#!/bin/bash

set -euo pipefail

hosts=(conflatorio birgitte arius)

rm -rf keys
mkdir keys

out=/dev/stderr
out=keys/keys.yml

echo borg_ssh_keys: >> $out
for host in ${hosts[@]}
do
  ssh-keygen -q -t ed25519 -N "" -C "borg/$host" -f keys/$host
  echo "  $host:" >> $out
  echo "    public: $(<keys/$host.pub)" >> $out
  echo "    private: |" >> $out
  sed "s/^/      /" keys/$host >> $out
done

ansible-vault encrypt --output group_vars/all/borg_ssh_keys.yml keys/keys.yml
rm -rf keys