yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

checks/installation-without-system: modify to install through normal user instead of root

Browse Source
This commit is contained in:
Qubasa
2025-03-26 18:35:20 +01:00
parent 351ce1414a
commit d1a79653fe
3 changed files with 50 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
checks/installation-without-system/flake-module.nix
View File

@@ -165,7 +165,6 @@
(modulesPath + "/../tests/common/auto-format-root-device.nix")
];
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keyFiles = [ ../lib/ssh/pubkey ];
system.nixos.variant_id = "installer";
environment.systemPackages = [ pkgs.nixos-facter ];
virtualisation.emptyDiskImages = [ 512 ];
@@ -184,6 +183,12 @@
"flakes"
];
};
users.users.nonrootuser = {
isNormalUser = true;
openssh.authorizedKeys.keyFiles = [ ../lib/ssh/pubkey ];
extraGroups = [ "wheel" ];
};
security.sudo.wheelNeedsPassword = false;
system.extraDependencies = dependencies;
};
nodes.client = {
@@ -211,14 +216,14 @@
installer.start()
client.succeed("${pkgs.coreutils}/bin/install -Dm 600 ${../lib/ssh/privkey} /root/.ssh/id_ed25519")
client.wait_until_succeeds("timeout 2 ssh -o StrictHostKeyChecking=accept-new -v root@installer hostname")
client.wait_until_succeeds("timeout 2 ssh -o StrictHostKeyChecking=accept-new -v nonrootuser@installer hostname")
client.succeed("cp -r ${../..} test-flake && chmod -R +w test-flake")
client.fail("test -f test-flake/machines/test-install-machine-without-system/hardware-configuration.nix")
client.fail("test -f test-flake/machines/test-install-machine-without-system/facter.json")
client.succeed("clan machines update-hardware-config --flake test-flake test-install-machine-without-system root@installer >&2")
client.succeed("clan machines update-hardware-config --flake test-flake test-install-machine-without-system nonrootuser@installer >&2")
client.succeed("test -f test-flake/machines/test-install-machine-without-system/facter.json")
client.succeed("rm test-flake/machines/test-install-machine-without-system/facter.json")
client.succeed("clan machines install --debug --flake test-flake --yes test-install-machine-without-system --target-host root@installer --update-hardware-config nixos-facter >&2")
client.succeed("clan machines install --debug --flake test-flake --yes test-install-machine-without-system --target-host nonrootuser@installer --update-hardware-config nixos-facter >&2")
try:
installer.shutdown()
except BrokenPipeError:

5
pkgs/clan-cli/clan_cli/machines/hardware.py
View File

@@ -135,6 +135,11 @@ def generate_machine_hardware_info(opts: HardwareGenerateOptions) -> HardwareCon
]
host = machine.target_host
# HACK: to make non-root user work
if host.user != "root":
config_command.insert(0, "sudo")
cmd = nix_shell(
[
"nixpkgs#openssh",

40
pkgs/clan-cli/clan_cli/ssh/upload.py
View File

@@ -64,8 +64,24 @@ def upload(
*host.ssh_cmd(),
"--",
*priviledge_escalation,
"bash", "-c", "exec \"$@\"", "--",
f"rm -r {remote_dest!s} ; mkdir -m {dir_mode:o} -p {str(remote_dest)} && tar -C {str(remote_dest)} -xzf -",
"bash",
"-c",
'exec "$@"',
"--",
"rm",
"-r",
str(remote_dest),
"mkdir",
"-m",
f"{dir_mode:o}",
"-p",
str(remote_dest),
"&&",
"tar",
"-C",
str(remote_dest),
"-xzf",
"-",
]
else:
# For single file, extract to parent directory and ensure correct name
@@ -73,8 +89,24 @@ def upload(
*host.ssh_cmd(),
"--",
*priviledge_escalation,
"bash", "-c", "exec \"$@\"", "--",
f"rm -f {str(remote_dest)} ; mkdir -m {dir_mode:o} -p {str(remote_dest.parent)} && tar -C {str(remote_dest.parent)} -xzf -",
"bash",
"-c",
'exec "$@"',
"--",
"rm",
"-r",
str(remote_dest),
"mkdir",
"-m",
f"{dir_mode:o}",
"-p",
str(remote_dest.parent),
"&&",
"tar",
"-C",
str(remote_dest.parent),
"-xzf",
"-",
]
# TODO accept `input` to be an IO object instead of bytes so that we don't have to read the tarfile into memory.