#!/usr/bin/env nix-shell
#!nix-shell -i bash
# shellcheck shell=bash
set -Eeuo pipefail
cd "$(dirname "${BASH_SOURCE[0]}")"

if [[ "${1:-}" = '--bootstrap' ]]; then
  USER_PASSWORD="$(cat ./secrets/base-image-old-password.txt)"
else
  USER_PASSWORD="$(cat ./secrets/user-password.txt)"
fi

# Copy secrets and configuration files
echo "${USER_PASSWORD}" | ssh "$TLD" sudo -S "\
sudo mkdir -p ${SECRETS_ROOT};                     \
sudo chown -R ${USER_NAME}:users ${SECRETS_ROOT}/; \
sudo chmod 700 ${SECRETS_ROOT}/;                   \
sudo touch /etc/nixos/envsubst-configuration.nix;  \
sudo chown -R ${USER_NAME}:users /etc/nixos/envsubst-configuration.nix;"
rsync -avzP secrets/passwords/ "${TLD}:${SECRETS_ROOT}/"
envsubst < envsubst-configuration.nix | ssh "$TLD" 'cat > /etc/nixos/envsubst-configuration.nix'
echo "${USER_PASSWORD}" | ssh "$TLD" sudo -S "\
sudo chown nextcloud:users ${SECRETS_ROOT}/nextcloud-admin.txt; \
sudo chown nextcloud:users ${SECRETS_ROOT}/nextcloud-database.txt;"
scp mautrix-whatsapp-config.yaml         "${TLD}:/data/"
scp secrets/mautrix-telegram-config.yaml "${TLD}:/data/"

# Run nixos-rebuild
scp vps-configuration.nix "${TLD}:/etc/nixos/configuration.nix"
echo "${USER_PASSWORD}" | ssh "$TLD" sudo -S nix-channel --add "https://nixos.org/channels/nixos-${SYSTEM_STATE_VERSION}" nixos
echo "${USER_PASSWORD}" | ssh "$TLD" sudo -S -i nixos-rebuild switch --upgrade

# Copy support files
ssh "${TLD}" rm -rf "${FAVICONS_ROOT}/"
rsync -avzP favicons/ "${TLD}:${FAVICONS_ROOT}/"
scp cgit-about.html "${TLD}:${GIT_ROOT}/about.html"
scp ci-gen-index.sh "${TLD}:${CI_LOGS_ROOT}/ci-gen-index.sh"
scp bash-profile.sh "${TLD}:.bash_profile"

echo "${USER_PASSWORD}" | ssh "$TLD" sudo -S "sudo systemctl restart matrix-synapse.service"