#! /bin/bash
# This script creates a new ssh key-pair and sets it up to be able to deploy to a specific directory only

# Abort on any mistake
set -e

# configurable constants for this script
KEY_DIR=/var/lib/pages-manager/keys/
PAGES_USER=pages
DEPLOY_SCRIPT=/home/${PAGES_USER}/deploy.sh

mkdir -p "${KEY_DIR}"


if [ "$#" -ne 2 ]; then
	echo "Usage: $0 OWNER REPOSITORY"
fi

OWNER=$1
REPOSITORY=$2

KEYFILE="${KEY_DIR}/id_${OWNER}.${REPOSITORY}"

if [ -e "${KEYFILE}" ]; then
	echo "Found existing key in ${KEYFILE}, aborting."
	echo "Printing private key:"
	cat "${KEYFILE}"
  echo "Add this as 'PAGES_SSH_KEY' to the repository secrets."
	exit 0
fi

URL="https://git.abstractnonsen.se/${OWNER}/${REPOSITORY}"
if curl --output /dev/null --silent --head --fail "${URL}"; then
  echo "Checked ${URL}: repository exists and publicly accessible"
else
  read -n 1 -r -p "Url ${URL} is not (publicly) accessible, are you sure you want to continue? [y/N] "
  echo
  if [[ ! $REPLY =~ ^[Yy]$ ]]; then
    echo "Aborted."
    exit 1
  fi
fi

mkdir -p "${KEY_DIR}"
chmod 700 "${KEY_DIR}"

# generate key
ssh-keygen -t ed25519 -f "${KEYFILE}" -N "" -C "deployment key for ${OWNER}/${REPOSITORY}" > /dev/null

# add public key
echo "command=\"${DEPLOY_SCRIPT} ${OWNER} ${REPOSITORY}\",no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty,no-user-rc,restrict $(cat ${KEYFILE}.pub)" >> "/home/${PAGES_USER}/.ssh/authorized_keys"

echo "Generate and configured new key in ${KEYFILE}"
echo "Printing private key:"
cat "${KEYFILE}"
echo "Add this as 'PAGES_SSH_KEY' to the repository secrets."
exit 0