#!/usr/bin/env bash
set -euo pipefail
IFS=$'\n\t'

servername="${1-}"

hostname="${2-}"

if [ -z "$servername" ] || [ -z "$hostname" ]
  then
    echo "Usage: $0 SERVERNAME HOSTNAME"
    exit 1
fi

confirmation="Yes, wipe ${servername}."

echo "⚠️  This will wipe ${servername} completely! ⚠️"
echo "Confirm by typing: \"${confirmation}\""
read response

if [ "$response" != "$confirmation" ]; then
  echo "Aborting."
  exit 1
fi

# Create a temporary directory
temp=$(mktemp -d)

# Function to cleanup temporary directory on exit
cleanup() {
  rm -rf "$temp"
}
trap cleanup EXIT

# Create directory where age key will go.
# Nixos-anwhere creates a kind of overlay and retains this structure on the final file system.
mkdir "$temp/etc"

secret-tool lookup age-identity "$servername" > "$temp/etc/age_ed25519"

# Set the correct permissions
chmod 600 "$temp/etc/age_ed25519"

# Install NixOS to the host system with our age identity
nix run github:numtide/nixos-anywhere -- --extra-files "$temp" --flake ".#${servername}" "root@${hostname}"