hive: Support NixOS containers as targets

2024-09-11 17:56:46 +03:00 · 2022-07-19 21:04:37 +01:00 · 2022-07-19 21:04:37 +01:00 · 5a5ee46544
commit 5a5ee46544
parent 5d2f128515
4 changed files with 34 additions and 2 deletions
--- a/src/nix/hive/options.nix
+++ b/src/nix/hive/options.nix
@ -124,6 +124,14 @@ with builtins; rec {
          type = types.nullOr types.str;
          default = "root";
        };
+        targetContainer = lib.mkOption {
+          description = ''
+            If set to a string, Colmena will update a container on the
+            target host instead of updating the target host itself.
+          '';
+          type = types.nullOr types.str;
+          default = null;
+        };
        allowLocalDeployment = lib.mkOption {
          description = ''
            Allow the configuration to be applied locally on the host running
--- a/src/nix/host/ssh.rs
+++ b/src/nix/host/ssh.rs
@ -26,6 +26,9 @@ pub struct Ssh {
    /// The port to connect to.
    port: Option<u16>,

+    /// The container to target on the host.
+    container: Option<String>,
+
    /// Local path to a ssh_config file.
    ssh_config: Option<PathBuf>,

@ -162,11 +165,12 @@ impl Host for Ssh {
 }

 impl Ssh {
-    pub fn new(user: Option<String>, host: String) -> Self {
+    pub fn new(user: Option<String>, host: String, container: Option<String>) -> Self {
        Self {
            user,
            host,
            port: None,
+            container,
            ssh_config: None,
            privilege_escalation_command: Vec::new(),
            job: None,
@ -199,6 +203,17 @@ impl Ssh {
            &[]
        };

+        // This scopes the command to a named container on the NixOS host, if requested.
+        let container_scope_command = match &self.container {
+            Some(container) => vec![
+                "nixos-container",
+                "run",
+                container.as_ref(),
+                "--"
+            ],
+            None => vec![]
+        };
+
        let mut cmd = Command::new("ssh");

        cmd
@ -206,6 +221,7 @@ impl Ssh {
            .args(&options)
            .arg("--")
            .args(privilege_escalation_command)
+            .args(container_scope_command.as_slice())
            .args(command)
            .env("NIX_SSHOPTS", options_str);

--- a/src/nix/mod.rs
+++ b/src/nix/mod.rs
@ -64,6 +64,9 @@ pub struct NodeConfig {
    #[serde(rename = "targetPort")]
    target_port: Option<u16>,

+    #[serde(rename = "targetContainer")]
+    target_container: Option<String>,
+
    #[serde(rename = "allowLocalDeployment")]
    allow_local_deployment: bool,

@ -174,7 +177,11 @@ impl NodeConfig {

    pub fn to_ssh_host(&self) -> Option<Ssh> {
        self.target_host.as_ref().map(|target_host| {
-            let mut host = Ssh::new(self.target_user.clone(), target_host.clone());
+            let mut host = Ssh::new(
+                self.target_user.clone(),
+                target_host.clone(),
+                self.target_container.clone()
+            );
            host.set_privilege_escalation_command(self.privilege_escalation_command.clone());

            if let Some(target_port) = self.target_port {
--- a/src/nix/node_filter.rs
+++ b/src/nix/node_filter.rs
@ -207,6 +207,7 @@ mod tests {
            target_host: None,
            target_user: None,
            target_port: None,
+            target_container: None,
            allow_local_deployment: false,
            build_on_target: false,
            replace_unknown_profiles: false,