Commit 643c3c873637

Vincent Demeester <vincent@sbr.pm>
2026-02-25 12:25:13
fix(ssh): authorize okinawa ed25519 key
Added okinawa's regular id_ed25519 public key to globals.ssh.vincent so kerkouane accepts it for headless service authentication. Also added ControlPath=none to flake-updater GIT_SSH_COMMAND to prevent mux socket reuse at 4 AM.
main
1 parent fc1ad7f
Changed files (2)
modules
nix-flake-updater
default.nix
globals.nix
modules/nix-flake-updater/default.nix
@@ -158,7 +158,7 @@ let
         Type = "oneshot";
         User = instanceCfg.user;
         ExecStart = "${mkUpdateScript name instanceCfg}";
-        Environment = ''"GIT_SSH_COMMAND=ssh -o ControlMaster=no -o IdentitiesOnly=yes -i /home/${instanceCfg.user}/.ssh/id_ed25519"'';
+        Environment = ''"GIT_SSH_COMMAND=ssh -o ControlPath=none -o ControlMaster=no -o IdentitiesOnly=yes -i /home/${instanceCfg.user}/.ssh/id_ed25519"'';
 
         # Don't fail if update fails (e.g., no changes, build failures)
         SuccessExitStatus = "0 1";
globals.nix
@@ -11,6 +11,7 @@ _: {
       # FIDO2 resident keys (okinawa)
       "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEefW7gStvkrO98v6UUawwa3yOu896Ei8USE/Sh2DjaUAAAABHNzaDo= vincent@okinawa"
       # Host keys (trusted machines)
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILfT4qPT4nH+K6wfhnM4JCtflrUEIXPAYpqdN7W7TOBo vincent@okinawa-passage"
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILJmTdMKYdgqpbQWBif58VBuwX+GqMGsMfB1ey1TKrM3 vincent@aomi"
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGThdcaPfIaB7d+K5uODqEusLKGI5ZCye0aNOCaMoInO Kyushu's ssh key"
     ];