#!/usr/bin/env bash
set -euo pipefail

# Load configuration
if [[ ! -f .env ]]; then
  echo "Missing .env. Copy .env.template and edit it before running."
  exit 1
fi
source .env

echo ">>> Arch Secure Install starting on ${DISK}"

timedatectl set-ntp true

# Wipe and partition
sgdisk --zap-all "${DISK}"
sgdisk -n1:0:+512M -t1:EF00 -c1:"EFI System Partition" "${DISK}"
sgdisk -n2:0:0     -t2:8309 -c2:"Linux LUKS" "${DISK}"
partprobe "${DISK}"

EFI="${DISK}p1"
ROOT="${DISK}p2"

echo ">>> Formatting EFI partition"
mkfs.fat -F32 "${EFI}"

echo ">>> Setting up LUKS2 on ${ROOT}"
echo -n "${LUKS_PASSPHRASE}" | cryptsetup luksFormat --type luks2 "${ROOT}" -
echo -n "${LUKS_PASSPHRASE}" | cryptsetup open "${ROOT}" "${LUKS_NAME}" -

echo ">>> Creating Btrfs filesystem"
mkfs.btrfs /dev/mapper/"${LUKS_NAME}"

mount /dev/mapper/"${LUKS_NAME}" /mnt

for subvol in ${BTRFS_SUBVOLS}; do
  btrfs subvolume create "/mnt/${subvol}"
done
umount /mnt

echo ">>> Mounting subvolumes"
mount -o subvol=@,${BTRFS_OPTS} /dev/mapper/"${LUKS_NAME}" /mnt
mkdir -p /mnt/{boot,home,var/log,var/cache}

mount -o subvol=@home,${BTRFS_OPTS} /dev/mapper/"${LUKS_NAME}" /mnt/home
mount -o subvol=@log /dev/mapper/"${LUKS_NAME}" /mnt/var/log
mount -o subvol=@cache /dev/mapper/"${LUKS_NAME}" /mnt/var/cache
mount "${EFI}" /mnt/boot

echo ">>> Installing base system"
pacstrap -K /mnt base linux linux-firmware btrfs-progs systemd-ukify systemd-bootctl

echo ">>> Generating fstab"
genfstab -U /mnt >> /mnt/etc/fstab

echo ">>> Copying configuration"
mkdir -p /mnt/root/install
cp .env /mnt/root/install/.env
cp chroot_setup.sh /mnt/root/install/
cp firstboot.sh /mnt/root/install/
chmod +x /mnt/root/install/{chroot_setup.sh,firstboot.sh}

echo ">>> Chrooting into new system"
arch-chroot /mnt /root/install/chroot_setup.sh

echo ">>> Installation complete. Reboot when ready."