Unverified Commit 76d4d46b authored by r-vdp's avatar r-vdp
Browse files

nixos-rebuild: set SSHOPTS earlier so that we resolve the correct hostname 

Before, when using things like proxy jumps, we would end up with the hostname of either localhost or the jump host (depending on whether you configure the jumphost in your ssh config file or in the SSHOPTS) instead of the hostname of the target host.

I was running the following command:
```bash
NIX_SSHOPTS='-p 6016 -J username@jumphost' nixos-rebuild --verbose --flake '.#' --target-host localhost --use-remote-sudo --fast build
```

and what was getting built was `nixosConfigurations.<localhost hostname>` instead of `nixosConfigurations.<remote hostname>`, because the SSH connection to determine the hostname didn't have the NIX_SSHOPTS added to it yet.

So I simply moved the logic to set up the tmp dir and set the SSHOPTS a bit higher up.
parent 57632143

pkgs/os-specific/linux/nixos-rebuild/nixos-rebuild.sh

+19 −19
Original line number Diff line number Diff line
@@ -427,6 +427,25 @@ if [[ -z $flake && -e /etc/nixos/flake.nix && -z $noFlake ]]; then 
    flake="$(dirname "$(readlink -f /etc/nixos/flake.nix)")"

fi



tmpDir=$(mktemp -t -d nixos-rebuild.XXXXXX)



if [[ ${#tmpDir} -ge 60 ]]; then

    # Very long tmp dirs lead to "too long for Unix domain socket"

    # SSH ControlPath errors. Especially macOS sets long TMPDIR paths.

    rmdir "$tmpDir"

    tmpDir=$(TMPDIR= mktemp -t -d nixos-rebuild.XXXXXX)

fi



cleanup() {

    for ctrl in "$tmpDir"/ssh-*; do

        ssh -o ControlPath="$ctrl" -O exit dummyhost 2>/dev/null || true

    done

    rm -rf "$tmpDir"

}

trap cleanup EXIT



SSHOPTS="$NIX_SSHOPTS -o ControlMaster=auto -o ControlPath=$tmpDir/ssh-%n -o ControlPersist=60"



# For convenience, use the hostname as the default configuration to

# build from the flake.

if [[ -n $flake ]]; then
@@ -450,23 +469,6 @@ if [[ ! -z "$specialisation" && ! "$action" = switch && ! "$action" = test ]]; t 
    exit 1

fi



tmpDir=$(mktemp -t -d nixos-rebuild.XXXXXX)



if [[ ${#tmpDir} -ge 60 ]]; then

    # Very long tmp dirs lead to "too long for Unix domain socket"

    # SSH ControlPath errors. Especially macOS sets long TMPDIR paths.

    rmdir "$tmpDir"

    tmpDir=$(TMPDIR= mktemp -t -d nixos-rebuild.XXXXXX)

fi



cleanup() {

    for ctrl in "$tmpDir"/ssh-*; do

        ssh -o ControlPath="$ctrl" -O exit dummyhost 2>/dev/null || true

    done

    rm -rf "$tmpDir"

}

trap cleanup EXIT





# Re-execute nixos-rebuild from the Nixpkgs tree.

if [[ -z $_NIXOS_REBUILD_REEXEC && -n $canRun && -z $fast ]]; then
@@ -510,8 +512,6 @@ if [ "$action" = edit ]; then 
    exit 1

fi



SSHOPTS="$NIX_SSHOPTS -o ControlMaster=auto -o ControlPath=$tmpDir/ssh-%n -o ControlPersist=60"



# First build Nix, since NixOS may require a newer version than the

# current one.

if [[ -n "$rollback" || "$action" = dry-build ]]; then