#!/usr/bin/env bash

# fail on errors
set -e

die() {
  echo >&2 "$@"
  exit 1
}

# parse args
POSITIONAL_ARGS=()
while [[ $# -gt 0 ]]; do
  case $1 in
    -c|--nixos-config)
      NAME="$2"
      shift # past argument
      shift # past value
      ;;
    -k|--key-dir)
      KEYDIR="$2"
      shift # past argument
      shift # past value
      ;;
    *)
      POSITIONAL_ARGS+=("$1") # save positional arg
      shift # past argument
      ;;
  esac
done

# check args
[ ! -f "$KEYDIR/host.pub" ] && die "host pubkey missing!"
[ ! -f "$KEYDIR/host" ] && die "host privkey missing!"
[ ! -f "$KEYDIR/host_initrd.pub" ] && die "host pubkey (initrd) missing!"
[ ! -f "$KEYDIR/host_initrd" ] && die "host privkey (initrd) missing!"
[ ! -f "$KEYDIR/luks-pw" ] && die "luks pw missing!"

# temp work dir
temp=$(mktemp -d)
cleanup() {
  rm -rf "$temp"
}
trap cleanup EXIT

# prepare host keys
echo "Preparing host keys.."
dir="$temp/persist/etc/ssh"
install -d -m755 "$dir"
cp "$KEYDIR/host" "$dir/ssh_host_ed25519_key"
cp "$KEYDIR/host.pub" "$dir/ssh_host_ed25519_key.pub"
chmod 600 "$dir/ssh_host_ed25519_key"

# prepare host keys (initrd)
echo "Preparing host keys.. (initrd)"
dir="$temp/persist/etc/secrets/initrd"
install -d -m755 "$dir"
cp "$KEYDIR/host" "$dir/ssh_host_ed25519_key"
cp "$KEYDIR/host.pub" "$dir/ssh_host_ed25519_key.pub"
chmod 600 "$dir/ssh_host_ed25519_key"

# nixos-anywhere
echo "Starting install.."
nixos-anywhere \
  --disk-encryption-keys "/tmp/luks-pw" "$KEYDIR/luks-pw" \
  --extra-files "$temp" \
  --flake .#$NAME \
  "${POSITIONAL_ARGS[@]}"

echo -e "Finished install.\n" \
        "Make sure to delete the SSH host keys from here if you are done with them."