From patchwork Fri Mar 14 15:06:54 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sergey Trofimov X-Patchwork-Id: 40166 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 8867827BBE9; Fri, 14 Mar 2025 15:08:33 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-6.3 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_BLOCKED, RCVD_IN_VALIDITY_CERTIFIED,RCVD_IN_VALIDITY_RPBL,RCVD_IN_VALIDITY_SAFE, SPF_HELO_PASS,URIBL_BLOCKED,URIBL_SBL_A autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 4F09E27BBE2 for ; Fri, 14 Mar 2025 15:08:31 +0000 (GMT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1tt6dr-0006HY-MS; Fri, 14 Mar 2025 11:08:07 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tt6dp-0006HE-Pj for guix-patches@gnu.org; Fri, 14 Mar 2025 11:08:05 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1tt6do-0004aO-Jn; Fri, 14 Mar 2025 11:08:04 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:Date:From:To:Subject; bh=CyCeFMB7MCSmDN03XGx2c6QvCgFYFibgNQeRt1+mo7E=; b=JcP3YK6XVIfDay5BzteLfqq8c8IC+bFV/Y2jKtHA+2horG6m8/Vi5b4BkkmbgpKK/0nAhz/QxlTegSQ/NUuVgOwsgwmFTpGCD/E3TfumJOPU4guNIAsdXhrSEu3cov358vi81iTr9ZVvZAl2irMalEkrAry+whe3qzjIeHK1ZXf11Nj7O/hDd9Q63p/2jrFzaFPi9ZiuKzbbWUW815vRhKvJ4uiWDaG1pA2A0A9FVbzd9w8Hh5LoE33tEi3xba3YT/ct/z2pRqvuBnmhAwcXYg2RAm6kxL30pP+FeYhbH8i+N9Q7XRE8164EujzOWy9ToPdYF8rR+y2n31aQmvum4A==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1tt6dm-0001Ux-6A; Fri, 14 Mar 2025 11:08:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#77013] [PATCH] machine: hetzner: Allow connections using ssh-agent. Resent-From: Sergey Trofimov Original-Sender: "Debbugs-submit" Resent-CC: ludo@gnu.org, maxim.cournoyer@gmail.com, roman@burningswell.com, guix-patches@gnu.org Resent-Date: Fri, 14 Mar 2025 15:08:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 77013 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 77013@debbugs.gnu.org Cc: Sergey Trofimov , Ludovic =?utf-8?q?Court=C3=A8s?= , Maxim Cournoyer , Roman Scherer X-Debbugs-Original-To: guix-patches@gnu.org X-Debbugs-Original-Xcc: Ludovic =?utf-8?q?Court=C3=A8s?= , Maxim Cournoyer , Roman Scherer Received: via spool by submit@debbugs.gnu.org id=B.17419648375690 (code B ref -1); Fri, 14 Mar 2025 15:08:01 +0000 Received: (at submit) by debbugs.gnu.org; 14 Mar 2025 15:07:17 +0000 Received: from localhost ([127.0.0.1]:35524 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tt6d2-0001Ti-T8 for submit@debbugs.gnu.org; Fri, 14 Mar 2025 11:07:17 -0400 Received: from lists.gnu.org ([2001:470:142::17]:54322) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1tt6cz-0001TM-OH for submit@debbugs.gnu.org; Fri, 14 Mar 2025 11:07:15 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tt6cs-00067e-Qd for guix-patches@gnu.org; Fri, 14 Mar 2025 11:07:07 -0400 Received: from mail-ed1-x52f.google.com ([2a00:1450:4864:20::52f]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1tt6cq-0004WR-MY for guix-patches@gnu.org; Fri, 14 Mar 2025 11:07:06 -0400 Received: by mail-ed1-x52f.google.com with SMTP id 4fb4d7f45d1cf-5e673822f76so3717059a12.2 for ; Fri, 14 Mar 2025 08:07:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sarg.org.ru; s=google; t=1741964820; x=1742569620; darn=gnu.