#!/usr/bin/env bash

# Create a temporary directory
temp=$(mktemp -d)

# Function to cleanup temporary directory on exit
cleanup() {
  rm -rf "$temp"
}
trap cleanup EXIT

# Create the directory where sshd expects to find the host keys
install -d -m755 "$temp/persist/etc/ssh"
install -d -m755 "$temp/etc/ssh"

# Decrypt your private key from the password store and copy it to the temporary directory
cat ./ssh_host_ed25519_key.txt > "$temp/persist/etc/ssh/ssh_host_ed25519_key"
cat ./ssh_host_rsa_key.txt > "$temp/persist/etc/ssh/ssh_host_rsa_key"
cat ./ssh_host_ed25519_key.txt > "$temp/etc/ssh/ssh_host_ed25519_key"
cat ./ssh_host_rsa_key.txt > "$temp/etc/ssh/ssh_host_rsa_key"

# Set the correct permissions so sshd will accept the key
chmod 600 "$temp/persist/etc/ssh/ssh_host_ed25519_key"
chmod 600 "$temp/persist/etc/ssh/ssh_host_rsa_key"
chmod 600 "$temp/etc/ssh/ssh_host_ed25519_key"
chmod 600 "$temp/etc/ssh/ssh_host_rsa_key"

# Install NixOS to the host system with our secrets
nix run github:nix-community/nixos-anywhere -- \
  --disko-mode mount \
  --extra-files "$temp" \
  --flake .#odin \
  --target-host root@192.168.178.25