#!/usr/bin/env bash
set -eu
set -o pipefail

opened() {
    test -e /dev/mapper/tozt-secrets
}

mounted() {
    grep -q '^/dev/mapper/tozt-secrets /mnt' /proc/mounts
}

cmd_open() {
    if ! opened; then
        pass="$(rbw get luks tozt-secrets)"
        echo -n "$pass" | sudo cryptsetup --key-file=- open ~/crypt/tozt-secrets.luks tozt-secrets
    fi
    if ! mounted; then
        sudo mount /dev/mapper/tozt-secrets /mnt
    fi
}

cmd_close() {
    if mounted; then
        sudo umount /dev/mapper/tozt-secrets
    fi
    if opened; then
        sudo cryptsetup close tozt-secrets
    fi
}

cmd_sync() {
    if [ "${2:-}" = "--ts" ]; then
        host="${3:-tozt}"
        if [ "${host}" = "tozt" ]; then
            hostname=tozt
        elif [ "${host}" = "mail" ]; then
            hostname=mail
        elif [ "${host}" = "partofme" ]; then
            hostname=partofme
        else
            echo "unknown host ${host}" >&2
            exit 1
        fi
    else
        host="${2:-tozt}"
        if [ "${host}" = "tozt" ]; then
            hostname=tozt.net
        elif [ "${host}" = "mail" ]; then
            hostname=mail.tozt.net
        elif [ "${host}" = "partofme" ]; then
            hostname=partofme
        else
            echo "unknown host ${host}" >&2
            exit 1
        fi
    fi

    if mounted && opened; then
        was_opened=1
    else
        cmd_open
        was_opened=""
    fi

    rsync -avz --delete \
        /mnt/puppet/"$host"/. \
        root@"$hostname":/usr/local/share/puppet-tozt/modules/secret/files

    if [ -z "$was_opened" ]; then
        cmd_close
    fi
}

case "$1" in
    open)
        cmd_open "$@"
        ;;
    close)
        cmd_close "$@"
        ;;
    sync)
        cmd_sync "$@"
        ;;
    *)
        echo "unknown subcommand $1" >&2
        exit 1
        ;;
esac