run ssh commands thru the shell (which has openssh)

allow SSH access from continuous deployment (#460 )
Reviewed-on: Fediversity/Fediversity#460 Reviewed-by: Valentin Gagarin <valentin.gagarin@tweag.io> Co-authored-by: Kiara Grouwstra <kiara@procolix.eu> Co-committed-by: Kiara Grouwstra <kiara@procolix.eu>
2025-07-15 12:12:36 +02:00 · 2025-07-15 11:56:22 +02:00
2 changed files with 5 additions and 1 deletions
--- a/.forgejo/workflows/cd.yaml
+++ b/.forgejo/workflows/cd.yaml
@ -13,12 +13,14 @@ jobs:
      - name: Checkout repository
        uses: actions/checkout@v4

-      - name: Set up SSH key to access age secrets
+      - name: Set up SSH key for age secrets and SSH
        run: |
          env
          mkdir -p ~/.ssh
          echo "${{ secrets.CD_SSH_KEY }}" > ~/.ssh/id_ed25519
          chmod 600 ~/.ssh/id_ed25519
+          nix-shell --run 'eval "$(ssh-agent -s)"'
+          nix-shell --run 'ssh-add ~/.ssh/id_ed25519'

      - name: Deploy
        run: nix-shell --run 'nixops4 apply default'
--- a/infra/common/resource.nix
+++ b/infra/common/resource.nix
@ -58,6 +58,8 @@ in
    users.users.root.openssh.authorizedKeys.keys = attrValues keys.contributors ++ [
      # allow our panel vm access to the test machines
      keys.panel
+      # allow continuous deployment access
+      keys.cd
    ];

  };
Author	SHA1	Message	Date
Kiara Grouwstra	883bf175af	run ssh commands thru the shell (which has openssh)	2025-07-15 12:12:36 +02:00
Kiara Grouwstra	b9b13df04e	allow SSH access from continuous deployment (#460 ) Reviewed-on: Fediversity/Fediversity#460 Reviewed-by: Valentin Gagarin <valentin.gagarin@tweag.io> Co-authored-by: Kiara Grouwstra <kiara@procolix.eu> Co-committed-by: Kiara Grouwstra <kiara@procolix.eu>	2025-07-15 11:56:22 +02:00