install-anywhere: Work in completely temporary directory

flake-parts/install-anywhere.nix

@@ -19,7 +19,7 @@ _: {
 
           host="$1"
           destination="$2"
-          root="/tmp/anywhere/$host"
+          root="$(mktemp --directory)"
 
           impermanence="$(nix eval ".#nixosConfigurations.$host.config.custom.persistence.enable")"
           if [ "$impermanence" = true ]; then
@@ -28,7 +28,6 @@ _: {
             ssh_dir="$root/etc/ssh"
           fi
 
-          if [ ! -f "$ssh_dir/ssh_host_ed25519_key" ]; then
           echo "==> Generating new SSH host keys..."
           mkdir --parents "$ssh_dir"
           ssh-keygen -C "root@$host" -f "$ssh_dir/ssh_host_ed25519_key" -N "" -q
@@ -38,21 +37,21 @@ _: {
           echo "$new_age_key" > "hosts/$host/keys/age.pub"
 
           echo "==> Updating SOPS secrets..."
-            if BW_SESSION="$(bw unlock --raw || bw login --raw)"; then
+          BW_SESSION="$(bw unlock --raw || bw login --raw)"
           export BW_SESSION
-            fi
           SOPS_AGE_KEY="$(bw get notes 'admin age-key')"
           export SOPS_AGE_KEY
           SOPS_CONFIG="$(nix build .#sops-config --print-out-paths)"
           export SOPS_CONFIG
           sops updatekeys --yes "hosts/$host/secrets.json"
-          fi
 
           echo "==> Installing system..."
           nix run github:nix-community/nixos-anywhere -- \
             --extra-files "$root" \
             --flake ".#$host" \
             --target-host "$destination"
+
+          rm -rf "$root"
         '';
       };
     };