#!/usr/bin/env bash

if [[ "$#" -ne 2 ]]; then
  echo "Usage: $0 <host> <sops-master-key>"
  exit 1
fi

HOST="$1"

mkdir -p "./hosts/${HOST}/secrets"

ssh-keygen -t ed25519 -f "./hosts/${HOST}/secrets/ssh_host_ed25519_key" -N ""

AGE_KEY=$(nix shell nixpkgs#ssh-to-age --command bash -c "cat './hosts/${HOST}/secrets/ssh_host_ed25519_key.pub' | ssh-to-age")

for SOPS_FILE in $(find . -type f -name "sops.yaml"); do
  sed -i "/- hosts:/a\    - &${HOST} ${AGE_KEY}" "${SOPS_FILE}"
  sed -i "/- age:/a\        - *${HOST}" "${SOPS_FILE}"
done

sed -i "/knownHosts = {/a\      ${HOST}.publicKeyFile = ../../../../${HOST}/secrets/ssh_host_ed25519_key.pub;" ./hosts/common/system/configs/ssh/default.nix

"$(dirname "$0")/update-keys.sh" "$2"

echo "Host ${HOST} has been successfully added."
echo "Please generate SSH key pairs for any users that need to connect to user@host."
echo "Use the following command:"
echo "ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519_${HOST}_<user>"