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=CyCeFMB7MCSmDN03XGx2c6QvCgFYFibgNQeRt1+mo7E=; b=qxMZ6M4em4y49ZagrHB8DIjxkdCgEn1z1vLOAUzOhM2ZOqPz0MaJf/N5/hZGOdeXex 3YvJfLlX8N1K2fZVb4OD3cIEjxSRokwuNlPIbFL3Nn8+2yv0qfr0LAjq0GsJLzHoDF1J r5PX73hTPx+D6MFC77sr2/UxQ0feafrdK6gmgO6uUVKZnn0PSP0riqfP/mk/6yzN7jBf 7acEKUazitUsOaXy5+A7NtUiwjlJxOyBuRJWOiSq9GAUGaOuwZ5LrxPRVASil65urFnw S6B/sAJ3mpM2UW/fxBsf+o3HdBi4bePrdlPUXGm9nJZ+7vP+1PpGydalvZcbqPeZeGqf 7wTw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741964820; x=1742569620; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=CyCeFMB7MCSmDN03XGx2c6QvCgFYFibgNQeRt1+mo7E=; b=aEr0j2zMJDWWGPsw+L66/fmsklcyV+cG3JLECQCYWamQLTujRjBWlROkK7W+DuAeFp MbNpFycV1pySs4YKQSeUTq50TtJ3Jbige0Bm6z1t4fw/1DOvrY8eMmnRE07CsPJoGGbb 7rFbrXdSHReKM1P+2pNBmMXz5/CU1AeambvVA7Nrs7umCmwH4CMwvQvlbD51xi/Vgwq7 9UtgWbsOSVgzCTLAC/5ZAKUBGiaf2qzZxP2wWh1UCXDfYkzerkDqI7Ak7+68WTAZ9ayw SKIsG8d4Zo2vN6RxTS+QkYIaWfUkhSDzcHE8JQ5+k20k7kOeFNec5QOQe6DztdAmwfjr UXRA== X-Gm-Message-State: AOJu0Yx9x/TVw8OV9jE4LRVHK0sUeQxJfM3EBwDq09UK3Bk9uw7wbDyn Dxm2hCgXe/likxvSYXX3w8r8D4cc/wcJ2sRm/ol+js5llMILORCa4t6p4YVew9TSLAddRWs7Qg9 Ja6A= X-Gm-Gg: ASbGncsI7BKNv1ppHPz5G2n6nYMQFd4QgqSASjwF2nfMUImnvwLh2H1CD0nPwiaBjTd YKBnz5C4Bkm49VN2BwQJMcvjrH4rn71ShDjMXcftbpvU2V6FnYBUjaJoX+dflpHeGlM7nbAakiP MpGKHgHcioVQ5u/YUeu5ivHCGYKJpbaDcwmU7NWgSNnbbXeZWhdlen3dK8afqqKeteY6c9nzkmN XefEmcVDXp7qOsrFUuGVbeX+dQdgZPKkGbcAik7nkjF8PnomZ4OihfGogiIWNfaRgx+omeP1Rql dJYBuf6Lr9qQCJtw9Za50CL5qEJQ1j4+RhFC55qZZA== X-Google-Smtp-Source: AGHT+IEM9Rl9gW/Y1lZvEmpYXGHubi6lloS3hBWNsaOe50WC5i4Rox1XrmiQnKuyCEo8v/79zzH07A== X-Received: by 2002:a05:6402:518a:b0:5e7:97d2:6d10 with SMTP id 4fb4d7f45d1cf-5e8a09faf23mr3482472a12.28.1741964819482; Fri, 14 Mar 2025 08:06:59 -0700 (PDT) Received: from localhost ([2a02:2454:a0a5:2400:a64e:31ff:fe38:fd6c]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5e816afdfdbsm2039720a12.74.2025.03.14.08.06.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 14 Mar 2025 08:06:58 -0700 (PDT) Date: Fri, 14 Mar 2025 16:06:54 +0100 Message-ID: <03f6cc34d6f6b7a55378d4dc5dd544817fb4b8b9.1741964456.git.sarg@sarg.org.ru> X-Mailer: git-send-email 2.48.1 MIME-Version: 1.0 Received-SPF: pass client-ip=2a00:1450:4864:20::52f; envelope-from=sarg@sarg.org.ru; helo=mail-ed1-x52f.google.com X-Spam_score_int: -19 X-Spam_score: -2.0 X-Spam_bar: -- X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_SBL_A=0.1 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-to: Sergey Trofimov X-ACL-Warn: , Sergey Trofimov via Guix-patches X-Patchwork-Original-From: Sergey Trofimov via Guix-patches via From: Sergey Trofimov Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches * gnu/machine/hetzner.scm (): Add ssh-public-key. * doc/guix.texi (System Configuration)[hetzner-configuration]: Document it. --- doc/guix.texi | 11 ++++++++--- gnu/machine/hetzner.scm | 17 +++++++++++------ 2 files changed, 19 insertions(+), 9 deletions(-) base-commit: 9449ab3c2025820d2e6fd679fa7e34832b667ea7 -- 2.48.1 diff --git a/doc/guix.texi b/doc/guix.texi index d109877a32..49ac018913 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -45942,10 +45942,15 @@ Invoking guix deploy server type is currently not supported, since its rescue system is too small to bootstrap a Guix system from. -@item @code{ssh-key} -The file name of the SSH private key to use to authenticate with the +@item @code{ssh-key} (default: @code{#f}) +If specified, the path to the SSH private key to use to authenticate with the remote host. +@item @code{ssh-public-key} (default: extracted from @code{ssh-key}) +If specified, either a public key as returned by +@code{string->public-key} or the path to the SSH public key to use to +authenticate with the remote host. + @end table When deploying a machine for the first time, the following steps are @@ -46008,7 +46013,7 @@ Invoking guix deploy (environment hetzner-environment-type) (configuration (hetzner-configuration (server-type "cpx51") - (ssh-key "/home/charlie/.ssh/id_rsa"))))) + (ssh-public-key "/home/charlie/.ssh/id_rsa.pub"))))) @end lisp @vindex GUIX_HETZNER_API_TOKEN diff --git a/gnu/machine/hetzner.scm b/gnu/machine/hetzner.scm index bc8d2efbd3..e8484e4d51 100644 --- a/gnu/machine/hetzner.scm +++ b/gnu/machine/hetzner.scm @@ -77,6 +77,7 @@ (define-module (gnu machine hetzner) hetzner-configuration-location hetzner-configuration-server-type hetzner-configuration-ssh-key + hetzner-configuration-ssh-public-key hetzner-configuration? hetzner-environment-type)) @@ -204,20 +205,24 @@ (define-record-type* hetzner-configuration (default "fsn1")) (server-type hetzner-configuration-server-type ; string (default "cx42")) - (ssh-key hetzner-configuration-ssh-key)) ; string + (ssh-public-key hetzner-configuration-ssh-public-key ; public-key | string + (thunked) + (default (public-key-from-file (hetzner-configuration-ssh-key this-hetzner-configuration))) + (sanitize + (lambda (value) + (if (string? value) (public-key-from-file value) value)))) + (ssh-key hetzner-configuration-ssh-key + (default #f))) ; #f | string (define (hetzner-configuration-ssh-key-fingerprint config) "Return the SSH public key fingerprint of CONFIG as a string." - (and-let* ((file-name (hetzner-configuration-ssh-key config)) - (privkey (private-key-from-file file-name)) - (pubkey (private-key->public-key privkey)) + (and-let* ((pubkey (hetzner-configuration-ssh-public-key config)) (hash (get-public-key-hash pubkey 'md5))) (bytevector->hex-string hash))) (define (hetzner-configuration-ssh-key-public config) "Return the SSH public key of CONFIG as a string." - (and-let* ((ssh-key (hetzner-configuration-ssh-key config)) - (public-key (public-key-from-file ssh-key))) + (let ((public-key (hetzner-configuration-ssh-public-key config))) (format #f "ssh-~a ~a" (get-key-type public-key) (public-key->string public-key))))