set -o errexit
set -o pipefail

if [ $# -lt 2 ]; then
  echo
  echo "Install NixOS to the host system with secrets and encryption"
  echo "Usage: $0 <hostname> <ip> (user)"
  exit 1
fi

if [ ! -e flake.nix ]
    then
    echo "flake.nix not found. Searching down."
    while [ ! -e flake.nix ]
        do
        if [ $PWD = "/" ]
            then
            echo "Found root. Aborting."
            exit 1
            else
            cd ..
        fi
    done
fi

hostname=$1
ipaddress=$2
dbpath="./machines/secrets/keys/itag.kdbx"
read -sp "Enter password for keepassxc: " pw


# Create a temporary directory
temp=$(mktemp -d)

# Function to cleanup temporary directory on exit
cleanup() {
  rm -rf "$temp"
}
trap cleanup EXIT

# Create the directory where sshd expects to find the host keys
install -d -m755 "$temp/etc/ssh/"
install -d -m755 "$temp/root/"

diskKey=$(echo "$pw" | keepassxc-cli show -a Password $dbpath hosts/$hostname/encryption)
echo "$diskKey" > /tmp/secret.key
echo "$diskKey" > $temp/root/secret.key

echo "$pw" | keepassxc-cli attachment-export $dbpath hosts/$hostname/sshkey private "$temp/etc/ssh/$hostname"

echo "$pw" | keepassxc-cli attachment-export $dbpath hosts/$hostname/sshkey-init private "$temp/etc/ssh/initrd"

# # Set the correct permissions so sshd will accept the key
chmod 600 "$temp/etc/ssh/$hostname"
chmod 600 "$temp/etc/ssh/initrd"

# Install NixOS to the host system with our secrets and encription
# optional --build-on-remote
if [ $# = 3 ]
  then
  nix run github:numtide/nixos-anywhere -- --extra-files "$temp"   \
 --disk-encryption-keys /tmp/secret.key /tmp/secret.key --flake .#$hostname $3@$ipaddress

else
nix run github:numtide/nixos-anywhere -- --extra-files "$temp"   \
 --disk-encryption-keys /tmp/secret.key /tmp/secret.key --flake .#$hostname root@$ipaddress
fi