set -o errexit
set -o pipefail

if [ $# -lt 2 ]; then
  echo
  echo "Install NixOS to the host system with secrets and encryption"
  echo "Usage: $0 <hostname> <ip> (user)"
  exit 1
fi

if [ ! -e flake.nix ]
    then
    echo "flake.nix not found. Searching down."
    while [ ! -e flake.nix ]
        do
        if [ $PWD = "/" ]
            then
            echo "Found root. Aborting."
            exit 1
            else
            cd ..
        fi
    done
fi

hostname=$1
ipaddress=$2

# Create a temporary directory
temp=$(mktemp -d)

# Function to cleanup temporary directory on exit
cleanup() {
  rm -rf "$temp"
}
trap cleanup EXIT

# Create the directory where sshd expects to find the host keys
install -d -m755 "$temp/etc/ssh/"

diskKey=$(sops -d machines/$hostname/disk.key)
echo "$diskKey" > /tmp/secret.key

ssh-keygen -f $temp/etc/ssh/"$hostname" -t ed25519 -N ""
ssh-keygen -f $temp/etc/ssh/initrd -t ed25519 -N ""

# # Set the correct permissions so sshd will accept the key
chmod 600 "$temp/etc/ssh/$hostname"
chmod 600 "$temp/etc/ssh/initrd"

# Install NixOS to the host system with our secrets and encription
# optional --build-on-remote
if [ $# = 3 ]
  then
  nix run github:numtide/nixos-anywhere -- --extra-files "$temp"   \
 --disk-encryption-keys /tmp/secret.key /tmp/secret.key --flake .#$hostname $3@$ipaddress

else
nix run github:numtide/nixos-anywhere -- --extra-files "$temp"   \
 --disk-encryption-keys /tmp/secret.key /tmp/secret.key --flake .#$hostname root@$ipaddress
fi