#!/usr/bin/env bash
set -eu
set -o pipefail

host="${1:-partofme}"
conf_location="/usr/local/share/puppet-tozt"
conf_repo="git://github.com/doy/puppet-tozt"

ssh_opts="-o ControlMaster=auto -o ControlPath=~/.ssh/puppet-tozt-%r-%h-%p -o ControlPersist=5"

run() {
    # shellcheck disable=SC2086,SC2029
    ssh $ssh_opts root@"$host" "$@"
}
copy() {
    # shellcheck disable=SC2086,SC2029
    scp -r $ssh_opts "$1" root@"$host":"$2"
}

# configure the mdadm arrays
run "echo 'ARRAY /dev/md2 metadata=0.90 UUID=6bf2e365:10a7910f:52419904:51489ef3' >> /etc/mdadm.conf"
# detect the persistent disks properly on boot
run "sed -i 's/^HOOKS=(base udev.*block /&mdadm encrypt lvm2 /' /etc/mkinitcpio.conf"
# ensure we have the latest linux version, otherwise wireguard will fail to
# build and install the correct kernel modules
run "pacman -Syu --noconfirm"
# reboot to get our disks detected and to make sure we're actually running the
# latest kernel, or else loading the wireguard modules will fail
# suppress errors here because typically sshd will drop your connection before
# the reboot command gets a chance to return successfully
run "reboot" || true

while ! run true; do
    sleep 5
done

run "pacman -S --noconfirm git puppet ruby-shadow"
run "mkdir -p '$conf_location'"
run "cd '$conf_location' && git clone '$conf_repo' ."
run "cd '$conf_location' && git submodule update --init --recursive"

copy /mnt/puppet/partofme/ /usr/local/share/puppet-tozt/modules/secret/files
run "cd '$conf_location' && puppet apply --modulepath=./modules manifests"

echo "Done"