From bce22a1e2f5c99798484f606eda417f0a3805120 Mon Sep 17 00:00:00 2001
From: EuAndreh <eu@euandre.org>
Date: Fri, 31 May 2019 19:22:58 -0300
Subject: Disable StrictHostKeyChecking

Security implications considerations:
Since during the build script we're not copying private data, not performing
critical commands or any sensitive actions, the risk of connecting to a spoofed
SSH server is minimal. All the files should already be publicly accesible.
---
 nixos/utils.nix | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'nixos')

diff --git a/nixos/utils.nix b/nixos/utils.nix
index 1b4d724..ad5d4a0 100644
--- a/nixos/utils.nix
+++ b/nixos/utils.nix
@@ -91,6 +91,9 @@ in rec {
   pkgs.writeShellScriptBin "publish.sh" ''
     set -euo pipefail
     OUT_DOCS="${docsDerivation}"
-    ${pkgs.rsync}/bin/rsync -avzP "$OUT_DOCS" "$SERVER_URL:$DOCS_SERVER_PATH"
+    ${pkgs.rsync}/bin/rsync -avzP
+                            --rsh="ssh -o StrictHostKeyChecking=no" \
+                            "$OUT_DOCS"                             \
+                            "$SERVER_URL:$DOCS_SERVER_PATH"
   '';
 }
-- 
cgit v1.2.3