ALPHA: wire is a tool to deploy nixos systems
wire.althaea.zone/
add the two missing colmena options (#338)
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
authored by
marshmallow
autofix-ci[bot]
and committed by
GitHub
80eefa85
f1a2429e
+53
-19
+1
-1
runtime/evaluate.nix
+1
-1
runtime/evaluate.nix
+21
runtime/module/options.nix
+21
runtime/module/options.nix
···
73
73
];
74
74
};
75
75
76
+
privilegeEscalationCommand = lib.mkOption {
77
+
type = types.listOf types.str;
78
+
description = "Command to elevate.";
79
+
default = [
80
+
"sudo"
81
+
"--"
82
+
];
83
+
};
84
+
85
+
replaceUnknownProfiles = lib.mkOption {
86
+
type = types.bool;
87
+
description = "No-op, colmena compatability";
88
+
default = true;
89
+
};
90
+
91
+
sshOptions = lib.mkOption {
92
+
type = types.listOf types.str;
93
+
description = "No-op, colmena compatability";
94
+
default = [ ];
95
+
};
96
+
76
97
_keys = lib.mkOption {
77
98
internal = true;
78
99
readOnly = true;
+4
-4
wire/lib/src/commands/interactive.rs
+4
-4
wire/lib/src/commands/interactive.rs
···
126
126
}
127
127
}
128
128
129
-
#[instrument(skip_all, name = "run-int", fields(elevated = %arguments.elevated))]
129
+
#[instrument(skip_all, name = "run-int", fields(elevated = %arguments.is_elevated()))]
130
130
pub(crate) fn interactive_command_with_env<S: AsRef<str>>(
131
131
arguments: &CommandArguments<S>,
132
132
envs: std::collections::HashMap<String, String>,
···
258
258
fn print_authenticate_warning<S: AsRef<str>>(
259
259
arguments: &CommandArguments<S>,
260
260
) -> Result<(), HiveLibError> {
261
-
if !arguments.elevated {
261
+
if !arguments.is_elevated() {
262
262
return Ok(());
263
263
}
264
264
···
330
330
command
331
331
};
332
332
333
-
if arguments.elevated {
334
-
command.arg(format!("sudo -u root -- sh -c '{command_string}'"));
333
+
if let Some(escalation_command) = &arguments.privilege_escalation_command {
334
+
command.arg(format!("{escalation_command} sh -c '{command_string}'"));
335
335
} else {
336
336
command.arg(command_string);
337
337
}
+11
-5
wire/lib/src/commands/mod.rs
+11
-5
wire/lib/src/commands/mod.rs
···
5
5
6
6
use aho_corasick::AhoCorasick;
7
7
use gjson::Value;
8
+
use itertools::Itertools;
8
9
use nix_compat::log::{AT_NIX_PREFIX, VerbosityLevel};
9
10
use num_enum::TryFromPrimitive;
10
11
use tracing::{debug, error, info, trace, warn};
···
16
17
noninteractive::{NonInteractiveChildChip, non_interactive_command_with_env},
17
18
},
18
19
errors::{CommandError, HiveLibError},
19
-
hive::node::Target,
20
+
hive::node::{Node, Target},
20
21
};
21
22
22
23
pub(crate) mod common;
···
44
45
output_mode: ChildOutputMode,
45
46
command_string: S,
46
47
keep_stdin_open: bool,
47
-
elevated: bool,
48
+
privilege_escalation_command: Option<String>,
48
49
log_stdout: bool,
49
50
}
50
51
···
61
62
Self {
62
63
command_string,
63
64
keep_stdin_open: false,
64
-
elevated: false,
65
+
privilege_escalation_command: None,
65
66
log_stdout: false,
66
67
target: None,
67
68
output_mode: ChildOutputMode::Generic,
···
84
85
self
85
86
}
86
87
87
-
pub(crate) const fn elevated(mut self) -> Self {
88
-
self.elevated = true;
88
+
pub(crate) fn elevated(mut self, node: &Node) -> Self {
89
+
self.privilege_escalation_command =
90
+
Some(node.privilege_escalation_command.iter().join(" "));
89
91
self
92
+
}
93
+
94
+
pub(crate) const fn is_elevated(&self) -> bool {
95
+
self.privilege_escalation_command.is_some()
90
96
}
91
97
92
98
pub(crate) const fn log_stdout(mut self) -> Self {
+3
-3
wire/lib/src/commands/noninteractive.rs
+3
-3
wire/lib/src/commands/noninteractive.rs
···
31
31
stdin: ChildStdin,
32
32
}
33
33
34
-
#[instrument(skip_all, name = "run", fields(elevated = %arguments.elevated))]
34
+
#[instrument(skip_all, name = "run", fields(elevated = %arguments.is_elevated()))]
35
35
pub(crate) fn non_interactive_command_with_env<S: AsRef<str>>(
36
36
arguments: &CommandArguments<S>,
37
37
envs: HashMap<String, String>,
···
55
55
}
56
56
);
57
57
58
-
let command_string = if arguments.elevated {
59
-
format!("sudo -u root -- sh -c '{command_string}'")
58
+
let command_string = if let Some(escalation_command) = &arguments.privilege_escalation_command {
59
+
format!("{escalation_command} sh -c '{command_string}'")
60
60
} else {
61
61
command_string
62
62
};
+1
-1
wire/lib/src/errors.rs
+1
-1
wire/lib/src/errors.rs
···
134
134
135
135
#[diagnostic(
136
136
code(wire::hive_init::Parse),
137
-
help("Please create an issue!"),
137
+
help("If you cannot resolve this problem, please create an issue."),
138
138
url("{DOCS_URL}#{}", self.code().unwrap())
139
139
)]
140
140
#[error("Failed to parse internal wire json.")]
+1
-1
wire/lib/src/hive/mod.rs
+1
-1
wire/lib/src/hive/mod.rs
+7
wire/lib/src/hive/node.rs
+7
wire/lib/src/hive/node.rs
···
171
171
172
172
#[serde(rename(deserialize = "_hostPlatform", serialize = "host_platform"))]
173
173
pub host_platform: Arc<str>,
174
+
175
+
#[serde(rename(
176
+
deserialize = "privilegeEscalationCommand",
177
+
serialize = "privilege_escalation_command"
178
+
))]
179
+
pub privilege_escalation_command: im::Vector<Arc<str>>,
174
180
}
175
181
176
182
#[cfg(test)]
···
180
186
target: Target::default(),
181
187
keys: im::Vector::new(),
182
188
tags: im::HashSet::new(),
189
+
privilege_escalation_command: vec!["sudo".into(), "--".into()].into(),
183
190
allow_local_deployment: true,
184
191
build_remotely: false,
185
192
host_platform: "x86_64-linux".into(),
+3
-3
wire/lib/src/hive/steps/activate.rs
+3
-3
wire/lib/src/hive/steps/activate.rs
···
57
57
} else {
58
58
Some(&ctx.node.target)
59
59
})
60
-
.elevated(),
60
+
.elevated(ctx.node),
61
61
)?;
62
62
63
63
let _ = child
···
111
111
} else {
112
112
Some(&ctx.node.target)
113
113
})
114
-
.elevated()
114
+
.elevated(ctx.node)
115
115
.log_stdout(),
116
116
)?;
117
117
···
135
135
&CommandArguments::new("reboot now", ctx.modifiers)
136
136
.log_stdout()
137
137
.on_target(Some(&ctx.node.target))
138
-
.elevated(),
138
+
.elevated(ctx.node),
139
139
)?;
140
140
141
141
// consume result, impossible to know if the machine failed to reboot or we