machine: hetzner: Allow connections using ssh-agent.

* gnu/machine/hetzner.scm (<hetzner-configuration>): Add ssh-public-key. * doc/guix.texi (System Configuration)[hetzner-configuration]: Document it. Change-Id: I7354ead508b1a4819534c6b22ba1f089749927c2 Signed-off-by: Ludovic Courtès <ludo@gnu.org> Modified-by: Ludovic Courtès <ludo@gnu.org>
2025-07-14 19:10:49 +02:00 · 2025-03-14 16:06:54 +01:00 · 2025-03-14 16:06:54 +01:00 · a2ef2bcbfd
commit a2ef2bcbfd
parent 6a440c842b
2 changed files with 20 additions and 10 deletions
--- a/doc/guix.texi
+++ b/doc/guix.texi
@ -46014,9 +46014,14 @@ equivalent.  Other server types and their current prices can be found
 server type is currently not supported, since its rescue system is too
 small to bootstrap a Guix system from.

-@item @code{ssh-key}
-The file name of the SSH private key to use to authenticate with the
-remote host.
+@item @code{ssh-key} (default: @code{#f})
+If specified, the file name of the SSH private key to use to
+authenticate with the remote host.
+
+@item @code{ssh-public-key} (default: extracted from @code{ssh-key})
+If specified, either a public key as returned by
+@code{string->public-key} or the path to the SSH public key to use to
+authenticate with the remote host.

@end table

@ -46080,7 +46085,7 @@ shared vCPUs and 32 GB of RAM on the @code{x86_64} architecture.
       (environment hetzner-environment-type)
       (configuration (hetzner-configuration
                       (server-type "cpx51")
-                       (ssh-key "/home/charlie/.ssh/id_rsa")))))
+                       (ssh-public-key "/home/charlie/.ssh/id_rsa.pub")))))
@end lisp

@vindex GUIX_HETZNER_API_TOKEN
--- a/gnu/machine/hetzner.scm
+++ b/gnu/machine/hetzner.scm
@ -77,6 +77,7 @@
            hetzner-configuration-location
            hetzner-configuration-server-type
            hetzner-configuration-ssh-key
+            hetzner-configuration-ssh-public-key
            hetzner-configuration?
            hetzner-environment-type))

@ -204,20 +205,24 @@ Have you run 'guix archive --generate-key'?")
            (default "fsn1"))
  (server-type hetzner-configuration-server-type ; string
               (default "cx42"))
-  (ssh-key hetzner-configuration-ssh-key)) ; string
+  (ssh-public-key hetzner-configuration-ssh-public-key ; public-key | string
+                  (thunked)
+                  (default (public-key-from-file (hetzner-configuration-ssh-key this-hetzner-configuration)))
+                  (sanitize
+                   (lambda (value)
+                     (if (string? value) (public-key-from-file value) value))))
+  (ssh-key hetzner-configuration-ssh-key
+           (default #f))) ; #f | string

 (define (hetzner-configuration-ssh-key-fingerprint config)
  "Return the SSH public key fingerprint of CONFIG as a string."
-  (and-let* ((file-name (hetzner-configuration-ssh-key config))
-             (privkey (private-key-from-file file-name))
-             (pubkey (private-key->public-key privkey))
+  (and-let* ((pubkey (hetzner-configuration-ssh-public-key config))
             (hash (get-public-key-hash pubkey 'md5)))
    (bytevector->hex-string hash)))

 (define (hetzner-configuration-ssh-key-public config)
  "Return the SSH public key of CONFIG as a string."
-  (and-let* ((ssh-key (hetzner-configuration-ssh-key config))
-             (public-key (public-key-from-file ssh-key)))
+  (let ((public-key (hetzner-configuration-ssh-public-key config)))
    (format #f "ssh-~a ~a" (get-key-type public-key)
            (public-key->string public-key))))