Add a integration where the sudo password can be specified in a sops encrypted file

[weriomat]

As I use sudo on my machines (to elevate the privileges from the "deploy" user) and don't want to manually type the sudo password every time I run a deployment, I implemented a solution where the password is retrieved from a sops encrypted file. This is especially nice since I use sops-nix to set the password of the user and now can reuse this fact to run the deployment.

In particular, we need to specify sudoFile as well as sudoSecret for a node. I introduced a NixOS test for this use case as well as provided an example and explained on how sudoSecrets works. Currently, the only drawback I see with this approach is that SOPS_AGE_KEY_FILE (sops will look for age private keys under $XDG_CONFIG_HOME/sops/age/keys.txt by default) will not be respected by this implementation and therefore forcing users to put the keys under the aforementioned directory (I have not tested that it won't work, but I assume that).

P.S. The flake under example/sops currently points to my fork and should be changed when this gets merged :)

[cinderisles]

@weriomat I tried your fork on the master branch and kept running into an issue with parsing the sops YAML file

in my case, my secrets.yaml looks like this

userPassword: some-password-hash # for use with hashedPasswordFile to set the password for another user
deployPassword: some password 

This caused an error parsing the interface.json file on this line which uses check-jsonschema.

Your example yaml like below worked, but that error would happen if I tried to add anything else

password:
  deploy: something

Seems like check-jsonschema uses this for JSON schema, so I just changed the type for sudoFile from "path" to "string"

This one commit in my fork seems to be enough to fix it based on my testing

https://github.com/cinderisles/deploy-rs/commit/bda69b40445696f8813daccc5669a43d4166164f

[weriomat]

Thank you for investigating this fix, I will update