#!/bin/bash -l
set -x

# Deploy fai configuration to faiserver,
# then start a virtual machine to test the config.

set -eE -o pipefail
trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR

cd $(dirname $(readlink -f "$BASH_SOURCE"))


faiserver_host=faiserver
# i use faiserver as a dns alias, but ssh key is associated with
# a canonical hostname and we will have ssh warning spam unless we
# use it, so look it up.
if addr=$(host faiserver); then
    addr=${addr##* }
    if h=$(host $addr); then
        h=${h##* }
        faiserver_host=${h%%.*}
    else
        echo "$0: warning: host \$addr($addr) failed"
    fi
else
    echo "$0: warning: host faiserver failed"
fi


ssh root@$faiserver_host rm -rf /srv/fai/config
scp -r fai/config root@$faiserver_host:/srv/fai
# fai example pass: fai
#ROOTPW='$1$kBnWcO.E$djxB128U7dMkrltJHPf6d1'

# generating a hashed password:
# under debian, you can do
# echo "yoursecrectpassword" | mkpasswd -m sha-512 -s
# On arch, best seems to be copy your shadow file to a temp location,
# then passwd, get out the new pass, then copy the shadow file back.

f=/q/root/shadow/standard
if s test -e $f; then
    ssh root@$faiserver_host tee -a /srv/fai/config/class/DEFAULT.var <<EOF
ROOTPW='$(s cat $f)'
EOF
fi

tpvar="$(s cat /q/root/shadow/traci-simple)"
ssh root@$faiserver_host tee -a /srv/fai/config/class/tp.var <<EOF
ROOTPW='$tpvar'
EOF

scp ~/.ssh/id_rsa.pub \
    root@$faiserver_host:/srv/fai/config/files/home/ian/.ssh/authorized_keys/GRUB_PC
# todo: automatically disable faiserver after a period so
# these files are not exposed.
s scp -r /q/root/luks /q/root/shadow/traci{,-simple} \
  root@$faiserver_host:/srv/fai/config/distro-install-common
scp /a/bin/devbyid root@$faiserver_host:/srv/fai/nfsroot/usr/local/bin
ssh root@$faiserver_host bash <<'EOF'
set -eE -o pipefail
chmod 644 /srv/fai/config/files/home/ian/.ssh/authorized_keys/GRUB_PC
chmod -R a+rX /srv/fai/config/distro-install-common
EOF