nix/scripts/remove-host.sh

#!/usr/bin/env bash

set -o errexit
set -o nounset
set -o pipefail

if [[ "$#" -ne 2 ]]; then
  echo "Usage: $0 <host> <sops-master-key>"
  exit 1
fi

HOST="$1"

AGE_KEY=$(nix shell nixpkgs#ssh-to-age --command bash -c "cat './hosts/${HOST}/secrets/ssh_host_ed25519_key.pub' | ssh-to-age")

for SOPS_FILE in $(find . -type f -name "sops.yaml"); do
  sed -i "/    - &${HOST} ${AGE_KEY}/d" "${SOPS_FILE}"
  sed -i "/        - \*${HOST}/d" "${SOPS_FILE}"
done

sed -i "/${HOST}/d" ./hosts/common/system/configs/ssh/default.nix
sed -i "/${HOST}/d" ./hosts/common/user/configs/console/ssh/default.nix

"$(dirname "$0")/update-keys.sh" "$2"

rm -rf "./hosts/${HOST}"

echo "Host ${HOST} has been successfully removed."
echo "Please remove SSH key pairs for any users that used to connect to this host."