nix-community/nixos-anywhere
1
1
Fork 0
mirror of https://github.com/nix-community/nixos-anywhere.git synced 2024-08-16 20:00:36 +03:00
Code Issues Packages Projects Releases Wiki Activity

fix(rebuild): use sudo if rebuild with another user than root

Browse Source 
In order to switch the NixOS configuration, we must have root access.
If we are connecting to the target host with a non-root user, we use the "sudo" command.

We could instead use `nixos-rebuild --use-remote-sudo --target-host` but it
would evaluate the nixos system again.
This commit is contained in:
Jean-François Roche 2023-03-31 11:54:44 +02:00
parent ac1eaaf67b
commit 4371932193
2 changed files with 14 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
terraform/nixos-rebuild/deploy.sh
View File

@ -2,16 +2,19 @@
set -uex -o pipefail set -uex -o pipefail
if [ "$#" -ne 3 ]; then if [ "$#" -ne 4 ]; then
echo "USAGE: $0 NIXOS_SYSTEM TARGET_HOST TARGET_PORT" >&2 echo "USAGE: $0 NIXOS_SYSTEM TARGET_USER TARGET_HOST TARGET_PORT" >&2
exit 1 exit 1
fi fi
NIXOS_SYSTEM=$1 NIXOS_SYSTEM=$1
TARGET_HOST=$2 TARGET_USER=$2
TARGET_PORT=$3 TARGET_HOST=$3
TARGET_PORT=$4
shift 3 shift 3
TARGET="${TARGET_USER}@${TARGET_HOST}"
workDir=$(mktemp -d) workDir=$(mktemp -d)
trap 'rm -rf "$workDir"' EXIT trap 'rm -rf "$workDir"' EXIT
@ -31,7 +34,7 @@ if [[ -n ${SSH_KEY+x} && ${SSH_KEY} != "-" ]]; then
fi fi
try=1 try=1
until NIX_SSHOPTS="${sshOpts[*]}" nix copy -s --experimental-features nix-command --to "ssh://$TARGET_HOST" "$NIXOS_SYSTEM"; do until NIX_SSHOPTS="${sshOpts[*]}" nix copy -s --experimental-features nix-command --to "ssh://$TARGET" "$NIXOS_SYSTEM"; do
if [[ $try -gt 10 ]]; then if [[ $try -gt 10 ]]; then
echo "retries exhausted" >&2 echo "retries exhausted" >&2
exit 1 exit 1
@ -40,5 +43,9 @@ until NIX_SSHOPTS="${sshOpts[*]}" nix copy -s --experimental-features nix-comman
try=$((try + 1)) try=$((try + 1))
done done
switchCommand="nix-env -p /nix/var/nix/profiles/system --set $(printf "%q" "$NIXOS_SYSTEM"); /nix/var/nix/profiles/system/bin/switch-to-configuration switch"
if [[ $TARGET_USER != "root" ]]; then
switchCommand="sudo bash -c '$switchCommand'"
fi
# shellcheck disable=SC2029 # shellcheck disable=SC2029
ssh "${sshOpts[@]}" "$TARGET_HOST" "nix-env -p /nix/var/nix/profiles/system --set $(printf "%q" "$NIXOS_SYSTEM"); /nix/var/nix/profiles/system/bin/switch-to-configuration switch" || : ssh "${sshOpts[@]}" "$TARGET" "$switchCommand"

2
terraform/nixos-rebuild/main.tf
View File

@ -7,6 +7,6 @@ resource "null_resource" "nixos-rebuild" {
SSH_KEY = var.ssh_private_key SSH_KEY = var.ssh_private_key
} }
command = "${path.module}/deploy.sh ${var.nixos_system} ${var.target_user}@${var.target_host} ${var.target_port}" command = "${path.module}/deploy.sh ${var.nixos_system} ${var.target_user} ${var.target_host} ${var.target_port}"
} }
} }