diff --git a/nixos/doc/manual/man-nixos-rebuild.xml b/nixos/doc/manual/man-nixos-rebuild.xml
index d0ff81c1dbb377b..ca9f38fe23d25ba 100644
--- a/nixos/doc/manual/man-nixos-rebuild.xml
+++ b/nixos/doc/manual/man-nixos-rebuild.xml
@@ -538,10 +538,24 @@
- When set, nixos-rebuild prefixes remote commands that run on
+ When set, nixos-rebuild prefixes ALL remote commands that run on
the and
- systems with sudo. Setting this option allows
- deploying as a non-root user.
+ systems with sudo. This is an legacy option and
+ is kind of over-powered.
+ is enough for most of cases.
+
+
+
+
+
+
+
+
+
+
+ When set, nixos-rebuild prefixes only activation commands that run on
+ the systems with sudo.
+ Setting this option allows deploying as a non-root user.
diff --git a/pkgs/os-specific/linux/nixos-rebuild/nixos-rebuild.sh b/pkgs/os-specific/linux/nixos-rebuild/nixos-rebuild.sh
index 47179afe515f6ee..c085e6c3dabc343 100644
--- a/pkgs/os-specific/linux/nixos-rebuild/nixos-rebuild.sh
+++ b/pkgs/os-specific/linux/nixos-rebuild/nixos-rebuild.sh
@@ -28,7 +28,8 @@ repair=
profile=/nix/var/nix/profiles/system
buildHost=
targetHost=
-maybeSudo=()
+remoteSudo=
+remoteSudoActivate=
while [ "$#" -gt 0 ]; do
i="$1"; shift 1
@@ -101,7 +102,11 @@ while [ "$#" -gt 0 ]; do
shift 1
;;
--use-remote-sudo)
- maybeSudo=(sudo --)
+ echo "warning: \`--use-remote-sudo' is over-powered. Try \`--use-remote-sudo-activate' instead" >&2
+ remoteSudo=1
+ ;;
+ --use-remote-sudo-activate)
+ remoteSudoActivate=1
;;
--flake)
flake="$1"
@@ -127,8 +132,9 @@ while [ "$#" -gt 0 ]; do
esac
done
+# FIXME: Undocumented behavior?
if [ -n "$SUDO_USER" ]; then
- maybeSudo=(sudo --)
+ remoteSudo=1
fi
if [ -z "$buildHost" -a -n "$targetHost" ]; then
@@ -144,18 +150,28 @@ fi
buildHostCmd() {
if [ -z "$buildHost" ]; then
"$@"
- elif [ -n "$remoteNix" ]; then
- ssh $SSHOPTS "$buildHost" env PATH="$remoteNix":'$PATH' "${maybeSudo[@]}" "$@"
else
- ssh $SSHOPTS "$buildHost" "${maybeSudo[@]}" "$@"
+ ssh $SSHOPTS "$buildHost" \
+ ${remoteSudo:+-t sudo --} \
+ ${remoteNix:+env PATH="$remoteNix":'$PATH'} \
+ "$@"
fi
}
targetHostCmd() {
if [ -z "$targetHost" ]; then
- "${maybeSudo[@]}" "$@"
+ # FIXME: As the documentation, there should be no sudo. But kept for compatibility.
+ ${remoteSudo:+sudo --} "$@"
+ else
+ ssh $SSHOPTS "$targetHost" ${remoteSudo:+-t sudo --} "$@"
+ fi
+}
+
+targetHostCmdActivate() {
+ if [ -n "$remoteSudoActivate" ]; then
+ remoteSudo=1 targetHostCmd "$@"
else
- ssh $SSHOPTS "$targetHost" "${maybeSudo[@]}" "$@"
+ targetHostCmd "$@"
fi
}
@@ -424,7 +440,7 @@ if [ -z "$rollback" ]; then
pathToConfig="$(readlink -f $outLink)"
fi
copyToTarget "$pathToConfig"
- targetHostCmd nix-env -p "$profile" --set "$pathToConfig"
+ targetHostCmdActivate nix-env -p "$profile" --set "$pathToConfig"
elif [ "$action" = test -o "$action" = build -o "$action" = dry-build -o "$action" = dry-activate ]; then
if [[ -z $flake ]]; then
pathToConfig="$(nixBuild '' -A system -k "${extraBuildFlags[@]}")"
@@ -457,7 +473,7 @@ if [ -z "$rollback" ]; then
fi
else # [ -n "$rollback" ]
if [ "$action" = switch -o "$action" = boot ]; then
- targetHostCmd nix-env --rollback -p "$profile"
+ targetHostCmdActivate nix-env --rollback -p "$profile"
pathToConfig="$profile"
elif [ "$action" = test -o "$action" = build ]; then
systemNumber=$(
@@ -477,7 +493,7 @@ fi
# If we're not just building, then make the new configuration the boot
# default and/or activate it now.
if [ "$action" = switch -o "$action" = boot -o "$action" = test -o "$action" = dry-activate ]; then
- if ! targetHostCmd $pathToConfig/bin/switch-to-configuration "$action"; then
+ if ! targetHostCmdActivate $pathToConfig/bin/switch-to-configuration "$action"; then
echo "warning: error(s) occurred while switching to the new configuration" >&2
exit 1
fi