#!/usr/bin/env bash
# Add SSH public key(s) to dev1, dev2, dev3, dev4 on Dev VM (CT 5700).
# Usage:
#   PUBLIC_KEY="$(cat ~/.ssh/id_ed25519.pub)" bash scripts/dev-vm/add-dev-user-ssh-keys.sh
#   bash scripts/dev-vm/add-dev-user-ssh-keys.sh /path/to/key.pub
#   bash scripts/dev-vm/add-dev-user-ssh-keys.sh   # uses ~/.ssh/id_ed25519.pub or id_rsa.pub
# Requires: SSH as root to the Proxmox host that runs CT 5700 (default: PROXMOX_R630_01).
set -euo pipefail

SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
source "$PROJECT_ROOT/config/ip-addresses.conf" 2>/dev/null || true
[ -f "$PROJECT_ROOT/.env" ] && set +u && source "$PROJECT_ROOT/.env" 2>/dev/null || true && set -u

VMID=5700
PROXMOX_HOST="${PROXMOX_HOST:-${PROXMOX_R630_01:-192.168.11.11}}"
USERS="dev1 dev2 dev3 dev4"

if [ -n "${PUBLIC_KEY:-}" ]; then
  KEY="$PUBLIC_KEY"
elif [ -n "${1:-}" ] && [ -f "$1" ]; then
  KEY=$(cat "$1")
elif [ -f "$HOME/.ssh/id_ed25519.pub" ]; then
  KEY=$(cat "$HOME/.ssh/id_ed25519.pub")
elif [ -f "$HOME/.ssh/id_rsa.pub" ]; then
  KEY=$(cat "$HOME/.ssh/id_rsa.pub")
else
  echo "No public key found. Set PUBLIC_KEY= or pass a key file, or add ~/.ssh/id_ed25519.pub / id_rsa.pub"
  exit 1
fi

KEY_B64=$(printf '%s\n' "$KEY" | base64 -w0)

echo "Adding SSH key to $USERS on CT $VMID (host $PROXMOX_HOST)..."
for u in $USERS; do
  ssh -o ConnectTimeout=10 -o StrictHostKeyChecking=accept-new root@"$PROXMOX_HOST" \
    "pct exec $VMID -- bash -c 'mkdir -p /home/$u/.ssh && chmod 700 /home/$u/.ssh && echo \"$KEY_B64\" | base64 -d >> /home/$u/.ssh/authorized_keys && chmod 600 /home/$u/.ssh/authorized_keys && chown -R $u:$u /home/$u/.ssh'"
  echo "  OK: $u"
done
echo "Done. Test: ssh dev1@${IP_DEV_VM:-192.168.11.59}"