIR}/.ssh/config" | |
| ## use ssh_config user file as initial template | |
| ## if it exists | |
| ## to forward user alias and parameters | |
| ## | |
| if [[ -e ${HOME}/.ssh/config ]]; then | |
| cp ${HOME}/.ssh/config ${TMP_SSH_CONFIG_FILE} | |
| else | |
| touch ${TMP_SSH_CONFIG_FILE} | |
| fi | |
| ## Disable strict host key checking | |
| ## Needed to have the nix-daemon able to read | |
| ## a file not owned by him without throwing | |
| ## a SSH error | |
| ## | |
| cat >> ${TMP_SSH_CONFIG_FILE} << EOF | |
| Host * | |
| StrictHostKeyChecking no | |
| UserKnownHostsFile /dev/null | |
| EOF | |
| setfacl -m "u:${NIX_DAEMON_USER}:rwx" -R ${TMP_SSH_CONFIG_DIR} | |
| NIX_PATH_CONTENT="ssh-config-file=${TMP_SSH_CONFIG_FILE}:${NIX_PATH_CONTENT}" | |
| NIX_PATH=${NIX_PATH_CONTENT} nixos-rebuild switch |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment