# Ansible Vault encrypted files installer
# Usage: make install PASSWORD=yourpassword

PASSWORD ?= 
PASSWORD_FILE = .vault_password

.PHONY: install decrypt clean


_init_password_file:
	@if [ ! -f $(PASSWORD_FILE) ]; then \
		echo "$(PASSWORD)" > $(PASSWORD_FILE); \
		chmod 600 $(PASSWORD_FILE); \
	fi


_destroy_password_file:
	@if [ -f $(PASSWORD_FILE) ]; then \
		rm -f $(PASSWORD_FILE); \
	fi


_install:
	@mkdir -p $(HOME)/.ssh $(HOME)/.gnupg
	@echo "$(PASSWORD)" | ansible-vault decrypt --output $(HOME)/.ssh/id_ed25519 id_ed25519 --vault-password-file=$(PASSWORD_FILE)
	@chmod 600 $(HOME)/.ssh/id_ed25519
	@echo "$(PASSWORD)" | ansible-vault decrypt --output $(HOME)/.gnupg/private.gpg private.gpg --vault-password-file=$(PASSWORD_FILE)
	@chmod 600 $(HOME)/.gnupg/private.gpg
	@echo "Keys installed successfully"

install: _init_password_file _install _destroy_password_file

# Decrypt files to current directory (for inspection)
_decrypt:
	@ansible-vault decrypt --output id_ed25519.decrypted id_ed25519 --vault-password-file=$(PASSWORD_FILE)
	@ansible-vault decrypt --output private.gpg.decrypted private.gpg --vault-password-file=$(PASSWORD_FILE)
	@chmod 600 id_ed25519.decrypted private.gpg.decrypted

decrypt: _init_password_file _decrypt _destroy_password_file


clean:
	@rm -f *.decrypted