#!/usr/bin/env bash

set -ex -o pipefail

kv_get() {
  vault kv get -format json ${1}
}

simple_get() {
 kv_get ${1} | jq .data.data${2} -r
}

simple_get_obscure() {
 rclone obscure $(simple_get $@)
}

simple_get_replace_b2() {
  account=$(simple_get ${1} .keyID)
  key=$(simple_get ${1} .applicationKey | sed "s#/#\\\/#")
  sed -i "s/${2}_ACCOUNT/${account}/" ${3}
  sed -i "s/${2}_KEY/${key}/" ${3}
}

VAULT_USERNAME=$1
VAULT_PASSWORD_FILE=$2
TEMPLATE_FILE=$3
OUTPUT_FILE=$4

vault login -no-print -method=userpass username=${VAULT_USERNAME} password=$(cat ${VAULT_PASSWORD_FILE})

TMP_DIR="$(mktemp -d)"

cp ${TEMPLATE_FILE} "${TMP_DIR}/template"

pushd "${TMP_DIR}"
STORAGEBOX_PASSWORD=$(simple_get_obscure /api-keys/hetzner/storagebox .password)
sed -i "s/STORAGEBOX_PASSWORD/${STORAGEBOX_PASSWORD}/" ./template

simple_get_replace_b2 "/api-keys/backblaze/Chaos-Backups" "B2_CHAOS_BACKUPS" ./template

simple_get_replace_b2 "/api-keys/backblaze/Chaos-Photos" "B2_CHAOS_PHOTOS" ./template

simple_get_replace_b2 "/api-keys/backblaze/Chaos-Music" "B2_CHAOS_MUSIC" ./template

simple_get_replace_b2 "/api-keys/backblaze/Cryptidz-Backup" "B2_CASSIE_CRYPTIDZ_BACKUP" ./template
popd

cat "${TMP_DIR}/template" > "${OUTPUT_FILE}"
rm -rf "${TMP_DIR}"