nixops deploys keys to root instead of `deployment.targetUser`

NixOS / nixops

NixOps is a tool for deploying to NixOS machines in a network or cloud.

https://nixos.org/nixops

GNU Lesser General Public License v3.0

1.86k stars 365 forks source link

nixops deploys keys to root instead of `deployment.targetUser` #1568

Closed cyber-murmel closed 1 year ago

cyber-murmel commented 1 year ago

Deploying with nixops, using a config where deployment.targetUser is not "root", works fine the first time, but fails the second time.

The deployment log states

machine> copying path '/nix/store/80wrlkwj96g93xfj4nrspbxp77a6m1r8-root-authorized_keys' to 'ssh://nixos@machine.local'...

Is there any way to make it deploy the key to the deployment.targetUser?

cyber-murmel commented 1 year ago

Do I read it correctly, that the key is hardcoded to be deployed to the root user? https://github.com/NixOS/nixops/blob/fc9b55c55da62f949028143b974f67fdc7f40c8b/nixops/deployment.py#L612

Is the code then using the generated ssh key for root, but the username specified in config? https://github.com/NixOS/nixops/blob/fc9b55c55da62f949028143b974f67fdc7f40c8b/nixops/backends/__init__.py#L77

cyber-murmel commented 1 year ago

Ah, a simple fix is to add the root authorizedKeys to the targetUser authorizedKeys

let
  targetUser = "nixos";
in
{
...
    deployment.targetUser = targetUser;
    users.extraUsers."${targetUser}".openssh.authorizedKeys.keys =
      config.users.extraUsers.root.openssh.authorizedKeys.keys;
...
}