diff options
| author | tv <tv@krebsco.de> | 2021-11-20 15:46:09 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-11-20 15:46:09 +0100 |
| commit | 13ae434b140035e7e2664bd5a8ef4c475413b2e0 (patch) | |
| tree | ce553f6ded649b4b33772b4dd6c4d205a27de5ca | |
| parent | b78e4d5a925d2987b52b33e98c3aeae12c41d019 (diff) | |
| parent | 9fc8cbf8e826d4c8a118f37202ab3f335341082a (diff) | |
Merge pull request #35 from erikarvstedt/fix-ssh-port1.26.2
target: use default port from SSH config
| -rw-r--r-- | README.md | 14 | ||||
| -rw-r--r-- | ci.nix | 4 | ||||
| -rw-r--r-- | lib/default.nix | 8 | ||||
| -rw-r--r-- | lib/types/populate.nix | 8 | ||||
| -rw-r--r-- | pkgs/krops/default.nix | 62 | ||||
| -rw-r--r-- | pkgs/populate/default.nix | 37 |
6 files changed, 78 insertions, 55 deletions
@@ -6,7 +6,7 @@ krops is a lightweight toolkit to deploy NixOS systems, remotely or locally. ## Some Features - store your secrets in [password store](https://www.passwordstore.org/) -- build your system remotely +- build your systems remotely - minimal overhead (it's basically just `nixos-rebuild switch`!) - run from custom nixpkgs branch/checkout/fork @@ -19,8 +19,8 @@ Create a file named `krops.nix` (name doesn't matter) with following content: let krops = (import <nixpkgs> {}).fetchgit { url = https://cgit.krebsco.de/krops/; - rev = "v1.17.0"; - sha256 = "150jlz0hlb3ngf9a1c9xgcwzz1zz8v2lfgnzw08l3ajlaaai8smd"; + rev = "v1.25.0"; + sha256 = "07mg3iaqjf1w49vmwfchi7b1w55bh7rvsbgicp2m47gnj9alwdb6"; }; lib = import "${krops}/lib"; @@ -185,6 +185,10 @@ pkgs.krops.writeCommand "deploy-with-swap" { [see `writeDeploy`](#writeDeploy) +### `allocateTTY` (optional, defaults to false) + +whether the ssh session should do a pseudo-terminal allocation. +sets `-t` on the ssh command. ## Source Types @@ -206,13 +210,15 @@ using [`rsync`](https://rsync.samba.org/). Supported attributes: * `path` - - absolute path to files that should by transfered + absolute path to files that should by transferred. * `useChecksum` (optional) - boolean that controls whether file contents should be checked to decide whether a file has changed. This is useful when `path` points at files with mangled timestamps, e.g. the Nix store. + The default value is `true` if `path` is a derivation, and `false` otherwise. + * `filters` (optional) List of filters that should be passed to [`rsync`](https://rsync.samba.org/). Filters are specified as attribute sets with the attributes `type` and @@ -5,7 +5,7 @@ let pkgs = import "${krops}/pkgs" {}; source = lib.evalSource [{ - nixos-config.file = toString (pkgs.writeText "nixos-config" '' + nixos-config.file = pkgs.writeText "nixos-config" '' { pkgs, ... }: { fileSystems."/" = { device = "/dev/sda1"; }; @@ -13,7 +13,7 @@ let services.openssh.enable = true; environment.systemPackages = [ pkgs.git ]; } - ''); + ''; nixpkgs.symlink = toString <nixpkgs>; }]; in { diff --git a/lib/default.nix b/lib/default.nix index 357f5b5..3bbd754 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -57,9 +57,9 @@ let { elemAt' = xs: i: if lib.length xs > i then lib.elemAt xs i else null; filterNull = lib.filterAttrs (n: v: v != null); in { - user = lib.getEnv "LOGNAME"; + user = lib.maybeEnv "LOGNAME" null; host = lib.maybeEnv "HOSTNAME" (lib.maybeHostName "localhost"); - port = "22"; + port = null; path = "/var/src"; sudo = false; extraOptions = []; @@ -70,6 +70,10 @@ let { path = elemAt' parse 6; } else s); + mkUserPortSSHOpts = target: + (lib.optionals (target.user != null) ["-l" target.user]) ++ + (lib.optionals (target.port != null) ["-p" target.port]); + shell = let isSafeChar = lib.testString "[-+./0-9:=A-Z_a-z]"; quoteChar = c: diff --git a/lib/types/populate.nix b/lib/types/populate.nix index 894b8cc..18b5cd8 100644 --- a/lib/types/populate.nix +++ b/lib/types/populate.nix @@ -21,11 +21,15 @@ }; file = lib.mkOption { apply = x: - if lib.types.absolute-pathname.check x + if lib.types.absolute-pathname.check x || lib.types.package.check x then { path = x; } else x; default = null; - type = lib.types.nullOr (lib.types.either lib.types.absolute-pathname source-types.file); + type = lib.types.nullOr (lib.types.oneOf [ + lib.types.absolute-pathname + lib.types.package + source-types.file + ]); }; git = lib.mkOption { default = null; diff --git a/pkgs/krops/default.nix b/pkgs/krops/default.nix index 8336b51..7fe8370 100644 --- a/pkgs/krops/default.nix +++ b/pkgs/krops/default.nix @@ -4,20 +4,14 @@ in { nix, openssh, populate, writers }: rec { - build = target: - runShell target (lib.concatStringsSep " " [ - "nix build" - "-I ${lib.escapeShellArg target.path}" - "--no-link -f '<nixpkgs/nixos>'" - "config.system.build.toplevel" - ]); - rebuild = args: target: - runShell target "nixos-rebuild -I ${lib.escapeShellArg target.path} ${ + runShell target {} "nixos-rebuild -I ${lib.escapeShellArg target.path} ${ lib.concatMapStringsSep " " lib.escapeShellArg args }"; - runShell = target: command: + runShell = target: { + allocateTTY ? false + }: command: let command' = if target.sudo then "sudo ${command}" else command; in @@ -26,9 +20,8 @@ in else writers.writeDash "krops.