Disable StrictHostKeyChecking

Security implications considerations: Since during the build script we're not copying private data, not performing critical commands or any sensitive actions, the risk of connecting to a spoofed SSH server is minimal. All the files should already be publicly accesible.
author: EuAndreh <eu@euandre.org> 2019-05-31 19:22:58 -0300
committer: EuAndreh <eu@euandre.org> 2019-05-31 19:22:58 -0300
commit: bce22a1e2f5c99798484f606eda417f0a3805120 (patch)
tree: 9769f3a978951f130bdf72e305c25f8da22fb2f1 /nixos
parent: Use --archive option in rsync inside publishScript derivation (diff)
download: dotfiles-bce22a1e2f5c99798484f606eda417f0a3805120.tar.gz
dotfiles-bce22a1e2f5c99798484f606eda417f0a3805120.tar.xz
1 files changed, 4 insertions, 1 deletions
diff --git a/nixos/utils.nix b/nixos/utils.nix
index 1b4d724..ad5d4a0 100644
--- a/nixos/utils.nix
+++ b/nixos/utils.nix
@@ -91,6 +91,9 @@ in rec {
   pkgs.writeShellScriptBin "publish.sh" ''
     set -euo pipefail
     OUT_DOCS="${docsDerivation}"
-    ${pkgs.rsync}/bin/rsync -avzP "$OUT_DOCS" "$SERVER_URL:$DOCS_SERVER_PATH"
+    ${pkgs.rsync}/bin/rsync -avzP
+                            --rsh="ssh -o StrictHostKeyChecking=no" \
+                            "$OUT_DOCS"                             \
+                            "$SERVER_URL:$DOCS_SERVER_PATH"
   '';
 }
author	EuAndreh <eu@euandre.org>	2019-05-31 19:22:58 -0300
committer	EuAndreh <eu@euandre.org>	2019-05-31 19:22:58 -0300
commit	bce22a1e2f5c99798484f606eda417f0a3805120 (patch)
tree	9769f3a978951f130bdf72e305c25f8da22fb2f1 /nixos
parent	Use --archive option in rsync inside publishScript derivation (diff)
download	dotfiles-bce22a1e2f5c99798484f606eda417f0a3805120.tar.gz dotfiles-bce22a1e2f5c99798484f606eda417f0a3805120.tar.xz