Roots Discourse

Trellis v1.12.0 released

Trellis v1.12.0 has been released

  • Improve support for adding public SSH keys (#1344)
  • Update default Vagrant IP to 192.168.56.5 (#1341)
  • Remove old WP customizer frame options hack (#1338)
  • Fix #1319 - Improve how ssh_args are loaded (#1337)
  • Fix #1331 - Improve passlib instructions(#1336)

Some additional notes:

  • Vagrant’s IP change shouldn’t be breaking, but just be aware it did change.
  • the new public_keys folder is part of a larger effort to help people set up continuous deployments for Trellis sites. There will be more news on this soon with a trellis-cli release as well.
4 Likes

Does this mean the SSH public key files don’t have to reside in default SSH keys directory (~/.ssh/) anymore? That is great! I always wanted to store the public key files directly in the Trellis folder.

They never needed to; that was just the default values we provided. You could have done what that change does manually by just adding new entries to users.yml.

This change just makes it more built-in with a standard public_keys folder. However, the public keys in that dir are only added to the deploy web user and not all users.

1 Like

As @swalkinshaw said this isn’t a requirement, but it also supports URLs; at my old agency we just configured it to pull the list of keys from a users github, i.e.:

# Documentation: https://roots.io/trellis/docs/ssh-keys/
admin_user: admin

# Also define 'vault_users' (`group_vars/staging/vault.yml`, `group_vars/production/vault.yml`)
users:
  - name: "{{ web_user }}"
    groups:
      - "{{ web_group }}"
    keys:
      - https://github.com/alwaysblank.keys
  - name: "{{ admin_user }}"
    groups:
      - sudo
    keys:
      - https://github.com/alwaysblank.keys

web_user: web
web_group: www-data
web_sudoers:
  - "/usr/sbin/service php7.4-fpm *"

(Although if you did this you’d probably want to make sure you had a system for removing people when they left your organization.)

2 Likes