Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixops
base: 304a1d39abda
Choose a base ref
...
head repository: NixOS/nixops
compare: d12bac6b1660
Choose a head ref
  • 16 commits
  • 7 files changed
  • 3 contributors

Commits on May 2, 2020

  1. Add support for non-root deployments 

    This adds a new `deployment` configuration attribute (`targetUser`).
To inherit the username from the local user issuing the deployment
set:
```
deployment.targetUser = null;
```
Setting this to a string will deploy as that user. This option
defaults to "root".

 ### We assume the following for non-root deploys:

- Passwordless sudo (no TTY allocation possible)

I'm using the following NixOS configuration
```
security.pam.services.sudo.sshAgentAuth = true;
security.pam.enableSSHAgentAuth = true;
```

- The deployment user is trusted by the Nix daemon
```
nix.trustedUsers = [ "adisbladis" ];
```
This is required because of nix-copy-closure.

Closes #730
    @adisbladis
    adisbladis committed May 2, 2020
    Copy the full SHA
    2144102 View commit details
    Browse the repository at this point in the history

  2. Make SSH user non-optional internally

    @adisbladis
    adisbladis committed May 2, 2020
    Copy the full SHA
    05b89ea View commit details
    Browse the repository at this point in the history

  3. Add extra SSH options attribute to deployment

    @adisbladis
    adisbladis committed May 2, 2020
    Copy the full SHA
    a4299c6 View commit details
    Browse the repository at this point in the history

  4. Make privilege escalation command configurable

    @adisbladis
    adisbladis committed May 2, 2020
    Copy the full SHA
    0d9994b View commit details
    Browse the repository at this point in the history

  5. targetUser option: Clarify what happens when option set to null

    @adisbladis
    adisbladis committed May 2, 2020
    Copy the full SHA
    b025338 View commit details
    Browse the repository at this point in the history

  6. backends: Remove redundant ssh_user check

    @adisbladis
    adisbladis committed May 2, 2020
    Copy the full SHA
    b230b2b View commit details
    Browse the repository at this point in the history

  7. deployment.privilegeEscalationCommand: Add note about ending privileg… 

    …e escalation command with --
    @adisbladis
    adisbladis committed May 2, 2020
    Copy the full SHA
    7ad4abf View commit details
    Browse the repository at this point in the history

  8. ssh_util.get_target: user is non-optional, remove None check

    @adisbladis
    adisbladis committed May 2, 2020
    Copy the full SHA
    9d458f8 View commit details
    Browse the repository at this point in the history

  9. Make an explicit targetUser required (dont suppor the None) case 

    This is so that we won't get inconsistencies between different
subcommands like `nixops send-keys` (which doesn't eval) the
deployment attributes.

This change should be reverted at a later date when we have made these
commands evaluate the configuration.
    @adisbladis
    adisbladis committed May 2, 2020
    Copy the full SHA
    0678350 View commit details
    Browse the repository at this point in the history

Commits on May 4, 2020

  1. script_defs: Get ssh user from machine in parse_machine

    @adisbladis
    adisbladis committed May 4, 2020
    Copy the full SHA
    76d5396 View commit details
    Browse the repository at this point in the history

  2. script_defs: Get machine directly from parse_machine

    @adisbladis
    adisbladis committed May 4, 2020
    Copy the full SHA
    f116003 View commit details
    Browse the repository at this point in the history

  3. script_defs: Parse path for nixops mount directly using the passed ma… 

    …chine

Also extend `nixops mount` with full support for all SSH arguments.
    @adisbladis
    adisbladis committed May 4, 2020
    Copy the full SHA
    59dd268 View commit details
    Browse the repository at this point in the history

  4. backends: Add privilege_escalation_command to state

    @adisbladis
    adisbladis committed May 4, 2020
    Copy the full SHA
    03663db View commit details
    Browse the repository at this point in the history

  5. docs: non-root deployments 

    Co-authored-by: Cole Helbling <cole.e.helbling@outlook.com>
    @grahamc @cole-h @adisbladis
    2 people authored and adisbladis committed May 4, 2020
    Copy the full SHA
    ed18159 View commit details
    Browse the repository at this point in the history

  6. nixops ssh,mount: document the interaction with targetUser 

    Co-authored-by: Cole Helbling <cole.e.helbling@outlook.com>
    @grahamc @cole-h @adisbladis
    2 people authored and adisbladis committed May 4, 2020
    Copy the full SHA
    8818250 View commit details
    Browse the repository at this point in the history

Commits on May 5, 2020

  1. Merge pull request #1270 from adisbladis/non-root-deploys 

    Add support for non-root deployments
    @grahamc
    grahamc committed May 5, 2020
    Copy the full SHA
    d12bac6 View commit details
    Browse the repository at this point in the history