#!/bin/bash
source /init_functions.sh

install_url="/tmp/detee_install_url"
install_sha="/tmp/detee_install_sha"
root_keyfile="/tmp/detee_root_keyfile"
ssh_key_file="/tmp/detee_ssh_key"
snp_key_file="/tmp/detee_luks_hotkey"

create_mounts
load_modules
setup_network

# load this module again cause it fails the first time
modprobe sev_guest

snp_key="$(GET_DERIVATION_KEY=yes guest_api)"
[[ -n $snp_key ]] && echo $snp_key > $snp_key_file

try_hot_decrypt || {
  create_certs
  guest_api
  if [[ -f "$install_url" ]]; then 
    install_os
  else
    cryptsetup open -d $root_keyfile /dev/vda1 root
    mount /dev/mapper/root /mnt
  fi
  cryptsetup luksKillSlot -d $root_keyfile /dev/vda1 1
  [[ -f "$snp_key_file" ]] && cryptsetup luksAddKey \
    --key-file $root_keyfile \
    --new-keyfile $snp_key_file /dev/vda1
}

github_ssh_key
detee_ssh_key

cp /etc/resolv.conf /mnt/etc/resolv.conf
# copy kernel modules in case the user deleted the old modules
mkdir -p /mnt/lib/modules/
cp -rn /lib/modules/* /mnt/lib/modules/

exec switch_root /mnt /sbin/init "$@"