cleanup

deploy_nixos

@@ -11,7 +11,6 @@ if [ "$CLUSTER" = "staging" ]; then
 	copy nix/nomad-driver-nix2.nix /etc/nixos/nomad-driver-nix2.nix
 fi
 
-
 if [ "$CLUSTER" = "prod" ]; then
 	cmd nixos-rebuild boot
 	message "-------------------------------------------------------------------------------------"

deploy_passwords

@@ -1,5 +1,3 @@
 #!/usr/bin/env ./sshtool
 
-write_pass deuxfleurs/cluster/$CLUSTER/passwords /root/deploy_tmp_passwords
+pipe_pass deuxfleurs/cluster/$CLUSTER/passwords "chpasswd -e"
-cmd 'chpasswd -e < /root/deploy_tmp_passwords'
-cmd rm /root/deploy_tmp_passwords

sshtool

@@ -1,10 +1,11 @@
 #!/usr/bin/env bash
 
-cd $(dirname $0)
-
 CMDFILE="$1"
 shift 1
 
+cd $(dirname $CMDFILE)
+CMDFILE=./$(basename $CMDFILE)
+
 CLUSTER="$1"
 if [ -z "$CLUSTER" ] || [ ! -d "cluster/$CLUSTER" ]; then
 	echo "Usage: $CMDFILE <cluster name>"
@@ -36,6 +37,7 @@ EOG
 chmod +x /tmp/deploytool_askpass
 export SUDO_ASKPASS=/tmp/deploytool_askpass
 sudo -A sh - <<'EOEVERYTHING'
+set -e
 EOF
 }
 
@@ -97,6 +99,17 @@ chmod 0600 $TO
 EOF
 }
 
+function pipe_pass {
+	local PASSKEY=$1
+	local CMD=$2
+	cat <<EOF
+echo '- pipe secret $PASSKEY to command $CMD'
+base64 -d <<EOG | $CMD > /dev/null
+$(pass $PASSKEY | base64)
+EOG
+EOF
+}
+
 for NIXHOST in $NIXHOSTLIST; do
 	NIXHOST=${NIXHOST%.*}