#!/usr/bin/env bash
set -euo pipefail

if [[ $# -ne 1 ]]; then
  echo "Usage: $0 '<cloudflare_tunnel_connector_token>'" >&2
  exit 2
fi

token="$1"
monk_dir="${MONK_CLOUDFLARED_DIR:-$HOME/kitestacks-live/docker/cloudflared}"
kscloud1_host="${KSCLOUD1_HOST:?set KSCLOUD1_HOST, for example user@host}"
kscloud1_key="${KSCLOUD1_KEY:-$HOME/.ssh/id_ed25519_kscloud1}"
kscloud1_dir="${KSCLOUD1_CLOUDFLARED_DIR:-/opt/kitestacks/docker/cloudflared}"

if [[ ! -d "$monk_dir" ]]; then
  echo "Missing monk cloudflared dir: $monk_dir" >&2
  exit 1
fi

printf 'TUNNEL_TOKEN=%s\n' "$token" > "$monk_dir/.env"
perl -0pi -e 's/TUNNEL_TOKEN=[^\n]+/TUNNEL_TOKEN=\${TUNNEL_TOKEN:?set TUNNEL_TOKEN in .env}/' "$monk_dir/docker-compose.yml"
docker compose -f "$monk_dir/docker-compose.yml" up -d

ssh -F /dev/null -i "$kscloud1_key" -o BatchMode=yes -o StrictHostKeyChecking=accept-new "$kscloud1_host" \
  "set -euo pipefail
   cd '$kscloud1_dir'
   umask 077
   printf 'TUNNEL_TOKEN=%s\n' '$token' > .env
   perl -0pi -e 's/TUNNEL_TOKEN=[^\\n]+/TUNNEL_TOKEN=\\\${TUNNEL_TOKEN:?set TUNNEL_TOKEN in .env}/' docker-compose.yml
   docker compose up -d"

echo "Cloudflared token rolled out to monk and kscloud1."