#!/usr/bin/env bash
set -eu
set -o pipefail

host="${1:-partofme}"
conf_location="/usr/local/share/puppet-tozt"
conf_repo="https://github.com/doy/puppet-tozt"

ssh_opts="-o ControlMaster=auto -o ControlPath=~/.ssh/puppet-tozt-%r-%h-%p -o ControlPersist=5"

run() {
    # shellcheck disable=SC2086,SC2029
    ssh $ssh_opts root@"$host" "$@"
}
copy() {
    # shellcheck disable=SC2086,SC2029
    scp -r $ssh_opts "$1" root@"$host":"$2"
}

# configure the persistent disks properly at boot
copy "$(dirname "$0")"/../../modules/partofme/files/mdadm.conf /etc/mdadm.conf
copy "$(dirname "$0")"/../../modules/partofme/files/mkinitcpio.conf /etc/mkinitcpio.conf
# ensure we have the latest linux version, otherwise wireguard will fail to
# build and install the correct kernel modules
run "pacman -Syu --noconfirm"
# reboot to get our disks detected and to make sure we're actually running the
# latest kernel, or else loading the wireguard modules will fail
# suppress errors here because typically sshd will drop your connection before
# the reboot command gets a chance to return successfully
run "reboot" || true

while ! run true; do
    sleep 5
done

# ruby-shadow to allow puppet to manage system passwords
run "pacman -S --noconfirm git puppet ruby-shadow"
run "mkdir -p '$conf_location'"
run "cd '$conf_location' && git clone '$conf_repo' ."
run "cd '$conf_location' && git submodule update --init --recursive"

copy /mnt/puppet/partofme/ /usr/local/share/puppet-tozt/modules/secret/files
run "cd '$conf_location' && puppet apply --modulepath=./modules manifests"

echo "Done"