#!/usr/bin/env bash
set -euo pipefail

ROOT_DIR=$(cd "$(dirname "$0")/../.." && pwd)
# shellcheck disable=SC1091
source "$ROOT_DIR/scripts/hetzner/lib.sh"
load_bootstrap_env

TF_DIR="$ROOT_DIR/infra/terraform/hetzner"

require terraform

resolve_secret_var HCLOUD_TOKEN required
resolve_secret_var TAILSCALE_AUTH_KEY optional

: "${SSH_PUBLIC_KEY_PATH:?set SSH_PUBLIC_KEY_PATH}"
: "${PUBLIC_DOMAIN:=bootstrap.example.com}"
: "${TAILSCALE_CONTROL_PLANE_HOSTNAME:=}"
: "${TF_ADMIN_CIDR_BLOCKS:=}"

SSH_PUBLIC_KEY=$(cat "$SSH_PUBLIC_KEY_PATH")
TF_VARS=(
  -var "hcloud_token=$HCLOUD_TOKEN"
  -var "ssh_public_key=$SSH_PUBLIC_KEY"
  -var "public_domain=$PUBLIC_DOMAIN"
  -var "tailscale_auth_key=${TAILSCALE_AUTH_KEY:-}"
  -var "tailscale_control_plane_hostname=$TAILSCALE_CONTROL_PLANE_HOSTNAME"
)

if [[ -n "$TF_ADMIN_CIDR_BLOCKS" && "$TF_ADMIN_CIDR_BLOCKS" != '[]' ]]; then
  TF_VARS+=( -var "admin_cidr_blocks=$TF_ADMIN_CIDR_BLOCKS" )
fi

terraform -chdir="$TF_DIR" init
terraform -chdir="$TF_DIR" destroy -auto-approve "${TF_VARS[@]}"