-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(roagen): use git from pkgs #10
Conversation
by the way, |
You need to create an account and then you can clone the repo. I don't think accounts get approved, so we can just use ssh cloning. |
@SuperSandro2000 yeah I know. I mean when use this module and deploy remotely, we may need to provide an option to clone the repo with an access token. Not all hosts have ssh keys with access rights. |
Ah, now I get what you mean. I initially thought how do we manage it via a flake input. Otherwise maybe we need to move the systemd service to a separate user and then people can configure gitconfig/ssh_config for that user to allow cloning the repo? |
I'm not sure if I understand what you mean. I do use this roagen module through a flake input. We can choose ssh or https protocols, corresponding to ssh key authentication and token authentication respectively to clone a repo. From a simple perspective, I suggest that we can add a
If we choose ssh to verify the identity, we may need to provide an option like |
That would expose the token in the cmd arguments which usually should be avoided. I think writing a short sshconfig and writing the path to the key in there is the way to go. |
In my impression, this seems to be a common practice in nixpkgs. After the string is written into the shell script, it should be as follows. git clone --depth=1 https://$(cat /run/agenix/dn42-git)@git.dn42.dev/dn42/registry.git This would not expose the token. However, I also agree that it could also be an option to provide such a |
see #12 |
git
should be taken from pkgs