#!/bin/bash

if [ "$(id -u)" != "0" ]; then
    echo -e "\033[31mThis script requires superuser rights.\033[0m"
    exit 0
fi

if [ -z "$1" ]; then
  echo "Please provide SERVER_HOST as argument"
  exit 1
fi

SSH_PORT=2525
REMOTE_USER="root"
SERVER_HOST=$1
SECRETS_DIR=/data/secrets
SECRETS_ENV=$SECRETS_DIR/$SERVER_HOST/$SERVER_HOST.env

source $SECRETS_ENV

SECRETS_SAFE=$SECRETS_DIR/safe
SECRETS_PATH=$SECRETS_SAFE/$SERVER_HOST.tar.gz

KEYS_FILE="$SECRETS_SAFE/keys.env"

trap 'echo -e "\033[31mremote.sh: Something went wrong\033[0m"; exit 1' ERR
set -e

export DEBIAN_FRONTEND=noninteractive

echo "Get SAFE_PASSWORD for decrypt secrets archive on target host..."
KEY_VAR=$(echo "$SERVER_HOST" | tr '.' '_')

if grep -q "^$KEY_VAR=" "$KEYS_FILE"; then
  SAFE_PASSWORD=$(grep "^$KEY_VAR=" "$KEYS_FILE" | cut -d '=' -f2)
else
  echo "SAFE_PASSWORD for $SERVER_HOST not found"
fi

echo "Reset known_hosts..."
ssh-keygen -f '/root/.ssh/known_hosts' -R $SERVER_HOST

echo "Install public SSH key from dev host to target host..."
sshpass -p $SERVER_PASSWORD ssh-copy-id -i ~/.ssh/id_ed25519.pub -p $SSH_PORT -o StrictHostKeyChecking=no $REMOTE_USER@$SERVER_HOST

echo "Copy install script from dev host to target host in tmp dir..."
scp -P $SSH_PORT install.sh $REMOTE_USER@$SERVER_HOST:/tmp/install.sh

echo "Copy secrets-decrypt script from dev host to target host in tmp dir..."
scp -P $SSH_PORT secrets-decrypt.sh $REMOTE_USER@$SERVER_HOST:/tmp/secrets-decrypt.sh

echo "Create secrets directory on target host..."
ssh -p $SSH_PORT $REMOTE_USER@$SERVER_HOST "mkdir -p $SECRETS_SAFE"

echo "Copy secret archive from origin host to target host..."
ssh $REMOTE_USER@$SERVER_ORIGIN_DOMAIN "cat $SECRETS_PATH" | ssh $REMOTE_USER@$SERVER_HOST -p $SSH_PORT "cat > $SECRETS_PATH"

echo "Run secrets-decrypt script for decrypt secrets archive on target host..."
ssh -p $SSH_PORT $REMOTE_USER@$SERVER_HOST "bash /tmp/secrets-decrypt.sh $SAFE_PASSWORD $SECRETS_PATH $SECRETS_DIR/$SERVER_HOST"

echo "Run install script on target host..."
ssh -p $SSH_PORT $REMOTE_USER@$SERVER_HOST "bash /tmp/install.sh $SERVER_HOST"

trap - ERR
echo "Remote install complete"