#!/bin/bash

# {{ ansible_managed }}

if [ -z $1 ]; then
	echo "No ansible playbook provided."
	exit 1
fi

USBKEYVAR=/dev/disk/by-uuid/{{ usbkey_uuid }}
USBKEYSLOCATION={{ usbkey_keysdir }}

# Figure out if path given is relative or absolute, assign variables accordingly
ABSOLUTELOCATION=$(realpath $1)
# Probably cleaner to do this in awk or the like but good enough!
FILEPARENTDIR="$(echo $ABSOLUTELOCATION | cut -d / --fields=$(echo $ABSOLUTELOCATION | grep -o / | wc -l))"
FILENAME="$(echo $ABSOLUTELOCATION | cut -d / --fields=$(($(echo $ABSOLUTELOCATION | grep -o / | wc -l) + 1))-)"

if [ -e $USBKEYVAR ]; then
	echo "USB Key detected, will mount if not already."
	if doas mount $USBKEYVAR; then
		echo "Mounted USB Key, proceeding..."
	else
		echo "Failed to mount USB Key, assuming its already mounted and proceeding..."
	fi
	if [[ "$FILENAME" == *"server"* ]]; then
		echo "Detected as a server playbook file, decrypting accordingly..."
		if ansible-playbook -e @$ANSIBLECONF_DIR/serversecrets.enc --vault-password-file $USBKEYSLOCATION/serversecrets $ABSOLUTELOCATION; then
			echo "Ansible Playbook success!"
		else
			echo "Ansible Playbook failure!"
		fi
	elif [[ "$FILENAME" == *"service"* ]]; then
		echo "Detected as a service playbook file, decrypting accordingly..."
		if ansible-playbook -e @$ANSIBLECONF_DIR/serversecrets.enc --vault-password-file $USBKEYSLOCATION/serversecrets -e @$ANSIBLECONF_DIR/services/$FILEPARENTDIR/servicesecrets.enc --vault-password-file $USBKEYSLOCATION/servicesecrets $ABSOLUTELOCATION; then
			echo "Ansible Playbook success!"
		else
			echo "Ansible Playbook failure!"
		fi
	else
		echo "Does not appear to be a server or service playbook file, please make sure the playbook file includes either 'server' or 'service' in the name to identify!"
	fi
	if doas umount $USBKEYVAR; then
		echo "Unmounted USB Key."
	else
		echo "Failed to unmount USB Key!"
	fi
else
	echo "USB Key not detected, please check if plugged in!"
	exit 1
fi