allow SSH access from continuous deployment (#460)

Reviewed-on: Fediversity/Fediversity#460 Reviewed-by: Valentin Gagarin <valentin.gagarin@tweag.io> Co-authored-by: Kiara Grouwstra <kiara@procolix.eu> Co-committed-by: Kiara Grouwstra <kiara@procolix.eu>
2025-07-15 11:56:22 +02:00 · 2025-07-15 11:56:22 +02:00 · b9b13df04e
commit b9b13df04e
parent 159e4107b8
2 changed files with 5 additions and 1 deletions
--- a/.forgejo/workflows/cd.yaml
+++ b/.forgejo/workflows/cd.yaml
@ -13,12 +13,14 @@ jobs:
      - name: Checkout repository
        uses: actions/checkout@v4

-      - name: Set up SSH key to access age secrets
+      - name: Set up SSH key for age secrets and SSH
        run: |
          env
          mkdir -p ~/.ssh
          echo "${{ secrets.CD_SSH_KEY }}" > ~/.ssh/id_ed25519
          chmod 600 ~/.ssh/id_ed25519
+          eval "$(ssh-agent -s)"
+          ssh-add ~/.ssh/id_ed25519

      - name: Deploy
        run: nix-shell --run 'nixops4 apply default'
--- a/infra/common/resource.nix
+++ b/infra/common/resource.nix
@ -58,6 +58,8 @@ in
    users.users.root.openssh.authorizedKeys.keys = attrValues keys.contributors ++ [
      # allow our panel vm access to the test machines
      keys.panel
+      # allow continuous deployment access
+      keys.cd
    ];

  };