${target.host}.${lib.firstWord command}" '' exec ${openssh}/bin/ssh ${lib.escapeShellArgs (lib.flatten [ - (lib.optionals (target.user != "") ["-l" target.user]) - "-p" target.port - "-T" + (lib.mkUserPortSSHOpts target) + (if allocateTTY then "-t" else "-T") target.extraOptions target.host command'])} @@ -38,6 +31,7 @@ in command ? (targetPath: "echo ${targetPath}"), backup ? false, force ? false, + allocateTTY ? false, source, target }: let @@ -46,14 +40,14 @@ in writers.writeDash name '' set -efu ${populate { inherit backup force source; target = target'; }} - ${runShell target' (command target'.path)} + ${runShell target' { inherit allocateTTY; } (command target'.path)} ''; writeDeploy = name: { backup ? false, buildTarget ? null, crossDeploy ? false, - fast ? false, + fast ? null, force ? false, source, target @@ -64,26 +58,24 @@ in else lib.mkTarget buildTarget; target' = lib.mkTarget target; in - writers.writeDash name '' - set -efu - ${lib.optionalString (buildTarget' != target') - (populate { inherit backup force source; target = buildTarget'; })} - ${populate { inherit backup force source; target = target'; }} - ${lib.optionalString (! fast) '' - ${rebuild ["dry-build"] buildTarget'} - ${build buildTarget'} - ''} - ${rebuild ([ - "switch" - ] ++ lib.optionals crossDeploy [ - "--no-build-nix" - ] ++ lib.optionals (buildTarget' != target') [ - "--build-host" "${buildTarget'.user}@${buildTarget'.host}" - "--target-host" "${target'.user}@${target'.host}" - ] ++ lib.optionals target'.sudo [ - "--use-remote-sudo" - ]) buildTarget'} - ''; + lib.traceIf (fast != null) "writeDeploy: it's now always fast, setting the `fast` attribute is deprecated and will be removed in future" ( + writers.writeDash name '' + set -efu + ${lib.optionalString (buildTarget' != target') + (populate { inherit backup force source; target = buildTarget'; })} + ${populate { inherit backup force source; target = target'; }} + ${rebuild ([ + "switch" + ] ++ lib.optionals crossDeploy [ + "--no-build-nix" + ] ++ lib.optionals (buildTarget' != target') [ + "--build-host" "${buildTarget'.user}@${buildTarget'.host}" + "--target-host" "${target'.user}@${target'.host}" + ] ++ lib.optionals target'.sudo [ + "--use-remote-sudo" + ]) buildTarget'} + '' + ); writeTest = name: { backup ? false, diff --git a/pkgs/populate/default.nix b/pkgs/populate/default.nix index 517b12e..bf6f76d 100644 --- a/pkgs/populate/default.nix +++ b/pkgs/populate/default.nix @@ -45,10 +45,21 @@ let ''; pop.file = target: source: let - configAttrs = ["useChecksum" "exclude" "filters" "deleteExcluded"]; - config = filterAttrs (name: _: elem name configAttrs) source; + config = rsyncDefaultConfig // derivedConfig // sourceConfig; + derivedConfig = { + useChecksum = + if isStorePath source.path + then true + else rsyncDefaultConfig.useChecksum; + }; + sourceConfig = + filterAttrs (name: _: elem name (attrNames rsyncDefaultConfig)) source; + sourcePath = + if isStorePath source.path + then quote (toString source.path) + else quote source.path; in - rsync' target config (quote source.path); + rsync' target config sourcePath; pop.git = target: source: runShell target /* sh */ '' set -efu @@ -144,7 +155,7 @@ let echo "$local_pass_info" > "$tmp_dir"/.pass_info fi - ${rsync' target {} /* sh */ "$tmp_dir"} + ${rsync' target rsyncDefaultConfig /* sh */ "$tmp_dir"} ''; pop.pipe = target: source: /* sh */ '' @@ -172,17 +183,17 @@ let source_path=$source_path/ fi ${rsync}/bin/rsync \ - ${optionalString (config.useChecksum or false) /* sh */ "--checksum"} \ + ${optionalString config.useChecksum /* sh */ "--checksum"} \ ${optionalString target.sudo /* sh */ "--rsync-path=\"sudo rsync\""} \ ${concatMapStringsSep " " (pattern: /* sh */ "--exclude ${quote pattern}") - (config.exclude or [])} \ + config.exclude} \ ${concatMapStringsSep " " (filter: /* sh */ "--${filter.type} ${quote filter.pattern}") - (config.filters or [])} \ + config.filters} \ -e ${quote (ssh' target)} \ -vFrlptD \ - ${optionalString (config.deleteExcluded or true) /* sh */ "--delete-excluded"} \ + ${optionalString config.deleteExcluded /* sh */ "--delete-excluded"} \ "$source_path" \ ${quote ( optionalString (!isLocalTarget target) ( @@ -194,6 +205,13 @@ let >&2 ''; + rsyncDefaultConfig = { + useChecksum = false; + exclude = []; + filters = []; + deleteExcluded = true; + }; + runShell = target: command: if isLocalTarget target then command @@ -206,8 +224,7 @@ let ssh' = target: concatMapStringsSep " " quote (flatten [ "${openssh}/bin/ssh" - (optionals (target.user != "") ["-l" target.user]) - "-p" target.port + (mkUserPortSSHOpts target) "-T" target.extraOptions ]); |