#!/usr/bin/env bash

cd $(dirname $0)/..

read -r -a HOSTS <<< "$(colmena eval lib/get-hosts.nix | jq -r 'to_entries | map("\(.key) \(.value)") | @tsv')"

p=0
while [ "${HOSTS[$p]}" ]
do
    hostname=${HOSTS[$p]}
    ssh_host=root@${HOSTS[$p+1]}

    echo
    echo "##### $hostname - $ssh_host"
    ssh -o ConnectTimeout=10 $ssh_host "echo > /dev/null"
    rc=$?
    if [ $rc = 0 ]; then
        echo "$hostname is online, checking gpg-key"
        ssh $ssh_host "sudo -u root gpg --fingerprint --with-colons | grep '^fpr' | grep $(cat secrets/$hostname/.gpg-id | tail -n1) > /dev/null"
	rc=$?
    else
        echo "$hostname is offline"
        rc=0
    fi

    if ! [ $rc = 0 ]; then
        echo "generating gpg-key"
        mkdir -p secrets/$hostname
        ssh $ssh_host "sudo rm -rf /root/.gnupg"
        cat lib/keygen | sed "s/NAME/${hostname}/" | ssh -o RequestTTY=yes $ssh_host "sudo -u root gpg --generate-key --pinentry-mode loopback --batch /dev/stdin"
        cp secrets/.gpg-id secrets/$hostname/.gpg-id
        ssh $ssh_host "sudo -u root gpg --fingerprint --with-colons | grep '^fpr' | head -n1 | cut -d: -f10" >> secrets/$hostname/.gpg-id
        ssh $ssh_host "sudo -u root gpg --fingerprint --with-colons | grep '^fpr' | head -n1 | cut -d: -f10" >> secrets/all/.gpg-id
        ssh $ssh_host "sudo -u root gpg --export --armor" > secrets/.public-keys/$hostname
        lib/pass.sh init -p $hostname $(cat secrets/$hostname/.gpg-id);
        lib/pass.sh init -p all $(cat secrets/all/.gpg-id);
    else
        echo "key does already exist..."
    fi

    let p=p+2
done