josh/Provisioning
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

Use ephemeral SSH keys per rebuild instead of static config keys
build-and-push / test (push) Successful in 9m57s
Details
build-and-push / build-and-push (push) Has been cancelled
Details

Browse Source 
Generate a fresh ed25519 key pair at rebuild time, inject the public key
into the Proxmox answer file, use the private key for cluster join over
SSH, then remove the key from both the remote host and the database.
This eliminates the need to manage static SSH keys in config/secrets.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Josh Wright
2026-05-03 21:09:22 -04:00
parent aec31b9f8b
commit b23ef64ee1
13 changed files with 191 additions and 68 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
-1
View File
@@ -53,7 +53,6 @@ Edit `provisioning.yaml`:
- `pxe.subnet` — LAN CIDR for proxy-DHCP
- `proxmox.existing_node` — IP of any current cluster member
- `proxmox.join_fingerprint` — from `pvecm status` on an existing node
- `credentials.ssh_public_key` — public key injected into new hosts
- `credentials.root_password_hash``mkpasswd -m sha-512`
- `infrastructure.base_url` — URL of the Infrastructure service
- `infrastructure.server_type_map` — maps local type keys to Infrastructure IDs