#!/bin/bash

# Push secrets to storage of secrets on $SERVER_ORIGIN_DOMAIN

if [ "$(id -u)" != "0" ]; then
    echo -e "\033[31mThis script requires superuser rights.\033[0m"
    exit 0
fi

if [ -z "$1" ]; then
  echo "Usage: $0 <server_host>"
  exit 1
fi

SERVER_HOST=$1
SAFE_DIR="/data/secrets/safe"
ARCHIVE_FILE="$SAFE_DIR/$SERVER_HOST.tar.gz"
REMOTE_USER="root"
SECRETS_PATH=/data/secrets/$SERVER_HOST/$SERVER_HOST.env

source $SECRETS_PATH

trap 'echo -e "\033[31mSomething went wrong\033[0m"; exit 1' ERR
set -e

export DEBIAN_FRONTEND=noninteractive

bash secrets-encrypt.sh $SERVER_HOST
ssh $REMOTE_USER@$SERVER_ORIGIN_DOMAIN "mkdir -p $SAFE_DIR"
scp $ARCHIVE_FILE $REMOTE_USER@$SERVER_ORIGIN_DOMAIN:$SAFE_DIR

trap - ERR
echo "Secrets for $SERVER_HOST pushed complete"