On 02/09/2018 at 11:02 Ludovic Courtès writes:
> George myglc2 Clemmer <myg...@gmail.com> skribis:
>> I want to set the host key in 'guix system vm-image' so that updating a
>> VM config does not break that VM's host key entry in my client machine
>> ~/.ssh/knownhosts files. AFAIK there is no direct way to do this. I
>> tried this ...
> The recommendation in this case is to use “out-of-band” storage—i.e.,
> have the secrets stored in a place other than the store.
> For example, you could have an activation snippet that copies secret
> files directly to /etc, along these lines (untested):
> (simple-service 'copy-private-key activation-service-type
> (with-imported-modules '((guix build utils))
> (use-modules (guix build utils))
> (mkdir-p "/etc/ssh")
> (copy-file "/root/secrets/ssh_host_ed25519_key"
> That means you have to arrange for /root/secrets/ssh_host_ed25519_key to
> exist in the first place, but that’s pretty much all we can do.
Thank you. So what is an easily-automated way to populate /root/secrets?
Is there a tests module that I should hack?
TIA - George