From e6a8714e624bc6c04a53a7e2f5424ea8c9005502 Mon Sep 17 00:00:00 2001
From: Ricard Illa <ricard@trkkn.com>
Date: Fri, 23 Sep 2022 10:32:48 +0200
Subject: [PATCH] rsyncd password handled by gopass

---
 acme_rsync_caladan/Makefile | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/acme_rsync_caladan/Makefile b/acme_rsync_caladan/Makefile
index ab5cb87..31431b9 100644
--- a/acme_rsync_caladan/Makefile
+++ b/acme_rsync_caladan/Makefile
@@ -23,15 +23,20 @@ KEY=$(CERT_PATH)/$(DOMAIN).key
 $(CERT): sync_certs
 $(KEY): sync_certs
 
-REMOTE_ACME_PATH=rsync://user@narwhal/acme
-RSYNCD_PASSWD=/srv/secrets/rsyncd_password
+RSYNCD_HOST=narwhal
+RSYNCD_USER=user
+
+GOPASS=doas -u gopass gopass
+RSYNC_PASSWORD = $(shell $(GOPASS) $(RSYNCD_HOST)/rsyncd/$(RSYNCD_USER))
+
+REMOTE_ACME_PATH=rsync://$(RSYNCD_USER)@$(RSYNCD_HOST)/acme
 RSYNC_OPTS=--archive --delete --acls --xattrs --compress --verbose --human-readable
 
 sync_certs:
 	mkdir -p $(ACME_DIR)
+	RSYNC_PASSWORD=$(RSYNC_PASSWORD); \
 	rsync \
 		$(RSYNC_OPTS) \
-		--password-file=$(RSYNCD_PASSWD) \
 		$(REMOTE_ACME_PATH) \
 		$(ACME_DIR)