#!/usr/bin/env nix
#! nix shell nixpkgs#bash nixpkgs#mktemp nixpkgs#openssh nixpkgs#nixos-anywhere nixpkgs#sops --command bash

echoerr() { printf "%s\n" "$*" >&2; }

if (( $# != 1 )); then
    echoerr "usage: $0 <hostname>"
fi

HOSTNAME=$1

# Create a temporary directory
temp=$(mktemp -d)

# Function to cleanup temporary directory on exit
cleanup() {
  rm -rf "$temp"
}
trap cleanup EXIT

# Create the directory where sshd expects to find the host keys
install -d -m755 "$temp/etc/ssh"

# Create host keys
ssh-keygen -A -f "$temp/etc/ssh/"

# Set the correct permissions so sshd will accept the key
chmod 600 "$temp/etc/ssh/ssh_host_ed25519_key"

AGEKEY=$(ssh-to-age < "$temp/etc/ssh/ssh_host_ed25519_key.pub")

echo "$AGEKEY" | tee "./$HOSTNAME.age"

# Install NixOS to the host system with our secrets
nixos-anywhere --extra-files "$temp" --flake '.#your-host' root@yourip