#!/usr/bin/env bash

# klevstul :: 24.06

this_file_name=`basename "$0"`
echo "$this_file_name"

# location of ssh keys
syncdir_env_var=SYNCDIR_${HOSTNAME}
src_gnupg_dir=${!syncdir_env_var}/secrets/.gnupg
trg_gnupg_dir=~/.gnupg

echo "\$SYNCDIR_${HOSTNAME}=${!syncdir_env_var}"
echo "src_gnupg_dir: ${src_gnupg_dir}"

if ! [[ -d ${src_gnupg_dir} ]]; then
    echo "error: non-existing directory '${src_gnupg_dir}'" >&2; exit 1
fi

if ! [[ -d "$trg_gnupg_dir" ]]; then
    echo "creating non-existing target dir '${trg_gnupg_dir}'."
    mkdir -p ${trg_gnupg_dir}
fi

the_file=trustdb.gpg
if ! [[ -f ${trg_gnupg_dir}/${the_file} ]]; then
    echo "deploy ${the_file}"
    cp ${src_gnupg_dir}/${the_file} ${trg_gnupg_dir}
else
    echo "${the_file} already exist in ${trg_gnupg_dir}"
fi

the_file=pubring.kbx
if ! [[ -f ${trg_gnupg_dir}/${the_file} ]]; then
    echo "deploy ${the_file}"
    cp ${src_gnupg_dir}/${the_file} ${trg_gnupg_dir}
else
    echo "${the_file} already exist in ${trg_gnupg_dir}"
fi

the_directory=openpgp-revocs.d
if ! [[ -d ${trg_gnupg_dir}/${the_directory} ]]; then
    echo "deploy ${the_directory}"
    cp -r ${src_gnupg_dir}/${the_directory} ${trg_gnupg_dir}
else
    echo "${the_directory} already exist in ${trg_gnupg_dir}"
fi

the_file=private-keys-v1.d.7z.gpg
if ! [[ -d ${trg_gnupg_dir}/private-keys-v1.d ]]; then
    echo "deploy private-keys-v1.d"
    cp ${src_gnupg_dir}/${the_file} ${trg_gnupg_dir}
else
    echo "private-keys-v1.d already exist in ${trg_gnupg_dir}"
    echo "rename or delete existing directory and try again."
    echo "WARNING: backup the content if needed!"
fi

echo "do you want to unpack and decrypt ${the_file}? (y/n)"
read user_input

if [[ ${user_input} == "y" ]]; then
    echo "yes"
    echo "please, remember the hint: poq.l2"
    gpg -d ${trg_gnupg_dir}/${the_file} > ${trg_gnupg_dir}/private-keys-v1.d.7z
    7za x -o/home/poq/.gnupg private-keys-v1.d.7z

    trash-put private-keys-v1.d.7z.gpg
    trash-put private-keys-v1.d.7z

    #chmod 0600 ${trg_gnupg_dir}/id_rsa        # id_rsa can not be accessible by other users
else
    echo "no worries. you can manually unpack and decrypt the file, if needed:"
    echo "gpg -d private-keys-v1.d.7z.gpg > private-keys-v1.d.7z"
    echo "7za x -o/home/poq/.gnupg private-keys-v1.d.7z"
fi

echo "${trg_gnupg_dir}:"
ls -al ${trg_gnupg_dir}