#!/usr/bin/env sh
set -eu


if [ -f /.env ]; then
   export $(grep -v '^#' /.env | xargs)
fi
# Write SSH keys from env vars into /root/.ssh with correct permissions.
# Handles both real newlines and literal \n sequences in SSH_PRIVATE_KEY.

HOME_DIR="${HOME:-/root}"
SSH_DIR="$HOME_DIR/.ssh"

mkdir -p "$SSH_DIR"
chmod 700 "$SSH_DIR"

echo "created folder $SSH_DIR"

# Public key (optional)
if [ -n "${SSH_PUBLIC_KEY:-}" ]; then
  printf "%s\n" "$SSH_PUBLIC_KEY" > "$SSH_DIR/id_rsa.pub"
  echo "Created id_rsa.pub"
  chmod 644 "$SSH_DIR/id_rsa.pub"
fi

# Private key (optional)
if [ -n "${SSH_PRIVATE_KEY:-}" ]; then
  # If the key contains literal \n sequences, convert them to newlines.
  if printf "%s" "$SSH_PRIVATE_KEY" | grep -q '\\n'; then
    printf "%s" "$SSH_PRIVATE_KEY" | sed 's/\\n/\n/g' > "$SSH_DIR/id_rsa"
    echo "created id_rsa"
  else
    printf "%s" "$SSH_PRIVATE_KEY" > "$SSH_DIR/id_rsa"
  fi
  chmod 600 "$SSH_DIR/id_rsa"
fi

# Prime known_hosts to avoid host key prompts for common git hosts
if command -v ssh-keyscan >/dev/null 2>&1; then
  for host in github.com gitlab.com; do
    ssh-keyscan -H "$host" 2>/dev/null >> "$SSH_DIR/known_hosts" || true
  done
  # Optionally pre-seed remote backup host if provided via REMOTE_HOST (user@host)
  if [ -n "${REMOTE_HOST:-}" ]; then
    remote_host_domain="$(printf "%s" "$REMOTE_HOST" | awk -F'@' '{print $NF}')"
    if [ -n "$remote_host_domain" ]; then
      ssh-keyscan -H "$remote_host_domain" 2>/dev/null >> "$SSH_DIR/known_hosts" || true
    fi
  fi
  chmod 644 "$SSH_DIR/known_hosts" || true
fi


#rm /app/scripts/*.sh
#rm ~/.ssh/id_rsa
#rm ~/.ssh/id_rsa.pub

exec "$@"