diff options
| -rwxr-xr-x | deploy_nixos | 1 | ||||
| -rwxr-xr-x | deploy_passwords | 4 | ||||
| -rwxr-xr-x | restic_summary (renamed from restic-summary) | 0 | ||||
| -rwxr-xr-x | sshtool | 17 |
4 files changed, 16 insertions, 6 deletions
diff --git a/deploy_nixos b/deploy_nixos index 4f8aa2a..2b4235a 100755 --- a/deploy_nixos +++ b/deploy_nixos @@ -11,7 +11,6 @@ if [ "$CLUSTER" = "staging" ]; then copy nix/nomad-driver-nix2.nix /etc/nixos/nomad-driver-nix2.nix fi - if [ "$CLUSTER" = "prod" ]; then cmd nixos-rebuild boot message "-------------------------------------------------------------------------------------" diff --git a/deploy_passwords b/deploy_passwords index 37c2143..3b21ff3 100755 --- a/deploy_passwords +++ b/deploy_passwords @@ -1,5 +1,3 @@ #!/usr/bin/env ./sshtool -write_pass deuxfleurs/cluster/$CLUSTER/passwords /root/deploy_tmp_passwords -cmd 'chpasswd -e < /root/deploy_tmp_passwords' -cmd rm /root/deploy_tmp_passwords +pipe_pass deuxfleurs/cluster/$CLUSTER/passwords "chpasswd -e" diff --git a/restic-summary b/restic_summary index 38e9433..38e9433 100755 --- a/restic-summary +++ b/restic_summary @@ -1,10 +1,11 @@ #!/usr/bin/env bash -cd $(dirname $0) - CMDFILE="$1" shift 1 +cd $(dirname $CMDFILE) +CMDFILE=./$(basename $CMDFILE) + CLUSTER="$1" if [ -z "$CLUSTER" ] || [ ! -d "cluster/$CLUSTER" ]; then echo "Usage: $CMDFILE <cluster name>" @@ -36,6 +37,7 @@ EOG chmod +x /tmp/deploytool_askpass export SUDO_ASKPASS=/tmp/deploytool_askpass sudo -A sh - <<'EOEVERYTHING' +set -e EOF } @@ -97,6 +99,17 @@ chmod 0600 $TO EOF } +function pipe_pass { + local PASSKEY=$1 + local CMD=$2 + cat <<EOF +echo '- pipe secret $PASSKEY to command $CMD' +base64 -d <<EOG | $CMD > /dev/null +$(pass $PASSKEY | base64) +EOG +EOF +} + for NIXHOST in $NIXHOSTLIST; do NIXHOST=${NIXHOST%.*} |