ssh, rsync: support using sudo on remote

This allows deployment of remote hosts without having ssh access to the
root user. Passwordless sudo is recommended since krops will use
multiple ssh sessions and the password will not be remembered.

Closes https://github.com/krebs/krops/issues/3

lib/default.nix

@@ -46,12 +46,13 @@ let {
       default = defVal: val: if val != null then val else defVal;
       parse = lib.match "(([^@]+)@)?(([^:/]+))?(:([^/]+))?(/.*)?" s;
       elemAt' = xs: i: if lib.length xs > i then lib.elemAt xs i else null;
-    in {
+    in if lib.isString s then {
       user = default (lib.getEnv "LOGNAME") (elemAt' parse 1);
       host = default (lib.maybeEnv "HOSTNAME" lib.getHostName) (elemAt' parse 3);
       port = default "22" /* "ssh"? */ (elemAt' parse 5);
       path = default "/var/src" /* no default? */ (elemAt' parse 6);
-    };
+      sudo = false;
+    } else s;
 
     shell = let
       isSafeChar = lib.testString "[-+./0-9:=A-Z_a-z]";

pkgs/krops/default.nix

@@ -26,7 +26,7 @@ in
         "-p" target.port
         "-t"
         target.host
-        command
+        (if target.sudo then command else "sudo ${command}")
       ];
     };
 

pkgs/populate/default.nix

@@ -157,6 +157,7 @@ let
     fi
     ${rsync}/bin/rsync \
         ${optionalString (config.useChecksum or false) /* sh */ "--checksum"} \
+        ${optionalString target.sudo /* sh */ "--rsync-path=\"sudo rsync\""} \
         -e ${quote (ssh' target)} \
         -vFrlptD \
         --delete-excluded \
@@ -172,9 +173,12 @@ let
   shell' = target: script:
     if isLocalTarget target
       then script
-      else /* sh */ ''
-        ${ssh' target} ${quote target.host} ${quote script}
-      '';
+      else
+        if target.sudo then /* sh */ ''
+          ${ssh' target} ${quote target.host} ${quote "sudo bash -c ${quote script}"}
+        '' else ''
+          ${ssh' target} ${quote target.host} ${quote script}
+        '';
 
   ssh' = target: concatMapStringsSep " " quote [
     "${openssh}/bin/ssh"