#!/usr/bin/env bash

if [ -z "$SOPS_VARS_FILE" ]; then
  echo "Variable SOPS_VARS_FILE is needed with a path to the sops variables"
  exit 1;
fi

umask 0077
TEMP=$(mktemp -d /tmp/XXXXXX-nixops-files)
chmod go-rwx $TEMP

finish() {
  rm -rf "$TEMP"
}

trap finish EXIT

sops -d $SOPS_VARS_FILE | yq -r .ssl_keys.nix_repository > $TEMP/id_ed25519

cat > $TEMP/ssh_config <<EOF
Host *
IdentityFile $TEMP/id_ed25519
EOF
export SSH_CONFIG_FILE="$TEMP/ssh_config"
export SSH_IDENTITY_FILE="$TEMP/id_ed25519"

"$@"