On 2016-11-19 12:46, Arnold Krille wrote: > On Sat, 19 Nov 2016 12:10:59 +0100 Marius Bergmann <[email protected]> > wrote: >> Is it possible to declare the distribution of a file (in my case a ssh >> server/client public key) to different machines in a nixops >> deployment? >> >> I want to create a client keypair on one machine and then authorize >> the public part on several other machines in the deployment. Those >> other machines' public server keys should also be added to the >> known_hosts of the machine logging into them. >> >> I know I could create all the keypairs on the machine running nixops >> and send both the public as well as the private keys over the >> network, but I would like to find out if there's a way around it. > > I think this is one of the things you don't do/want with Nix/NixOps as > this is essentially self-modifying deployment. Which makes the > deployment non-deterministic and unreproducible in the strict sense. > With deployment-/configuration-management systems that have a central > node and database, like chef and puppet can have, you can do such > things. For Nix this is counter-intuitive. > > - Arnold
Do you have a recommendation on how to handle my use case then? In practice, I need this to allow the backup user to log into the machines being backed up. Would you use a central location for all the key pairs? _______________________________________________ nix-dev mailing list [email protected] http://lists.science.uu.nl/mailman/listinfo/nix-dev
