#!/bin/bash

echo "Push secrets to storage of secrets on SERVER_ORIGIN_DOMAIN..."

if [ "$(id -u)" != "0" ]; then
    echo -e "\033[31mThis script requires superuser rights.\033[0m"
    exit 0
fi

if [ -z "$1" ]; then
  echo "Usage: $0 <REMOTE_SERVER_HOST>"
  exit 1
fi

REMOTE_SERVER_HOST=$1
SAFE_DIR="/data/secrets/safe"
ARCHIVE_FILE="$SAFE_DIR/$REMOTE_SERVER_HOST.tar.gz"
REMOTE_USER="root"
SECRETS_PATH=/data/secrets/$SERVER_DOMAIN/$SERVER_DOMAIN.env

trap 'echo -e "\033[31msecrets-push.sh: Something went wrong\033[0m"; exit 1' ERR
set -e

export DEBIAN_FRONTEND=noninteractive

source $SECRETS_PATH

echo "Encrypt secrets..."
bash secrets-encrypt.sh $REMOTE_SERVER_HOST

echo "Create SAFE_DIR on ORIGIN server..."
ssh $REMOTE_USER@$SERVER_ORIGIN_DOMAIN "mkdir -p $SAFE_DIR"

echo "Save archive on ORIGIN server safe..."
scp $ARCHIVE_FILE $REMOTE_USER@$SERVER_ORIGIN_DOMAIN:$SAFE_DIR

trap - ERR
echo "Secrets for $REMOTE_SERVER_HOST pushed complete"