From b21b98dadd38e13846458b4ea486525fc26b687c Mon Sep 17 00:00:00 2001
From: teutat3s <teutates@mailbox.org>
Date: Wed, 8 Mar 2023 14:10:19 +0100
Subject: [PATCH] ci: fix Host key verification failed

- Fix missing SSH known_hosts in deploy pipeline
- SSH tries to use Trust-On-First-Use (TOFU) interactively to add a new
  host key
- Verbose SSH logs show:
debug1: Server host key: ssh-ed25519 SHA256:1bbksDNYBWSh/rIFP7MMfs557kWn1dM64bpXdnfBE5E
debug1: read_passphrase: can't open /dev/tty: No such device or address
- deploy-rs uses nix, which uses SSH which doesn't use the environment variable
HOME, but rather /etc/passwd to find a user's HOME
- To solve this, we override SSH options using UserKnownHostsFile and
  the -i flag
---
 .drone.yml | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/.drone.yml b/.drone.yml
index 2b205e5d..97930906 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -33,9 +33,7 @@ steps:
       - echo "$$PRIVATE_SSH_KEY" > $$HOME/.ssh/id_ed25519 && chmod 600 $$HOME/.ssh/id_ed25519
       - echo "$$SSH_HOST_KEY" > $$HOME/.ssh/known_hosts
       # SSH uses HOME from /etc/passwd, not from the environment, so override it
-      - export SSHOPTS="-o UserKnownHostsFile=$$HOME/.ssh/known_hosts -i $$HOME/.ssh/id_ed25519 -v"
-      - echo DEBUG SSHOPTS
-      - echo $$SSHOPTS
+      - export SSHOPTS="-o UserKnownHostsFile=$$HOME/.ssh/known_hosts -i $$HOME/.ssh/id_ed25519"
       - "echo DEBUG: Using NIX_FLAGS: $$NIX_FLAGS"
       - nix $$NIX_FLAGS develop --command deploy --magic-rollback false --skip-checks --targets '.#host_001_momo_koeln' --ssh-opts="$$SSHOPTS"
 
@@ -163,6 +161,6 @@ volumes:
 
 ---
 kind: signature
-hmac: 6d2495181ae2acd3f3a44d34591ba79315862d22c1e62c580bfba1a4c4fe822a
+hmac: 3edb1779f39db0416f8395a1b0d52bd07cf51b4a181059ecdcf6f1dbfc595a49
 
 ...