From 8de4c0908fdfe6b7762914e1f3a1227e5a2b2c59 Mon Sep 17 00:00:00 2001
From: Alexander Tomokhov <alexoundos@selfprivacy.org>
Date: Tue, 5 Dec 2023 05:28:15 +0400
Subject: [PATCH] pass SSH_AUTHORIZED_KEY and merge with userdata.json

---
 .drone.yml   | 2 +-
 nixos-infect | 8 ++++++++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/.drone.yml b/.drone.yml
index 08dcc0a..dbcf7e0 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -21,7 +21,7 @@ steps:
   commands:
   # Create infect user script and then push it to a remote machine on server creation.
   - echo '#! /usr/bin/env bash' > infect.sh
-  - echo "curl https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-infect/raw/branch/$INFECT_SOURCE_BRANCH/nixos-infect | PROVIDER=hetzner DOMAIN=$DOMAIN LUSER=cicdcicd USER_PASS=\"$USER_PASS\" CF_TOKEN=$CLOUDFLARE_TOKEN DB_PASSWORD=\"$USER_PASS\" API_TOKEN=\"$USER_PASS\" HOSTNAME=selfprivacy-ci-test DNS_PROVIDER_TYPE=CLOUDFLARE STAGING_ACME=true NIX_VERSION=2.18.1 NIXOS_CONFIG_NAME=sp-nixos CONFIG_URL=https://git.selfprivacy.org/api/v1/repos/SelfPrivacy/selfprivacy-nixos-template/archive/master.tar.gz bash 2>&1 | tee /root/infect.log" >> infect.sh
+  - echo "curl https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-infect/raw/branch/$INFECT_SOURCE_BRANCH/nixos-infect | PROVIDER=hetzner DOMAIN=$DOMAIN LUSER=cicdcicd USER_PASS=\"$USER_PASS\" CF_TOKEN=$CLOUDFLARE_TOKEN DB_PASSWORD=\"$USER_PASS\" API_TOKEN=\"$USER_PASS\" HOSTNAME=selfprivacy-ci-test DNS_PROVIDER_TYPE=CLOUDFLARE STAGING_ACME=true NIX_VERSION=2.18.1 NIXOS_CONFIG_NAME=sp-nixos CONFIG_URL=https://git.selfprivacy.org/api/v1/repos/SelfPrivacy/selfprivacy-nixos-template/archive/master.tar.gz SSH_AUTHORIZED_KEY=\"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMBb3yVhYF4slhf1iQCiGLOVcbGKP/MmkQiEMl2un+4K\" bash 2>&1 | tee /root/infect.log" >> infect.sh
   - http -v --check-status --ignore-stdin POST https://api.hetzner.cloud/v1/servers Authorization:"Bearer $PASSWORD" name=ci-sibling server_type=cx11 start_after_create:=true image=ubuntu-20.04 user_data=@infect.sh automount:=false location=fsn1
 
 - name: dns
diff --git a/nixos-infect b/nixos-infect
index 05991ef..6ec6d35 100755
--- a/nixos-infect
+++ b/nixos-infect
@@ -17,10 +17,17 @@
 : "${NIX_VERSION:?NIX_VERSION variable is not set}"
 : "${NIXOS_CONFIG_NAME:?NIXOS_CONFIG_NAME variable is not set}"
 : "${CONFIG_URL:?CONFIG_URL variable is not set}"
+: "${SSH_AUTHORIZED_KEY:=}"
 
 readonly LOCAL_FLAKE_DIR="/etc/nixos"
 readonly SECRETS_FILEPATH="/etc/selfprivacy/secrets.json"
 
+genOptionalSsh() {
+  [ -n "${SSH_AUTHORIZED_KEY}" ] && cat << EOF
+"ssh": { "rootKeys": [ "${SSH_AUTHORIZED_KEY}" ] },
+EOF
+}
+
 # Merge original userdata.json with deployment specific fields and print result.
 genUserdata() {
   local HASHED_PASSWORD userdata_infect
@@ -28,6 +35,7 @@ genUserdata() {
 
   userdata_infect=$(cat << EOF
 {
+    $(genOptionalSsh)
     "dns": {
         "provider": "$DNS_PROVIDER_TYPE",
         "useStagingACME": $STAGING_ACME