From 4a4fb4158f513fdcf34dabe52d1640dddeaaa7cf Mon Sep 17 00:00:00 2001
From: adam <git@adamrgrey.com>
Date: Fri, 6 Dec 2024 17:06:04 -0500
Subject: [PATCH] new plan. forget end-document, doesn't cooperate.

---
 scripts/1clickservice.groovy | 21 ++++++++++-----------
 scripts/serviceaccount.sh    | 20 ++++++++++++++++++++
 2 files changed, 30 insertions(+), 11 deletions(-)
 create mode 100644 scripts/serviceaccount.sh

diff --git a/scripts/1clickservice.groovy b/scripts/1clickservice.groovy
index 8aed678..1947271 100644
--- a/scripts/1clickservice.groovy
+++ b/scripts/1clickservice.groovy
@@ -13,6 +13,7 @@ pipeline {
         SUDOERSSH = credentials('2c48e1a9-22b2-455c-9959-6b29e86d3fb5')
         JENKINS = credentials('68391381-e095-4b47-b956-d23055b0808e')
         GITEATOKEN = credentials('d0e86441-2157-405f-8539-a9a9010c6ecf')
+        GITEA_USR='jenkins'
     }
     stages {
         stage("environment setup") {
@@ -217,18 +218,16 @@ pipeline {
                     {
                         sh """#!/bin/bash
                             ssh-keyscan -t ed25519 ${targetHost} >> ~/.ssh/known_hosts
+                            cat "${PK}"
 
-                            ssh -i \"${PK}\" -tt ${SUDOER_USR}@${targetHost} username=${servicename} password=${env.pw_linuxserviceaccount} pubkeycontent=${env.pubkeycontent} 'echo "${SUDOER_PSW}" | sudo -Sv && bash -s' << 'ENDSSH'
-                                useradd -m -s /bin/bash \$username
-                                echo "\$username:\$password" | chpasswd
-                                loginctl enable-linger \$username
-                                cd ~/home/\$username
-                                mkdir .ssh
-                                pushd .ssh
-                                echo \$pubkeycontent > authorized_keys
-                                popd
-                                chown -R \$username:\$username .ssh
-                            ENDSSH
+                            curl -u '${env.GITEA_USR}:${env.GITEATOKEN}' https://gitea.arg.rip/greyn/deployment/raw/branch/main/scripts/serviceaccount.sh --output serviceaccount.sh
+                            sed -i 's/USERNAMETOADD=/USERNAMETOADD="${servicename}"/' serviceaccount.sh
+                            sed -i 's/PASSWORDTOADD=/PASSWORDTOADD="${env.pw_linuxserviceaccount}"/' serviceaccount.sh
+                            sed -i 's/PUBKEYCONTENT=/PUBKEYCONTENT="${env.pubkeycontent}"/' serviceaccount.sh
+                            sed -i 's/SUDOER_PSW=/SUDOER_PSW="${SUDOER_PSW}"/' serviceaccount.sh
+
+                            ssh -i \"${PK}\" -tt ${SUDOER_USR}@${targetHost} <serviceaccount.sh
+                            rm serviceaccount.sh
                         """
                     }
                 }
diff --git a/scripts/serviceaccount.sh b/scripts/serviceaccount.sh
new file mode 100644
index 0000000..7bfe7c5
--- /dev/null
+++ b/scripts/serviceaccount.sh
@@ -0,0 +1,20 @@
+#!/bin/bash
+
+USERNAMETOADD=
+PASSWORDTOADD=
+PUBKEYCONTENT=
+SUDOER_PSW=
+
+function restofscript(){
+    useradd -m -s /bin/bash ${USERNAMETOADD}
+    echo "${USERNAMETOADD}:${PASSWORDTOADD}" | chpasswd
+    loginctl enable-linger ${USERNAMETOADD}
+    cd ~/home/${USERNAMETOADD}
+    mkdir .ssh
+    pushd .ssh
+    echo ${PUBKEYCONTENT} > authorized_keys
+    popd
+    chown -R "${USERNAMETOADD}:${USERNAMETOADD}' .ssh
+}
+
+echo "${SUDOER_PSW}" | sudo -S restofscript
\ No newline at end of file