From 1d3201d8e5f385b96094e16424273e46e832bf28 Mon Sep 17 00:00:00 2001
From: Fabian Hauser <fabian@fh2.ch>
Date: Sat, 19 Apr 2025 18:11:01 +0300
Subject: [PATCH] Add SSH_DEPLOY_KEY handling to auto-deploy script

---
 packages/auto-deploy/script.bash | 22 +++++++++++++++++++---
 1 file changed, 19 insertions(+), 3 deletions(-)

diff --git a/packages/auto-deploy/script.bash b/packages/auto-deploy/script.bash
index 66c4520..442eb4c 100644
--- a/packages/auto-deploy/script.bash
+++ b/packages/auto-deploy/script.bash
@@ -3,12 +3,28 @@
 #### Environment
 FLAKE_ROOT="$(git rev-parse --show-toplevel)"
 
-export PROFILE="${1:-''}"
+export PROFILE="${1:-}"
 if [ -z "${PROFILE}" ]; then
   echo "🛑 Error: No deployment profile was specified as first parameter (e.g. \"${0} system-vm\")" 1>&2
   exit 1
 fi
 
+if [ -z "${SSH_DEPLOY_KEY:-}" ]; then
+  echo "ℹ️ Info: SSH_DEPLOY_KEY env variable was not set, ignoring."
+  SSH_KEY_FILE_ARG=""
+else
+  TEMP_KEY_FILE=$(mktemp /dev/shm/ssh_deploy_key.XXXXXXXX)
+  touch "${TEMP_KEY_FILE}" && chmod 600 "${TEMP_KEY_FILE}"
+  printf "%s\n" "${SSH_DEPLOY_KEY}" >"${TEMP_KEY_FILE}"
+  SSH_KEY_FILE_ARG="-i ${TEMP_KEY_FILE}"
+
+  # Set up a trap to remove the temporary key file on script exit
+  trap 'rm -f "${TEMP_KEY_FILE}"' EXIT
+  trap 'rm -f "${TEMP_KEY_FILE}"' SIGINT
+  trap 'rm -f "${TEMP_KEY_FILE}"' SIGTERM
+  trap 'rm -f "${TEMP_KEY_FILE}"' SIGQUIT
+fi
+
 HOSTS=$(nix eval --raw "${FLAKE_ROOT}"#deploy.nodes --apply "
    nodes: let
      inherit (builtins) attrNames filter concatStringsSep;
@@ -31,7 +47,7 @@ retry() {
   local -i attempt_num=1
   until "$@"; do
     if ((attempt_num == max_attempts)); then
-      echo "⚠️ Warning: Attempt $attempt_num failed and there are no more attempts left!"
+      echo "🛑 Error: Attempt $attempt_num failed and there are no more attempts left!" 1>&2
       return 1
     else
       echo "⚠️ Attempt $attempt_num failed! Trying again in $attempt_num seconds..."
@@ -44,6 +60,6 @@ retry() {
 for HOST in $HOSTS; do
   retry 3 deploy \
     --skip-checks \
-    --ssh-opts "-o UserKnownHostsFile=${KNOWN_HOSTS_FILE}" \
+    --ssh-opts "-o UserKnownHostsFile=${KNOWN_HOSTS_FILE} ${SSH_KEY_FILE_ARG:-}" \
     --targets "${FLAKE_ROOT}#\"${HOST}\".\"${PROFILE}\""
 done