#!/bin/sh
set -e

# ===== 参数 =====
USER_NAME="$1"
NAS_IP="$2"

KEY_DIR="/root/.ssh"
KEY_NAME="id_dropbear"
PRIV_KEY="$KEY_DIR/$KEY_NAME"
PUB_KEY="$KEY_DIR/$KEY_NAME.pub"

TARGET_HOME="/home/$USER_NAME"
TARGET_SSH_DIR="$TARGET_HOME/.ssh"
TARGET_AUTH_KEYS="$TARGET_SSH_DIR/authorized_keys"

# ===== 参数检查 =====
if [ -z "$USER_NAME" ] || [ -z "$NAS_IP" ]; then
  echo "用法: $0 <飞牛用户名> <飞牛IP>"
  exit 1
fi

# ===== 阶段一：在 OpenWrt 上生成 SSH 密钥 =====
echo "== [1/2] 检查并生成 SSH 密钥 =="

if [ ! -d "$KEY_DIR" ]; then
  mkdir -p "$KEY_DIR"
  chmod 700 "$KEY_DIR"
fi

if [ ! -f "$PRIV_KEY" ]; then
  echo "未发现 SSH 密钥，开始生成（ed25519）..."
  ssh-keygen -t ed25519 -f "$PRIV_KEY" -N ""
else
  echo "已存在 SSH 密钥，跳过生成"
fi

# ===== 阶段二：推送公钥到飞牛 NAS =====
echo "== [2/2] 推送公钥到飞牛 NAS =="

ssh "$USER_NAME@$NAS_IP" "
set -e

# 确保 /home/用户名 存在（飞牛首次安装时需要）
if [ ! -d \"$TARGET_HOME\" ]; then
  sudo mkdir -p \"$TARGET_HOME\"
  sudo chown $USER_NAME:$USER_NAME \"$TARGET_HOME\"
  sudo chmod 755 \"$TARGET_HOME\"
fi

# 创建 .ssh 目录
sudo mkdir -p \"$TARGET_SSH_DIR\"
sudo chown $USER_NAME:$USER_NAME \"$TARGET_SSH_DIR\"
sudo chmod 700 \"$TARGET_SSH_DIR\"

# 准备 authorized_keys
sudo touch \"$TARGET_AUTH_KEYS\"
sudo chown $USER_NAME:$USER_NAME \"$TARGET_AUTH_KEYS\"
sudo chmod 600 \"$TARGET_AUTH_KEYS\"
"

# 写入公钥
cat "$PUB_KEY" | ssh "$USER_NAME@$NAS_IP" \
"cat >> $TARGET_AUTH_KEYS"

echo "✅ SSH 免密登录配置完成：$USER_NAME@$NAS_IP"