aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMilan Pässler <me@pbb.lc>2019-11-29 12:34:31 +0100
committerMilan Pässler <me@pbb.lc>2019-11-29 12:56:03 +0100
commitcd215753338c9e077516deabac11735dfb624f06 (patch)
treea31a177d0c333b4144de0e6650a72ebc2a5c7101
parent2e94e6eb24eec23075e5925f8de7468b3489d4fb (diff)
ssh, rsync: support using sudo on remote
This allows deployment of remote hosts without having ssh access to the root user. Passwordless sudo is recommended since krops will use multiple ssh sessions and the password will not be remembered. Closes https://github.com/krebs/krops/issues/3
-rw-r--r--lib/default.nix5
-rw-r--r--pkgs/krops/default.nix2
-rw-r--r--pkgs/populate/default.nix10
3 files changed, 11 insertions, 6 deletions
diff --git a/lib/default.nix b/lib/default.nix
index 48e005e..bed284d 100644
--- a/lib/default.nix
+++ b/lib/default.nix
@@ -46,12 +46,13 @@ let {
default = defVal: val: if val != null then val else defVal;
parse = lib.match "(([^@]+)@)?(([^:/]+))?(:([^/]+))?(/.*)?" s;
elemAt' = xs: i: if lib.length xs > i then lib.elemAt xs i else null;
- in {
+ in if lib.isString s then {
user = default (lib.getEnv "LOGNAME") (elemAt' parse 1);
host = default (lib.maybeEnv "HOSTNAME" lib.getHostName) (elemAt' parse 3);
port = default "22" /* "ssh"? */ (elemAt' parse 5);
path = default "/var/src" /* no default? */ (elemAt' parse 6);
- };
+ sudo = false;
+ } else s;
shell = let
isSafeChar = lib.testString "[-+./0-9:=A-Z_a-z]";
diff --git a/pkgs/krops/default.nix b/pkgs/krops/default.nix
index 13de4ce..e72e94c 100644
--- a/pkgs/krops/default.nix
+++ b/pkgs/krops/default.nix
@@ -26,7 +26,7 @@ in
"-p" target.port
"-t"
target.host
- command
+ (if target.sudo then command else "sudo ${command}")
];
};
diff --git a/pkgs/populate/default.nix b/pkgs/populate/default.nix
index 1367a50..8a383b1 100644
--- a/pkgs/populate/default.nix
+++ b/pkgs/populate/default.nix
@@ -157,6 +157,7 @@ let
fi
${rsync}/bin/rsync \
${optionalString (config.useChecksum or false) /* sh */ "--checksum"} \
+ ${optionalString target.sudo /* sh */ "--rsync-path=\"sudo rsync\""} \
-e ${quote (ssh' target)} \
-vFrlptD \
--delete-excluded \
@@ -172,9 +173,12 @@ let
shell' = target: script:
if isLocalTarget target
then script
- else /* sh */ ''
- ${ssh' target} ${quote target.host} ${quote script}
- '';
+ else
+ if target.sudo then /* sh */ ''
+ ${ssh' target} ${quote target.host} ${quote "sudo bash -c ${quote script}"}
+ '' else ''
+ ${ssh' target} ${quote target.host} ${quote script}
+ '';
ssh' = target: concatMapStringsSep " " quote [
"${openssh}/bin/ssh"