#!/usr/bin/env nix-shell
#!nix-shell -i bash
# shellcheck shell=bash
# shellcheck disable=2086
set -Eeuo pipefail
cd "$(dirname "${BASH_SOURCE[0]}")"

set -x

USER_PASSWORD="$(cat ./secrets/base-image-old-password.txt)"
export TLD='euandreh.xyz'

# Idempotent init folders and permissions
FOLDERS='/data/ /data/secrets/ /data/favicons/ /data/git/ /data/static/ci-logs/ /data/static/ci-logs/placeholder/ /data/nixos/ /data/static/logrotate/'
echo "${USER_PASSWORD}" | ssh "$TLD" sudo -S mkdir -p $FOLDERS
echo "${USER_PASSWORD}" | ssh "$TLD" sudo -S chown andreh:users $FOLDERS
ssh "$TLD" touch /data/static/ci-logs/placeholder/f.log
echo "${USER_PASSWORD}" | ssh "$TLD" sudo -S chown -R andreh:users /data/

# Copy secrets and support files
rsync -avzP secrets/passwords/ "${TLD}:/data/secrets/"
rsync -avzP favicons/ "${TLD}:/data/favicons/"
scp cgit-about.html "${TLD}:/data/git/about.html"
scp ci-gen-index.sh "${TLD}:/data/static/ci-logs/ci-gen-index.sh"

# Run nixos-rebuild
envsubst < envsubst-configuration.nix | ssh "$TLD" 'cat > /data/nixos/envsubst-configuration.nix'
scp vps-configuration.nix "${TLD}:/etc/nixos/configuration.nix"
echo "${USER_PASSWORD}" | ssh "$TLD" sudo -S nix-channel --add "https://nixos.org/channels/nixos-unstable" nixos
echo "${USER_PASSWORD}" | ssh "$TLD" sudo -S -i nixos-rebuild switch --upgrade
ssh "$TLD" rm -rf /data/static/ci-logs/placeholder/