nix-eval move to lessen secrets in store

lib/deploy.nix

@@ -3,7 +3,7 @@
 with pkgs.lib;
 
 (mapAttrs (name: hosts:
-  pkgs.writeScript "deploy-group-${name}" ''
+  ''
     #!${pkgs.runtimeShell}
     export PATH=
     ${concatMapStrings (host: ''

modules/nixos/deploy/default.nix

@@ -53,8 +53,7 @@ in {
     }) config.deploy.profiles);
     deploy.groups = [ "all" ];
 
-    system.build.deployScript =
-      pkgs.writeScript "deploy-${config.networking.hostName}" ''
+    system.build.deployScript = ''
         #!${pkgs.runtimeShell}
         set -xeo pipefail
         export PATH=${with pkgs; lib.makeBinPath [ coreutils openssh nix ]}

nyx

@@ -5,7 +5,7 @@ usage() {
     echo example: $0 build samhain boot
 }
 
-build() {
+deploy() {
     HOST=$1
     if [ $# -gt 2 ]; then
         METHOD=$2
@@ -13,7 +13,7 @@ build() {
         METHOD="switch"
     fi
 
-    nix build -f . deploy.$HOST && ./result $METHOD
+    nix eval --raw deploy.${HOST} -f . | bash -s -- ${METHOD}
 }
 
 install() {