pass SSH_AUTHORIZED_KEY and merge with userdata.json

This commit is contained in:
Alexander Tomokhov 2023-12-05 05:28:15 +04:00
parent 9245d6584d
commit 8de4c0908f
2 changed files with 9 additions and 1 deletions

View file

@ -21,7 +21,7 @@ steps:
commands:
# Create infect user script and then push it to a remote machine on server creation.
- echo '#! /usr/bin/env bash' > infect.sh
- echo "curl https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-infect/raw/branch/$INFECT_SOURCE_BRANCH/nixos-infect | PROVIDER=hetzner DOMAIN=$DOMAIN LUSER=cicdcicd USER_PASS=\"$USER_PASS\" CF_TOKEN=$CLOUDFLARE_TOKEN DB_PASSWORD=\"$USER_PASS\" API_TOKEN=\"$USER_PASS\" HOSTNAME=selfprivacy-ci-test DNS_PROVIDER_TYPE=CLOUDFLARE STAGING_ACME=true NIX_VERSION=2.18.1 NIXOS_CONFIG_NAME=sp-nixos CONFIG_URL=https://git.selfprivacy.org/api/v1/repos/SelfPrivacy/selfprivacy-nixos-template/archive/master.tar.gz bash 2>&1 | tee /root/infect.log" >> infect.sh
- echo "curl https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-infect/raw/branch/$INFECT_SOURCE_BRANCH/nixos-infect | PROVIDER=hetzner DOMAIN=$DOMAIN LUSER=cicdcicd USER_PASS=\"$USER_PASS\" CF_TOKEN=$CLOUDFLARE_TOKEN DB_PASSWORD=\"$USER_PASS\" API_TOKEN=\"$USER_PASS\" HOSTNAME=selfprivacy-ci-test DNS_PROVIDER_TYPE=CLOUDFLARE STAGING_ACME=true NIX_VERSION=2.18.1 NIXOS_CONFIG_NAME=sp-nixos CONFIG_URL=https://git.selfprivacy.org/api/v1/repos/SelfPrivacy/selfprivacy-nixos-template/archive/master.tar.gz SSH_AUTHORIZED_KEY=\"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMBb3yVhYF4slhf1iQCiGLOVcbGKP/MmkQiEMl2un+4K\" bash 2>&1 | tee /root/infect.log" >> infect.sh
- http -v --check-status --ignore-stdin POST https://api.hetzner.cloud/v1/servers Authorization:"Bearer $PASSWORD" name=ci-sibling server_type=cx11 start_after_create:=true image=ubuntu-20.04 user_data=@infect.sh automount:=false location=fsn1
- name: dns

View file

@ -17,10 +17,17 @@
: "${NIX_VERSION:?NIX_VERSION variable is not set}"
: "${NIXOS_CONFIG_NAME:?NIXOS_CONFIG_NAME variable is not set}"
: "${CONFIG_URL:?CONFIG_URL variable is not set}"
: "${SSH_AUTHORIZED_KEY:=}"
readonly LOCAL_FLAKE_DIR="/etc/nixos"
readonly SECRETS_FILEPATH="/etc/selfprivacy/secrets.json"
genOptionalSsh() {
[ -n "${SSH_AUTHORIZED_KEY}" ] && cat << EOF
"ssh": { "rootKeys": [ "${SSH_AUTHORIZED_KEY}" ] },
EOF
}
# Merge original userdata.json with deployment specific fields and print result.
genUserdata() {
local HASHED_PASSWORD userdata_infect
@ -28,6 +35,7 @@ genUserdata() {
userdata_infect=$(cat << EOF
{
$(genOptionalSsh)
"dns": {
"provider": "$DNS_PROVIDER_TYPE",
"useStagingACME": $STAGING_ACME