support ssh option values containing spaces

Reviewed-on: fediversity/fediversity#546

deployment/check/data-model-ssh/nixosTest.nix

@@ -19,10 +19,6 @@ let
 in
 {
   _class = "nixosTest";
-  imports = [
-    ./options.nix
-  ];
-
   name = "deployment-model";
   sourceFileset = lib.fileset.unions [
     ../../data-model.nix
@@ -31,7 +27,6 @@ in
     ../../run/ssh-single-host/run.sh
     ../../../npins/default.nix
     ../../../npins/sources.json
-    ./options.nix
     ./constants.nix
   ];
 

deployment/check/data-model-ssh/options.nix

@@ -1,15 +0,0 @@
-{
-  lib,
-  ...
-}:
-let
-  inherit (lib) mkOption types;
-in
-{
-  options = {
-    targetSystem = mkOption {
-      type = types.str;
-      description = "name of the host to deploy to";
-    };
-  };
-}

deployment/check/data-model-tf/nixosTest.nix

@@ -28,10 +28,6 @@ let
 in
 {
   _class = "nixosTest";
-  imports = [
-    ./options.nix
-  ];
-
   name = "deployment-model";
   sourceFileset = lib.fileset.unions [
     ../../run/tf-single-host/run.sh

deployment/check/data-model-tf/options.nix

@@ -1,25 +0,0 @@
-{
-  lib,
-  ...
-}:
-let
-  inherit (lib) mkOption types;
-in
-{
-  options = {
-    targetSystem = mkOption {
-      type = types.str;
-      description = "name of the host to deploy to";
-    };
-    sshOpts = mkOption {
-      description = "Extra SSH options (`-o`) to use.";
-      type = types.listOf types.str;
-      default = [ ];
-      example = "ConnectTimeout=60";
-    };
-    httpBackend = mkOption {
-      description = "environment variables to configure the TF HTTP back-end, see <https://developer.hashicorp.com/terraform/language/backend/http#configuration-variables>";
-      type = types.attrsOf (types.either types.str types.int);
-    };
-  };
-}

deployment/check/proxmox/proxmoxTest.nix

@@ -15,7 +15,7 @@ in
 {
   name = "proxmox-basic";
 
-  nodes.mypve =
+  nodes.pve =
     { sources, ... }:
     {
       imports = [
@@ -44,41 +44,41 @@ in
     };
 
   testScript = ''
-    machine.start()
-    machine.wait_for_unit("pveproxy.service")
-    assert "running" in machine.succeed("pveproxy status")
+    pve.start()
+    pve.wait_for_unit("pveproxy.service")
+    assert "running" in pve.succeed("pveproxy status")
 
     # Copy Iso
-    machine.succeed("mkdir -p /var/lib/vz/template/iso/")
-    machine.succeed("cp ${minimalIso} /var/lib/vz/template/iso/minimal.iso")
+    pve.succeed("mkdir -p /var/lib/vz/template/iso/")
+    pve.succeed("cp ${minimalIso} /var/lib/vz/template/iso/minimal.iso")
 
     # Declarative VM creation
-    machine.wait_for_unit("multi-user.target")
-    machine.succeed("qm stop 100 --timeout 0")
+    pve.wait_for_unit("multi-user.target")
+    pve.succeed("qm stop 100 --timeout 0")
 
     # Seabios VM creation
-    machine.succeed(
+    pve.succeed(
       "qm create 101 --kvm 0 --bios seabios -cdrom local:iso/minimal.iso",
       "qm start 101",
       "qm stop 101 --timeout 0"
     )
 
     # Legacy ovmf vm creation
-    machine.succeed(
+    pve.succeed(
       "qm create 102 --kvm 0 --bios ovmf -cdrom local:iso/minimal.iso",
       "qm start 102",
       "qm stop 102 --timeout 0"
     )
 
     # UEFI ovmf vm creation
-    machine.succeed(
+    pve.succeed(
       "qm create 103 --kvm 0 --bios ovmf --efidisk0 local:4,efitype=4m -cdrom local:iso/minimal.iso",
       "qm start 103",
       "qm stop 103 --timeout 0"
     )
 
     # UEFI ovmf vm creation with secure boot
-    machine.succeed(
+    pve.succeed(
       "qm create 104 --kvm 0 --bios ovmf --efidisk0 local:4,efitype=4m,pre-enrolled-keys=1 -cdrom local:iso/minimal.iso",
       "qm start 104",
       "qm stop 104 --timeout 0"

deployment/run/ssh-single-host/run.sh

@@ -1,23 +1,33 @@
 #! /usr/bin/env bash
 set -xeuo pipefail
 declare username host key_file ssh_opts nixos_conf
-IFS=" " read -r -a ssh_opts <<< "$( (echo "$ssh_opts" | jq -r '@sh') | tr -d \'\")"
+readarray -t ssh_opts < <(echo "$ssh_opts" | jq -r '.[]')
 
 # DEPLOY
-sshOpts=(
+sshOptsInit=(
   -o BatchMode=yes
   -o StrictHostKeyChecking=no
 )
-for ssh_opt in "${ssh_opts[@]}"; do
-  sshOpts+=(
-    -o "$ssh_opt"
-  )
-done
 if [[ -n "$key_file" ]]; then
-  sshOpts+=(
+  sshOptsInit+=(
     -i "$key_file"
   )
 fi
+# [@] will quote variables containing spaces itself
+sshOptsAt=("${sshOptsInit[@]}")
+for ssh_opt in "${ssh_opts[@]}"; do
+  sshOptsAt+=(
+    -o "${ssh_opt}"
+  )
+done
+# [*] needs manual quoting
+sshOptsAsterisk=("${sshOptsInit[@]}")
+for ssh_opt in "${ssh_opts[@]}"; do
+  sshOptsAsterisk+=(
+    -o "\"${ssh_opt}\""
+  )
+done
+
 destination="$username@$host"
 
 command=(nix-instantiate --show-trace "${nixos_conf}")
@@ -32,9 +42,9 @@ command=(nix-instantiate --show-trace "${nixos_conf}")
 # FIXME explore import/readFile as ways to instantiate the derivation, potentially allowing to realize the store path up-front from Nix?
 outPath=$(nix-store --realize "$("${command[@]}" -A config.system.build.toplevel.drvPath --eval --strict --json | jq -r '.')")
 # deploy the config by nix-copy-closure
-NIX_SSHOPTS="${sshOpts[*]}" nix-copy-closure --to "$destination" "$outPath" --gzip --use-substitutes
+NIX_SSHOPTS="${sshOptsAsterisk[*]}" nix-copy-closure --to "$destination" "$outPath" --gzip --use-substitutes
 # switch the remote host to the config
 # shellcheck disable=SC2029
-ssh "${sshOpts[@]}" "$destination" "nix-env --profile /nix/var/nix/profiles/system --set $outPath"
+ssh "${sshOptsAt[@]}" "$destination" "nix-env --profile /nix/var/nix/profiles/system --set $outPath"
 # shellcheck disable=SC2029
-ssh -o "ConnectTimeout=1" -o "ServerAliveInterval=1" "${sshOpts[@]}" "$destination" "nohup $outPath/bin/switch-to-configuration switch &" 2>&1
+ssh -o "ConnectTimeout=5" -o "ServerAliveInterval=1" "${sshOptsAt[@]}" "$destination" "nohup env $outPath/bin/switch-to-configuration switch &" 2>&1