Merge pull request 'stage' (#128 ) from stage into master

Reviewed-on: #128
Merge pull request 'fix: enable cloud-init networking in NixOS template' (#127 ) from stage into master
2026-03-08 18:06:46 +00:00 · 2026-03-08 05:33:57 +00:00 · 2026-03-08 05:04:43 +00:00 · 2026-03-08 04:47:02 +00:00 · 2026-03-08 04:10:47 +00:00 · 2026-03-08 02:16:23 +00:00
2 changed files with 10 additions and 5 deletions
--- a/nixos/kubeadm/bootstrap/controller.py
+++ b/nixos/kubeadm/bootstrap/controller.py
@@ -110,9 +110,7 @@ class Controller:
            "-o",
            "IdentitiesOnly=yes",
            "-o",
-            "StrictHostKeyChecking=no",
-            "-o",
-            "UserKnownHostsFile=/dev/null",
+            "StrictHostKeyChecking=accept-new",
            "-i",
            self.ssh_key,
        ]
@@ -174,7 +172,14 @@ class Controller:
        return last

    def prepare_known_hosts(self):
-        pass
+        ssh_dir = Path.home() / ".ssh"
+        ssh_dir.mkdir(parents=True, exist_ok=True)
+        (ssh_dir / "known_hosts").touch()
+        run_local(["chmod", "700", str(ssh_dir)])
+        run_local(["chmod", "600", str(ssh_dir / "known_hosts")])
+        for ip in self.node_ips.values():
+            run_local(["ssh-keygen", "-R", ip], check=False)
+            run_local(f"ssh-keyscan -H {shlex.quote(ip)} >> {shlex.quote(str(ssh_dir / 'known_hosts'))}", check=False)

    def prepare_remote_nix(self, ip):
        self.remote(ip, "sudo mkdir -p /etc/nix")
--- a/nixos/template-base/configuration.nix
+++ b/nixos/template-base/configuration.nix
@@ -10,7 +10,7 @@ in
      ./hardware-configuration.nix;

  networking.hostName = "k8s-base-template";
-  networking.useDHCP = lib.mkDefault true;
+  networking.useDHCP = false;
  networking.useNetworkd = true;
  networking.nameservers = [ "1.1.1.1" "8.8.8.8" ];
Author	SHA1	Message	Date
micqdf	7434a65590	Merge pull request 'stage' (#128 ) from stage into master Some checks failed Terraform Apply / Terraform Apply (push) Failing after 6m54s Details Reviewed-on: #128	2026-03-08 18:06:46 +00:00
micqdf	15e6471e7e	Merge pull request 'fix: enable cloud-init networking in NixOS template' (#127 ) from stage into master Some checks failed Terraform Apply / Terraform Apply (push) Failing after 7m10s Details Reviewed-on: #127	2026-03-08 05:33:57 +00:00
micqdf	e9bac70cae	Merge pull request 'fix: wait for SSH readiness after VM provisioning' (#126 ) from stage into master Some checks failed Terraform Apply / Terraform Apply (push) Failing after 6m56s Details Reviewed-on: #126	2026-03-08 05:04:43 +00:00
micqdf	97295a7071	Merge pull request 'ci: speed up Terraform destroy plan by skipping refresh' (#125 ) from stage into master Some checks failed Terraform Apply / Terraform Apply (push) Failing after 7m0s Details Reviewed-on: #125	2026-03-08 04:47:02 +00:00
micqdf	6ca189b32c	Merge pull request 'fix: vendor Flannel manifest and harden CNI bootstrap timing' (#124 ) from stage into master All checks were successful Terraform Apply / Terraform Apply (push) Successful in 15m11s Details Reviewed-on: #124	2026-03-08 04:10:47 +00:00
micqdf	2aa9950f59	Merge pull request 'fix: add mount utility to kubelet service PATH' (#123 ) from stage into master Some checks failed Terraform Apply / Terraform Apply (push) Failing after 11m10s Details Reviewed-on: #123	2026-03-08 02:16:23 +00:00
micqdf	c1f86483ad	Merge pull request 'debug: print detailed Flannel pod diagnostics on rollout timeout' (#122 ) from stage into master Some checks failed Terraform Apply / Terraform Apply (push) Failing after 23m50s Details Reviewed-on: #122	2026-03-07 12:31:43 +00:00