civodul pushed a commit to branch master
in repository guix.
commit a2ef2bcbfd75593a865e726b014594a73aa0e441
Author: Sergey Trofimov <[email protected]>
AuthorDate: Fri Mar 14 16:06:54 2025 +0100
machine: hetzner: Allow connections using ssh-agent.
* gnu/machine/hetzner.scm (<hetzner-configuration>): Add ssh-public-key.
* doc/guix.texi (System Configuration)[hetzner-configuration]: Document it.
Change-Id: I7354ead508b1a4819534c6b22ba1f089749927c2
Signed-off-by: Ludovic Courtès <[email protected]>
Modified-by: Ludovic Courtès <[email protected]>
---
doc/guix.texi | 13 +++++++++----
gnu/machine/hetzner.scm | 17 +++++++++++------
2 files changed, 20 insertions(+), 10 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index 3d6080dbaa..12f155e912 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -46014,9 +46014,14 @@ equivalent. Other server types and their current
prices can be found
server type is currently not supported, since its rescue system is too
small to bootstrap a Guix system from.
-@item @code{ssh-key}
-The file name of the SSH private key to use to authenticate with the
-remote host.
+@item @code{ssh-key} (default: @code{#f})
+If specified, the file name of the SSH private key to use to
+authenticate with the remote host.
+
+@item @code{ssh-public-key} (default: extracted from @code{ssh-key})
+If specified, either a public key as returned by
+@code{string->public-key} or the path to the SSH public key to use to
+authenticate with the remote host.
@end table
@@ -46080,7 +46085,7 @@ shared vCPUs and 32 GB of RAM on the @code{x86_64}
architecture.
(environment hetzner-environment-type)
(configuration (hetzner-configuration
(server-type "cpx51")
- (ssh-key "/home/charlie/.ssh/id_rsa")))))
+ (ssh-public-key "/home/charlie/.ssh/id_rsa.pub")))))
@end lisp
@vindex GUIX_HETZNER_API_TOKEN
diff --git a/gnu/machine/hetzner.scm b/gnu/machine/hetzner.scm
index bc8d2efbd3..e8484e4d51 100644
--- a/gnu/machine/hetzner.scm
+++ b/gnu/machine/hetzner.scm
@@ -77,6 +77,7 @@
hetzner-configuration-location
hetzner-configuration-server-type
hetzner-configuration-ssh-key
+ hetzner-configuration-ssh-public-key
hetzner-configuration?
hetzner-environment-type))
@@ -204,20 +205,24 @@ Have you run 'guix archive --generate-key'?")
(default "fsn1"))
(server-type hetzner-configuration-server-type ; string
(default "cx42"))
- (ssh-key hetzner-configuration-ssh-key)) ; string
+ (ssh-public-key hetzner-configuration-ssh-public-key ; public-key | string
+ (thunked)
+ (default (public-key-from-file
(hetzner-configuration-ssh-key this-hetzner-configuration)))
+ (sanitize
+ (lambda (value)
+ (if (string? value) (public-key-from-file value) value))))
+ (ssh-key hetzner-configuration-ssh-key
+ (default #f))) ; #f | string
(define (hetzner-configuration-ssh-key-fingerprint config)
"Return the SSH public key fingerprint of CONFIG as a string."
- (and-let* ((file-name (hetzner-configuration-ssh-key config))
- (privkey (private-key-from-file file-name))
- (pubkey (private-key->public-key privkey))
+ (and-let* ((pubkey (hetzner-configuration-ssh-public-key config))
(hash (get-public-key-hash pubkey 'md5)))
(bytevector->hex-string hash)))
(define (hetzner-configuration-ssh-key-public config)
"Return the SSH public key of CONFIG as a string."
- (and-let* ((ssh-key (hetzner-configuration-ssh-key config))
- (public-key (public-key-from-file ssh-key)))
+ (let ((public-key (hetzner-configuration-ssh-public-key config)))
(format #f "ssh-~a ~a" (get-key-type public-key)
(public-key->string public-key))))
