# shellcheck shell=bash

install -d -m 700 "$GNUPGHOME"

KEYS="$HOME/.config/sops-nix/secrets/gpg"

import_key() {
  local keyfile="$1/key"
  local passfile="$1/pass"

  if [[ -f "$passfile" ]]; then
    gpg2 --batch --yes --pinentry-mode loopback --passphrase-file "$passfile" --import "$keyfile"
  else
    gpg2 --batch --yes --import "$keyfile"
  fi

  gpg2 --with-colons --import-options show-only --import "$keyfile" \
    | grep '^fpr' \
    | cut -d: -f10 \
    | while read -r key_id; do
        echo "$key_id:6:" >> "$GNUPGHOME/otrust.txt"
      done
}

if [[ -f "$KEYS/key" ]]; then import_key "$KEYS"; fi

for dir in "$KEYS"/*; do
  if [[ ! -d "$dir" ]]; then continue; fi
  if [[ -f "$dir/key" ]]; then import_key "$dir"; fi
done

gpg2 --import-ownertrust "$GNUPGHOME/otrust.txt"
rm "$GNUPGHOME/otrust.txt"