From ccf32a3172a8baf33a31785365d41a8cfb5ea704 Mon Sep 17 00:00:00 2001
From: Alexander Tomokhov <alexoundos@gmail.com>
Date: Wed, 29 Nov 2023 08:53:23 +0400
Subject: [PATCH] drone: pass USER_PASS without base64

---
 .drone.yml   |  2 +-
 nixos-infect | 16 ++++++----------
 2 files changed, 7 insertions(+), 11 deletions(-)

diff --git a/.drone.yml b/.drone.yml
index 19d8be6..5147cf3 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -18,7 +18,7 @@ steps:
   commands:
   # Create infect user script and then push it to a remote machine on server creation.
   - echo '#! /usr/bin/env bash' > infect.sh
-  - echo "curl https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-infect/raw/branch/$INFECT_SOURCE_BRANCH/nixos-infect | PROVIDER=hetzner DOMAIN=$DOMAIN LUSER=cicdcicd ENCODED_PASSWORD=\"$(printf $USER_PASS | base64)\" CF_TOKEN=$CLOUDFLARE_TOKEN DB_PASSWORD=$USER_PASS API_TOKEN=$USER_PASS HOSTNAME=selfprivacy-ci-test DNS_PROVIDER_TYPE=CLOUDFLARE STAGING_ACME=false NIX_VERSION=2.18.1 NIXOS_CONFIG_NAME=sp-nixos CONFIG_URL=https://git.selfprivacy.org/api/v1/repos/SelfPrivacy/selfprivacy-nixos-template/archive/master.tar.gz bash 2>&1 | tee /root/infect.log" >> infect.sh
+  - echo "curl https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-infect/raw/branch/$INFECT_SOURCE_BRANCH/nixos-infect | PROVIDER=hetzner DOMAIN=$DOMAIN LUSER=cicdcicd USER_PASS=\"$USER_PASS\" CF_TOKEN=$CLOUDFLARE_TOKEN DB_PASSWORD=\"$USER_PASS\" API_TOKEN=\"$USER_PASS\" HOSTNAME=selfprivacy-ci-test DNS_PROVIDER_TYPE=CLOUDFLARE STAGING_ACME=true NIX_VERSION=2.18.1 NIXOS_CONFIG_NAME=sp-nixos CONFIG_URL=https://git.selfprivacy.org/api/v1/repos/SelfPrivacy/selfprivacy-nixos-template/archive/master.tar.gz bash 2>&1 | tee /root/infect.log" >> infect.sh
   - http -v --check-status --ignore-stdin POST https://api.hetzner.cloud/v1/servers Authorization:"Bearer $PASSWORD" name=ci-sibling server_type=cx11 start_after_create:=true image=ubuntu-20.04 user_data=@infect.sh automount:=false location=fsn1
 
 - name: dns
diff --git a/nixos-infect b/nixos-infect
index bee7908..06bf51a 100755
--- a/nixos-infect
+++ b/nixos-infect
@@ -13,7 +13,7 @@
 : "${STAGING_ACME:?STAGING_ACME variable is not set}"
 : "${CF_TOKEN:?CF_TOKEN variable is not set}"
 : "${DB_PASSWORD:?DB_PASSWORD variable is not set}"
-: "${ENCODED_PASSWORD:?ENCODED_PASSWORD variable is not set}"
+: "${USER_PASS:?USER_PASS variable is not set}"
 : "${NIX_VERSION:?NIX_VERSION variable is not set}"
 : "${NIXOS_CONFIG_NAME:?NIXOS_CONFIG_NAME variable is not set}"
 : "${CONFIG_URL:?CONFIG_URL variable is not set}"
@@ -23,9 +23,8 @@ readonly SECRETS_FILEPATH="/etc/selfprivacy/secrets.json"
 
 # Merge original userdata.json with deployment specific fields and print result.
 genUserdata() {
-  local password HASHED_PASSWORD userdata_infect
-  password=$(printf "%s" "$ENCODED_PASSWORD" | base64 --decode)
-  HASHED_PASSWORD=$(mkpasswd -m sha-512 "$password")
+  local HASHED_PASSWORD userdata_infect
+  HASHED_PASSWORD="$(mkpasswd -m sha-512 "$USER_PASS")"
 
   userdata_infect=$(cat << EOF
 {
@@ -49,9 +48,6 @@ EOF
 }
 
 genSecrets() {
-  local ESCAPED_PASSWORD
-  ESCAPED_PASSWORD=$(printf "%s" "$ENCODED_PASSWORD" | base64 --decode | jq -Rs .)
-
   cat << EOF
 {
     "api": {
@@ -64,11 +60,11 @@ genSecrets() {
     },
     "modules": {
         "nextcloud": {
-            "adminPassword": $ESCAPED_PASSWORD,
-            "databasePassword": $ESCAPED_PASSWORD
+            "adminPassword": "$USER_PASS",
+            "databasePassword": "$USER_PASS"
         }
     },
-    "resticPassword": $ESCAPED_PASSWORD
+    "resticPassword": "$USER_PASS"
 }
 EOF
 }