From cd215753338c9e077516deabac11735dfb624f06 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Milan=20P=C3=A4ssler?= <me@pbb.lc>
Date: Fri, 29 Nov 2019 12:34:31 +0100
Subject: ssh, rsync: support using sudo on remote

This allows deployment of remote hosts without having ssh access to the
root user. Passwordless sudo is recommended since krops will use
multiple ssh sessions and the password will not be remembered.

Closes https://github.com/krebs/krops/issues/3
---
 lib/default.nix           |  5 +++--
 pkgs/krops/default.nix    |  2 +-
 pkgs/populate/default.nix | 10 +++++++---
 3 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/lib/default.nix b/lib/default.nix
index 48e005e..bed284d 100644
--- a/lib/default.nix
+++ b/lib/default.nix
@@ -46,12 +46,13 @@ let {
       default = defVal: val: if val != null then val else defVal;
       parse = lib.match "(([^@]+)@)?(([^:/]+))?(:([^/]+))?(/.*)?" s;
       elemAt' = xs: i: if lib.length xs > i then lib.elemAt xs i else null;
-    in {
+    in if lib.isString s then {
       user = default (lib.getEnv "LOGNAME") (elemAt' parse 1);
       host = default (lib.maybeEnv "HOSTNAME" lib.getHostName) (elemAt' parse 3);
       port = default "22" /* "ssh"? */ (elemAt' parse 5);
       path = default "/var/src" /* no default? */ (elemAt' parse 6);
-    };
+      sudo = false;
+    } else s;
 
     shell = let
       isSafeChar = lib.testString "[-+./0-9:=A-Z_a-z]";
diff --git a/pkgs/krops/default.nix b/pkgs/krops/default.nix
index 13de4ce..e72e94c 100644
--- a/pkgs/krops/default.nix
+++ b/pkgs/krops/default.nix
@@ -26,7 +26,7 @@ in
         "-p" target.port
         "-t"
         target.host
-        command
+        (if target.sudo then command else "sudo ${command}")
       ];
     };
 
diff --git a/pkgs/populate/default.nix b/pkgs/populate/default.nix
index 1367a50..8a383b1 100644
--- a/pkgs/populate/default.nix
+++ b/pkgs/populate/default.nix
@@ -157,6 +157,7 @@ let
     fi
     ${rsync}/bin/rsync \
         ${optionalString (config.useChecksum or false) /* sh */ "--checksum"} \
+        ${optionalString target.sudo /* sh */ "--rsync-path=\"sudo rsync\""} \
         -e ${quote (ssh' target)} \
         -vFrlptD \
         --delete-excluded \
@@ -172,9 +173,12 @@ let
   shell' = target: script:
     if isLocalTarget target
       then script
-      else /* sh */ ''
-        ${ssh' target} ${quote target.host} ${quote script}
-      '';
+      else
+        if target.sudo then /* sh */ ''
+          ${ssh' target} ${quote target.host} ${quote "sudo bash -c ${quote script}"}
+        '' else ''
+          ${ssh' target} ${quote target.host} ${quote script}
+        '';
 
   ssh' = target: concatMapStringsSep " " quote [
     "${openssh}/bin/ssh"
-- 
cgit v1.2.3