Use password via stdin, and store the snapshot image configuration.nix

5 files changed, 3 insertions, 4 deletions

diff --git a/TODOs.org b/TODOs.org
index 0df6ab4..bd38b22 100644
--- a/TODOs.org
+++ b/TODOs.org
@@ -1,6 +1,4 @@
 * Tasks - v4
-** TODO Run =sudo= as =nixos= user in server
-** TODO Change from =nixos= user to =andreh= user
 ** TODO nginx magic =sslCiphers= value
 Why not the default? What do those mean?
 ** TODO cron: borg and nixos update
diff --git a/nixos-update.sh b/nixos-update.sh
index bcadfd6..b4deb7e 100755
--- a/nixos-update.sh
+++ b/nixos-update.sh
@@ -7,5 +7,6 @@ cd "$(dirname "${BASH_SOURCE[0]}")"
 git crypt unlock
 direnv allow
 
-envsubst < vps-configuration.env.nix | ssh "$TLD" 'cat > /etc/nixos/configuration.nix'
-ssh "$TLD" sudo nixos-rebuild switch --upgrade
+envsubst < vps-configuration.env.nix | ssh "$TLD" 'cat > /tmp/tmp.nix'
+echo "${USER_PASSWORD}" | ssh "$TLD" sudo -S mv /tmp/tmp.nix /etc/nixos/configuration.nix
+echo "${USER_PASSWORD}" | ssh "$TLD" sudo -S -i nixos-rebuild switch --upgrade
diff --git a/secrets/nix/e1d5f317b0f7a-snapshot-configuration.nix b/secrets/nix/e1d5f317b0f7a-snapshot-configuration.nix
new file mode 100644
index 0000000..46b7d09
--- /dev/null
+++ b/secrets/nix/e1d5f317b0f7a-snapshot-configuration.nix
diff --git a/secrets/secret-envrc.sh b/secrets/secret-envrc.sh
index 214ac25..2a750f4 100644
--- a/secrets/secret-envrc.sh
+++ b/secrets/secret-envrc.sh
diff --git a/vps-configuration.nix b/vps-configuration.env.nix
index 8afa57d..8afa57d 100644
--- a/vps-configuration.nix
+++ b/vps-configuration.env.nix