Skip to content

Instantly share code, notes, and snippets.

@mpscholten
Created March 18, 2018 16:17
Show Gist options
  • Save mpscholten/1a12fca4a21fca4fb485148595ffd9b3 to your computer and use it in GitHub Desktop.
Save mpscholten/1a12fca4a21fca4fb485148595ffd9b3 to your computer and use it in GitHub Desktop.
# Original by Adrien Devresse shared on the nix-dev mailing list (https://nixos.org/nix-dev/2016-June/020732.html)
# With a few modifications
# globals
NIX_DAEMON_USER="nixbld1"
NIX_PATH_CONTENT="$NIX_PATH"
TMP_SSH_CONFIG_DIR="$(mktemp -d /tmp/nix-ssh-config-XXXXXXXXX)"
## configure ssh agent location
##
if [[ -e ${SSH_AUTH_SOCK} ]]; then
NIX_PATH_CONTENT="ssh-auth-sock=${SSH_AUTH_SOCK}:${NIX_PATH_CONTENT}"
setfacl -m "u:${NIX_DAEMON_USER}:rwx" ${SSH_AUTH_SOCK}
setfacl -m "u:${NIX_DAEMON_USER}:rwx" "$(dirname ${SSH_AUTH_SOCK})"
else
echo "Error: ssh-agent environment variable SSH_AUTH_SOCK is not existing" >&2
fi
## configure ssh config path
mkdir -p ${TMP_SSH_CONFIG_DIR}/.ssh
TMP_SSH_CONFIG_FILE="${TMP_SSH_CONFIG_DIR}/.ssh/config"
## use ssh_config user file as initial template
## if it exists
## to forward user alias and parameters
##
if [[ -e ${HOME}/.ssh/config ]]; then
cp ${HOME}/.ssh/config ${TMP_SSH_CONFIG_FILE}
else
touch ${TMP_SSH_CONFIG_FILE}
fi
## Disable strict host key checking
## Needed to have the nix-daemon able to read
## a file not owned by him without throwing
## a SSH error
##
cat >> ${TMP_SSH_CONFIG_FILE} << EOF
Host *
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
EOF
setfacl -m "u:${NIX_DAEMON_USER}:rwx" -R ${TMP_SSH_CONFIG_DIR}
NIX_PATH_CONTENT="ssh-config-file=${TMP_SSH_CONFIG_FILE}:${NIX_PATH_CONTENT}"
NIX_PATH=${NIX_PATH_CONTENT} nixos-rebuild switch
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment