#!/usr/bin/env bash

set +euo pipefail

if [ "$1" == "--unsafe" ]; then
    is_unsafe=true
    shift
else 
    is_unsafe=false
fi

name="$1"
script_dir=$(dirname "$(readlink -f "$0")")

if [ "$is_unsafe" == "true" ]; then
    name="$name.UNSAFE"
    public_key=$(cat "$script_dir/ssh/agenix-unsafe.pub")
else
    public_key=$(cat "$script_dir/ssh/agenix.pub")
fi

fullname="$script_dir/secrets/$name.age"

if [ -z "$name" ]; then
    echo "Usage: $0 <name>"
    exit 1
fi

tempfile="$(mktemp)"
micro_config_dir="$(mktemp -d)"
trap "rm -rf $tempfile $micro_config_dir" EXIT

cat > "$tempfile" <<EOF
{ 
  "$fullname".publicKeys = [ "$public_key" ];
}
EOF

echo '{"eofnewline": false}' > "$micro_config_dir/settings.json"

export MICRO_CONFIG_HOME="$micro_config_dir"
export EDITOR=micro
export RULES="$tempfile"

if [ "$(uname)" == "Darwin" ]; then
  if [ "$is_unsafe" == "true" ]; then
    private_path="/Users/Shared/agenix-key-unsafe"
  else
    private_path="$HOME/.ssh/agenix-key"
  fi
else 
  if [ "$is_unsafe" == "true" ]; then
    private_path="/etc/ssh/agenix-key-unsafe"
  else
    private_path="/etc/ssh/agenix-key"
  fi
fi

agenix -e "$fullname" --identity "$private_path"