boot.initrd.network.ssh.hostKeys expects hostkey on target machine #98100
Description
Describe the bug
The boot.initrd.network.ssh.hostKeys option expects the host key file to be available on the target machine, since the initrd is apparently built there in an activation script. I say target machine, because I'm using morph to deploy servers and the host keys to be baked into the initrd are available locally.
This is a regression from the previous behaviour with dropbear.
To Reproduce
Steps to reproduce the behavior:
- Setup morph
- Set up
boot.initrd.network.sshwith specific host keys morph deploy default.nix boot
Expected behavior
I should not have to upload the hostkeys to the target machine in order to build the initrd.
Additional context
❯ morph deploy default.nix boot --on="ganymede.example.com"
Selected 1/4 hosts (name filter:-3, limits:-0):
0: ganymede.example.com (secrets: 4, health checks: 0, tags: )
/nix/store/cx9b21g322ir7qh9v094zc0bnqhx425p-morph
nix result path:
/nix/store/cx9b21g322ir7qh9v094zc0bnqhx425p-morph
Pushing paths to ganymede.example.com (@ganymede.example.com):
* /nix/store/zi5m1p9qqs43gkv0ad0vgpz7595qpv4x-nixos-system-ganymede-20.09pre-git
Executing 'boot' on matched hosts:
** ganymede.example.com
updating GRUB 2 menu...
cp: cannot stat '/home/hexa/git/hexa/nixos-servers/config/secrets/machines/ganymede/initrd/ssh_host_ed25519_key': No such file or directory
failed to create initrd secrets: No such file or directory
Error while activating new configuration.
❯ ls -l /home/hexa/git/hexa/nixos-servers/config/secrets/machines/ganymede/initrd/ssh_host_ed25519_key
.rw-r--r-- 399 hexa 13 Sep 2:21 /home/hexa/git/hexa/nixos-servers/config/secrets/machines/ganymede/initrd/ssh_host_ed25519_key
Notify maintainers
Metadata
release-20.09 (ee27689)
Maintainer information:
# a list of nixpkgs attributes affected by the problem
attribute:
# a list of nixos modules affected by the problem
module: boot.initrd.networking.ssh