From 827987d2018ce1a48697b10c039c3cf2ec0d1a19 Mon Sep 17 00:00:00 2001
From: Alex Auvolat <alex@adnab.me>
Date: Fri, 23 Dec 2022 00:07:02 +0100
Subject: cleanup

---
 deploy_nixos     |  1 -
 deploy_passwords |  4 +---
 restic-summary   |  9 ---------
 restic_summary   |  9 +++++++++
 sshtool          | 17 +++++++++++++++--
 5 files changed, 25 insertions(+), 15 deletions(-)
 delete mode 100755 restic-summary
 create mode 100755 restic_summary

diff --git a/deploy_nixos b/deploy_nixos
index 4f8aa2a..2b4235a 100755
--- a/deploy_nixos
+++ b/deploy_nixos
@@ -11,7 +11,6 @@ if [ "$CLUSTER" = "staging" ]; then
 	copy nix/nomad-driver-nix2.nix /etc/nixos/nomad-driver-nix2.nix
 fi
 
-
 if [ "$CLUSTER" = "prod" ]; then
 	cmd nixos-rebuild boot
 	message "-------------------------------------------------------------------------------------"
diff --git a/deploy_passwords b/deploy_passwords
index 37c2143..3b21ff3 100755
--- a/deploy_passwords
+++ b/deploy_passwords
@@ -1,5 +1,3 @@
 #!/usr/bin/env ./sshtool
 
-write_pass deuxfleurs/cluster/$CLUSTER/passwords /root/deploy_tmp_passwords
-cmd 'chpasswd -e < /root/deploy_tmp_passwords'
-cmd rm /root/deploy_tmp_passwords
+pipe_pass deuxfleurs/cluster/$CLUSTER/passwords "chpasswd -e"
diff --git a/restic-summary b/restic-summary
deleted file mode 100755
index 38e9433..0000000
--- a/restic-summary
+++ /dev/null
@@ -1,9 +0,0 @@
-#!/usr/bin/env bash
-for svc in dovecot consul plume cryptpad; do
-  export RESTIC_REPOSITORY=`pass deuxfleurs/backups/$svc/restic_repository`
-  export RESTIC_PASSWORD=`pass deuxfleurs/backups/$svc/restic_password`
-  export AWS_ACCESS_KEY_ID=`pass deuxfleurs/backups/$svc/aws_s3_access_key`
-  export AWS_SECRET_ACCESS_KEY=`pass deuxfleurs/backups/$svc/aws_s3_secret_key`
-  restic unlock
-  restic snapshots
-done
diff --git a/restic_summary b/restic_summary
new file mode 100755
index 0000000..38e9433
--- /dev/null
+++ b/restic_summary
@@ -0,0 +1,9 @@
+#!/usr/bin/env bash
+for svc in dovecot consul plume cryptpad; do
+  export RESTIC_REPOSITORY=`pass deuxfleurs/backups/$svc/restic_repository`
+  export RESTIC_PASSWORD=`pass deuxfleurs/backups/$svc/restic_password`
+  export AWS_ACCESS_KEY_ID=`pass deuxfleurs/backups/$svc/aws_s3_access_key`
+  export AWS_SECRET_ACCESS_KEY=`pass deuxfleurs/backups/$svc/aws_s3_secret_key`
+  restic unlock
+  restic snapshots
+done
diff --git a/sshtool b/sshtool
index 8719ffa..262f0e3 100755
--- a/sshtool
+++ b/sshtool
@@ -1,10 +1,11 @@
 #!/usr/bin/env bash
 
-cd $(dirname $0)
-
 CMDFILE="$1"
 shift 1
 
+cd $(dirname $CMDFILE)
+CMDFILE=./$(basename $CMDFILE)
+
 CLUSTER="$1"
 if [ -z "$CLUSTER" ] || [ ! -d "cluster/$CLUSTER" ]; then
 	echo "Usage: $CMDFILE <cluster name>"
@@ -36,6 +37,7 @@ EOG
 chmod +x /tmp/deploytool_askpass
 export SUDO_ASKPASS=/tmp/deploytool_askpass
 sudo -A sh - <<'EOEVERYTHING'
+set -e
 EOF
 }
 
@@ -97,6 +99,17 @@ chmod 0600 $TO
 EOF
 }
 
+function pipe_pass {
+	local PASSKEY=$1
+	local CMD=$2
+	cat <<EOF
+echo '- pipe secret $PASSKEY to command $CMD'
+base64 -d <<EOG | $CMD > /dev/null
+$(pass $PASSKEY | base64)
+EOG
+EOF
+}
+
 for NIXHOST in $NIXHOSTLIST; do
 	NIXHOST=${NIXHOST%.*}
 
-- 
cgit v1.2.3