#!/usr/bin/env bash

set -euo pipefail
IFS=$'\n\t'

servername="${1-}"

hostname="${2-}"

if [ -z "$servername" ] || [ -z "$hostname" ]
  then
    echo "Usage: $0 SERVERNAME HOSTNAME"
    exit 1
fi

confirmation="Yes, wipe ${servername}."

echo "⚠️  This will wipe ${servername} completely! ⚠️"
echo "Confirm by typing: \"${confirmation}\""
read response

if [ "$response" != "$confirmation" ]; then
  echo "Aborting."
  exit 1
fi

# Create a temporary directory
temp=$(mktemp -d)

# Function to cleanup temporary directory on exit
cleanup() {
  rm -rf "$temp"
}
trap cleanup EXIT

# Create directory where age key will go.
# Nixos-anywhere creates a kind of overlay and retains this structure on the final file system.
mkdir -p "$temp/root/.config/sops/age"

# Extract and copy server's age key.
sops -d --extract "[\"${servername}\"]" secrets/serverKeys.yaml > "$temp/root/.config/sops/age/keys.txt"

# Set the correct permissions
chmod 600 "$temp/root/.config/sops/age/keys.txt"

# Install NixOS to the host system with our age identity
nixos-anywhere --extra-files "$temp" --flake ".#${servername}" "root@${hostname}"