Generate ssh keys for flux bootstrap.

2025-12-21 00:01:57 -05:00 · 2025-12-21 00:01:57 -05:00 · 144b39dfdd
commit 144b39dfdd
parent d97edf0add
3 changed files with 40 additions and 1 deletions
--- a/nix/kubernetes/keys/package/k8s-keys/package.nix
+++ b/nix/kubernetes/keys/package/k8s-keys/package.nix
@ -10,5 +10,6 @@ symlinkJoin {
    k8s.encryption_config
  ]
  ++ (builtins.attrValues k8s.keys)
-  ++ (builtins.attrValues k8s.client-configs);
+  ++ (builtins.attrValues k8s.client-configs)
+  ++ (builtins.attrValues k8s.ssh-keys);
 }
--- a/nix/kubernetes/keys/package/ssh-key/package.nix
+++ b/nix/kubernetes/keys/package/ssh-key/package.nix
@ -0,0 +1,33 @@
+# unpackPhase
+# patchPhase
+# configurePhase
+# buildPhase
+# checkPhase
+# installPhase
+# fixupPhase
+# installCheckPhase
+# distPhase
+{
+  lib,
+  stdenv,
+  k8s,
+  openssh,
+  key_name,
+  ...
+}:
+stdenv.mkDerivation (finalAttrs: {
+  name = "ssh-key-${key_name}";
+  nativeBuildInputs = [ openssh ];
+  buildInputs = [ ];
+
+  unpackPhase = "true";
+
+  buildPhase = ''
+    ssh-keygen -t ed25519 -f ${key_name} -N ""
+  '';
+
+  installPhase = ''
+    mkdir "$out"
+    cp "${key_name}" "${key_name}.pub" $out/
+  '';
+})
--- a/nix/kubernetes/keys/scope.nix
+++ b/nix/kubernetes/keys/scope.nix
@ -96,6 +96,11 @@ makeScope newScope (
        "service-accounts"
      ] (key_name: (callPackage ./package/tls-key/package.nix (additional_vars // { inherit key_name; })))
    );
+    ssh-keys = (
+      lib.genAttrs [
+        "flux_ssh_key"
+      ] (key_name: (callPackage ./package/ssh-key/package.nix (additional_vars // { inherit key_name; })))
+    );
    client-configs = (
      builtins.mapAttrs
        (