#!/usr/bin/env nix-shell
#!nix-shell -i bash ../../shell.nix
# shellcheck shell=bash
set -Eeuo pipefail
cd "$(dirname "${BASH_SOURCE[0]}")"
cd ../../

echo "Unlocking git-crypt repos and configuring git..."
git config --global user.email "ci@euandre.org"
git config --global user.name "sr.ht CI"

git crypt unlock
# Assumes vps-state was already cloned
pushd ../vps-state/
git crypt unlock
git remote set-url origin git@git.sr.ht:~euandreh/vps-state
popd
echo "Done."

# git smudge after git-crypt clears file permissions
chmod 600 ./secrets/ssh/vps-box-client
cat .envrc >> ~/.buildenv

source .envrc

SSH_SERVER_PRIVATE_KEY="$(cat ./secrets/ssh/vps-box-server)"
export SSH_SERVER_PRIVATE_KEY
SSH_SERVER_PUBLIC_KEY="$(cat ./secrets/ssh/vps-box-server.pub)"
export SSH_SERVER_PUBLIC_KEY

envsubst < ./ssh.env.conf >> ~/.ssh/config
envsubst < ./hosts.env > ./hosts
envsubst < ./docker-compose.env.yaml > ./docker-compose.yaml
envsubst < ./user-data.env.sh > ./user-data.sh