feat(fw): authorize ssh keys for root on cloonar.vms guests #164

Merged

dominik.polakovics merged 1 commit from feat/qemu-vm-root-keys into main 2026-06-14 17:30:37 +02:00

Conversation 0 Commits 1 Files changed 1 +19 -8

dominik.polakovics commented 2026-06-14 16:46:26 +02:00

Owner

Copy link

Authorizes the configured cloudInit.sshKeys for root on every cloonar.vms.<name> guest, so ssh root@<ip> works with the normal key — which is what the nixos-infect bootstrap (ADR-0018, #161) expects.

Why it didn't before: the cloud-init seed listed only the per-VM user (dev / openclaw) under users:, and the NoCloud seed provides no datasource keys, so root's authorized_keys was never written (and Ubuntu cloud images disable root SSH by default).

Change: add a { name = "root"; ssh_authorized_keys = sshKeys; } entry to the cloud-init users: list and set disable_root = false. The per-VM sudo user is unchanged, so openclaw's setup still runs as openclaw.

Scope: future provisions only — an already-provisioned guest (e.g. the running dev-temp on .97.16) won't re-run cloud-init for the same instance-id, so use ssh dev@… there.

Pre-commit dry-build green for all 6 hosts. Note: eval can't exercise cloud-init — root login is verifiable only on the next fresh provision.

Authorizes the configured `cloudInit.sshKeys` for **root** on every `cloonar.vms.<name>` guest, so `ssh root@<ip>` works with the normal key — which is what the `nixos-infect` bootstrap (ADR-0018, #161) expects. **Why it didn't before:** the cloud-init seed listed only the per-VM user (`dev` / `openclaw`) under `users:`, and the NoCloud seed provides no datasource keys, so root's `authorized_keys` was never written (and Ubuntu cloud images disable root SSH by default). **Change:** add a `{ name = "root"; ssh_authorized_keys = sshKeys; }` entry to the cloud-init `users:` list and set `disable_root = false`. The per-VM sudo user is unchanged, so openclaw's setup still runs as `openclaw`. **Scope:** future provisions only — an already-provisioned guest (e.g. the running `dev-temp` on .97.16) won't re-run cloud-init for the same instance-id, so use `ssh dev@…` there. Pre-commit dry-build green for all 6 hosts. Note: eval can't exercise cloud-init — root login is verifiable only on the next fresh provision.

dominik.polakovics added 1 commit 2026-06-14 16:46:27 +02:00

feat(fw): authorize ssh keys for root on cloonar.vms guests a77656f959

dominik.polakovics merged commit 21c1cff28e into main 2026-06-14 17:30:37 +02:00

dominik.polakovics deleted branch feat/qemu-vm-root-keys 2026-06-14 17:30:37 +02:00

dominik.polakovics referenced this pull request from a commit 2026-06-14 17:30:38 +02:00

Merge pull request 'feat(fw): authorize ssh keys for root on cloonar.vms guests' (#164) from feat/qemu-vm-root-keys into main

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels   

bug

  

enhancement

  

in-progress

  

needs-info

  

needs-triage

  

p0

  

ready-for-agent

  

ready-for-human

  

wontfix

No labels

bug

enhancement

in-progress

needs-info

needs-triage

p0

ready-for-agent

ready-for-human

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

Cloonar/nixos!164

No description provided.