search

pinpox / lollypops

Lollypop Operations - NixOS Deployment Tool
https://pinpox.github.io/lollypops/
GNU General Public License v3.0
118 stars 17 forks source link

`deploy-secrets` fails if sudo is used #18

Closed pf56 closed 1 year ago

pf56 commented 1 year ago

Trying to deploy secrets to a host with sudo enabled fails with a permissions error.

lollypops.deployment = {
  ssh.user = "deploy";
  sudo.enable = true;
};
[myhost:deploy-secrets] Deploying secrets to: myhost
[myhost:deploy-secrets] Deploying credentials to /var/src/lollypops-secrets/credentials
[myhost:deploy-secrets] bash: line 1: /var/src/lollypops-secrets/credentials: Permission denied

I guess this is a regression introduced by f1f865f41ac7b433da0960b44322acb4d196d1a5 in response to #5. The file is now owned by root:root with 0700, meaning shell redirection will fail if the remote user isn't root.

pinpox commented 1 year ago

Good catch, thank you for the PR!