# Original by Adrien Devresse shared on the nix-dev mailing list (https://nixos.org/nix-dev/2016-June/020732.html) | |
# With a few modifications | |
# globals | |
NIX_DAEMON_USER="nixbld1" | |
NIX_PATH_CONTENT="$NIX_PATH" | |
TMP_SSH_CONFIG_DIR="$(mktemp -d /tmp/nix-ssh-config-XXXXXXXXX)" | |
## configure ssh agent location | |
## | |
if [[ -e ${SSH_AUTH_SOCK} ]]; then | |
NIX_PATH_CONTENT="ssh-auth-sock=${SSH_AUTH_SOCK}:${NIX_PATH_CONTENT}" | |
setfacl -m "u:${NIX_DAEMON_USER}:rwx" ${SSH_AUTH_SOCK} | |
setfacl -m "u:${NIX_DAEMON_USER}:rwx" "$(dirname ${SSH_AUTH_SOCK})" | |
else | |
echo "Error: ssh-agent environment variable SSH_AUTH_SOCK is not existing" >&2 | |
fi | |
## configure ssh config path | |
mkdir -p ${TMP_SSH_CONFIG_DIR}/.ssh | |
TMP_SSH_CONFIG_FILE="${TMP_SSH_CONFIG_DIR}/.ssh/config" | |
## use ssh_config user file as initial template | |
## if it exists | |
## to forward user alias and parameters | |
## | |
if [[ -e ${HOME}/.ssh/config ]]; then | |
cp ${HOME}/.ssh/config ${TMP_SSH_CONFIG_FILE} | |
else | |
touch ${TMP_SSH_CONFIG_FILE} | |
fi | |
## Disable strict host key checking | |
## Needed to have the nix-daemon able to read | |
## a file not owned by him without throwing | |
## a SSH error | |
## | |
cat >> ${TMP_SSH_CONFIG_FILE} << EOF | |
Host * | |
StrictHostKeyChecking no | |
UserKnownHostsFile /dev/null | |
EOF | |
setfacl -m "u:${NIX_DAEMON_USER}:rwx" -R ${TMP_SSH_CONFIG_DIR} | |
NIX_PATH_CONTENT="ssh-config-file=${TMP_SSH_CONFIG_FILE}:${NIX_PATH_CONTENT}" | |
NIX_PATH=${NIX_PATH_CONTENT} nixos-rebuild switch |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment