set -o errexit
#set -o pipefail

if [ ! -e flake.nix ]
    then
    echo "flake.nix not found. Searching down."
    while [ ! -e flake.nix ]
        do
        if [ $PWD = "/" ]
            then
            echo "Found root. Aborting."
            exit 1
            else
            cd ..
        fi
    done
fi

pwpath="machines/secrets/keys/itag"
read -p "Enter new host name: " host

if [ "$host" = "" ]; then exit 0
fi

mkdir -p $pwpath/$host
cd $pwpath/$host

# Generate SSH keys
ssh-keygen -f "$host" -t ed25519 -N ""
ssh-keygen -f "$host"-init -t ed25519 -N ""

#encrypt the private keys
sops -e -i ./"$host"
sops -e -i ./"$host"-init

#generate encryption key
tr -dc 'A-Za-z0-9' < /dev/urandom | head -c 20 > disk.key
sops -e -i ./disk.key

# Info
echo
echo "Hier ist der age public key für sops etc:"
echo "$(ssh-to-age -i ./$host.pub)"
echo
echo "Hier ist eine reproduzierbare mac-addresse:"
echo "$host"|md5sum|sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/02:\1:\2:\3:\4:\5/'

exit 0