1
0
Fork 0
mirror of https://cgit.krebsco.de/krops synced 2024-12-23 10:19:52 +01:00

ssh, rsync: support using sudo on remote

This allows deployment of remote hosts without having ssh access to the
root user. Passwordless sudo is recommended since krops will use
multiple ssh sessions and the password will not be remembered.

Closes https://github.com/krebs/krops/issues/3
This commit is contained in:
Milan Pässler 2019-11-29 12:34:31 +01:00
parent 2e94e6eb24
commit cd21575333
3 changed files with 11 additions and 6 deletions

View file

@ -46,12 +46,13 @@ let {
default = defVal: val: if val != null then val else defVal;
parse = lib.match "(([^@]+)@)?(([^:/]+))?(:([^/]+))?(/.*)?" s;
elemAt' = xs: i: if lib.length xs > i then lib.elemAt xs i else null;
in {
in if lib.isString s then {
user = default (lib.getEnv "LOGNAME") (elemAt' parse 1);
host = default (lib.maybeEnv "HOSTNAME" lib.getHostName) (elemAt' parse 3);
port = default "22" /* "ssh"? */ (elemAt' parse 5);
path = default "/var/src" /* no default? */ (elemAt' parse 6);
};
sudo = false;
} else s;
shell = let
isSafeChar = lib.testString "[-+./0-9:=A-Z_a-z]";

View file

@ -26,7 +26,7 @@ in
"-p" target.port
"-t"
target.host
command
(if target.sudo then command else "sudo ${command}")
];
};

View file

@ -157,6 +157,7 @@ let
fi
${rsync}/bin/rsync \
${optionalString (config.useChecksum or false) /* sh */ "--checksum"} \
${optionalString target.sudo /* sh */ "--rsync-path=\"sudo rsync\""} \
-e ${quote (ssh' target)} \
-vFrlptD \
--delete-excluded \
@ -172,9 +173,12 @@ let
shell' = target: script:
if isLocalTarget target
then script
else /* sh */ ''
${ssh' target} ${quote target.host} ${quote script}
'';
else
if target.sudo then /* sh */ ''
${ssh' target} ${quote target.host} ${quote "sudo bash -c ${quote script}"}
'' else ''
${ssh' target} ${quote target.host} ${quote script}
'';
ssh' = target: concatMapStringsSep " " quote [
"${openssh}/bin/ssh"