Closed Mic92 closed 2 months ago
I was able to deploy a working droplet using this. The normal digitalocean console doesn't work, but the recovery one does and I can ssh in.
If I don't use this module and I only import (modulesPath + "/virtualisation/digital-ocean-config.nix")
I can't ssh in. The recovery console still works, though.
If someone wants to test, here's a terraform module to create a droplet and install nixos on it with nixos-anywhere: https://gitlab.com/bbigras/test-srvos-digitalocean
I'm a simple bystander, but I happened to be trying to deploy from darwin-arm64 to a digitalocean droplet today. test-srvos-digitalocean was the only example I could find that actually worked and allowed SSH after finishing a deploy with nixos-anywhere
@dfrankland I'm glad that it was useful to you :). Note that you can use ipv6 = true
with digitalocean_droplet
too.
I think I was using modules/virtualisation/digital-ocean-image.nix
before and IIRC, digital ocean doesn't support ipv6 with custom images.
Should we set systemd.enableEmergencyMode = true
?
Does the normal digitalocean console uses some daemon? As of know we don't deploy any ssh keys that digitalocean may try to add for the console to work.
@mergify queue
queue
Does the normal digitalocean console uses some daemon? As of know we don't deploy any ssh keys that digitalocean may try to add for the console to work.
when you connect, you don't see a login prompt:
Ok. So we would allow dynamic ssh keys for this one.
I just tested with virtualisation.digitalOcean.setSshKeys = true;
and it doesn't seem to be enough.
I don't see anything in journalctl -f -u sshd
.
It's because we don't allow keys outside of /etc/ssh/authorized_keys.d/
. See this: https://github.com/nix-community/srvos/blob/937ddb11d81d9706b26dc583cf41e65de771c346/nixos/common/openssh.nix#L32
untested but maybe @bbigras has already some thoughts on it.