Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
Add support for non-root deployments #1270
This adds a new
deployment.targetUser = null;
Setting this to a string will deploy as that user. This option
We assume the following for non-root deploys:
I'm using the following NixOS configuration
security.pam.services.sudo.sshAgentAuth = true; security.pam.enableSSHAgentAuth = true;
For this use-case I've introduced:
deployment.sshOptions = [ "-A" ];
nix.trustedUsers = [ "adisbladis" ];
This is required because of nix-copy-closure.
I'm thinking we should make two things more configurable, and less "baked-in":
Done! The option is in
This is now called
I gave this a go on a regular ol' server and it worked well. I then tried it on
I think we're going to need to go back to the drawing board a bit and plan this a bit more. In particular:
Leaving me with a couple questions:
I'm sorry to drag this PR out.
This is so that we won't get inconsistencies between different subcommands like `nixops send-keys` (which doesn't eval) the deployment attributes. This change should be reverted at a later date when we have made these commands evaluate the configuration.