set -o errexit
#set -o pipefail

if [ ! -e flake.nix ]
    then
    echo "flake.nix not found. Searching down."
    while [ ! -e flake.nix ]
        do
        if [ $PWD = "/" ]
            then
            echo "Found root. Aborting."
            exit 1
            else
            cd ..
        fi
    done
fi

read -p "Enter new host name: " hostname

if [ "$hostname" = "" ]; then exit 0
fi

pwpath="machines/$hostname/secrets"
hostkey="ssh_host_ed25519_key"
initrdkey="initrd_ed25519_key"

mkdir -p "$pwpath"
cd "$pwpath"

# Generate SSH keys
ssh-keygen -f $hostkey -t ed25519 -N "" -C "root@$host"
ssh-keygen -f $initrdkey -t ed25519 -N "" -C "root@$host-initrd"
wg genkey > wg.private
publickey=$(cat wg.private | wg pubkey)

#encrypt the private keys
sops -e -i ./$hostkey
sops -e -i ./$initrdkey
sops -e -i ./wg.private

#generate encryption key
tr -dc 'A-Za-z0-9' < /dev/urandom | head -c 20 > disk.key
sops -e -i ./disk.key

# Info
echo
echo "Hier ist der age public key für sops etc:"
echo "$(ssh-to-age -i ./"$hostkey".pub)"
echo
echo "Hier ist der wireguard pubkey für das gerät"
echo "$publickey"
echo 
echo "Hier ist eine reproduzierbare mac-addresse:"
echo "$hostname"|md5sum|sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/02:\1:\2:\3:\4:\5/'

exit 0