default:
  @just --list

secrets-encrypt:
  #!/usr/bin/env sh
  age --encrypt -R {{source_directory()}}/secrets.keys \
    secrets.env > secrets.env.encrypted

secrets-decrypt:
  #!/usr/bin/env sh
  age --decrypt \
    -i ${HOME}/.config/sops/age/keys.txt \
    secrets.env.encrypted > secrets.env

apply:
  #!/usr/bin/env sh
  cd {{source_directory()}}/terraform
  tofu init
  tofu apply

destroy:
  #!/usr/bin/env sh
  cd {{source_directory()}}/terraform
  tofu  destroy

outputs:
  #!/usr/bin/env sh
  cd {{source_directory()}}/terraform
  tofu output

provision node:
  #!/usr/bin/env sh
  set -eou pipefail

  pushd {{source_directory()}}/terraform > /dev/null
  IPV4=$(tofu output -json | jq -r '.ipv4.value["{{node}}"]')
  popd > /dev/null

  echo "= Provision node: {{node}} (${IPV4})"
  cat provision.sh | ssh -o StrictHostKeyChecking=no root@${IPV4} 'sudo bash -s'

configure node:
  #!/usr/bin/env sh
  set -eou pipefail

  pushd {{source_directory()}}/terraform > /dev/null
  IPV4=$(tofu output -json | jq -r '.ipv4.value["{{node}}"]')
  popd > /dev/null

  echo "= Configuring node: {{node}} (${IPV4})"
  cat configure.sh | ssh -o StrictHostKeyChecking=no root@${IPV4} 'sudo bash -s'