#!/usr/bin/env bash

# fail on errors
set -eo pipefail

die() {
  echo >&2 "$@"
  exit 1
}

# set up target folder
TARGET="$1"
[[ -z "$TARGET" || -d "$TARGET" ]] && die "specify a non-existent path as a first argument"

mkdir "$TARGET"
pushd "$TARGET" >/dev/null

# host keys
echo "Generating SSH host keys.."
ssh-keygen -t ed25519 -f ./host -q -N "" -C ""

# host pubkey -> age key
echo "AGE key is: $(cat ./host.pub | ssh-to-age)"

# host keys (initrd)
echo "Generating SSH host keys.. (initrd)"
ssh-keygen -t ed25519 -f ./host_initrd -q -N "" -C ""

# luks pw
echo "Generating LUKS password file.."
echo -n "$(openssl rand -base64 24)" > ./luks-pw

# we are done
popd >/dev/null
echo -e "Finished generating keys." \
        "Delete them or put them somewhere else once you're done with them."