#!/usr/bin/env nix-shell
#! nix-shell -i bash -p parted dosfstools
set -euo pipefail

SCRIPT_DIR="$(dirname "$(realpath "$0")")"
USB_DEVICE="$1"
if [[ -z "${USB_DEVICE:-}" ]]; then
    echo "Usage: $0 <usb_device>"
    echo "Example: $0 /dev/sdb"
    exit 1
fi

if [[ ! -b "$USB_DEVICE" ]]; then
    echo "Error: $USB_DEVICE is not a block device"
    exit 1
fi

if [[ ! -f "$SCRIPT_DIR/usb-secrets/usb-secrets-key" ]]; then
    echo "Error: usb-secrets-key not found at $SCRIPT_DIR/usb-secrets/usb-secrets-key"
    exit 1
fi

echo "WARNING: This will completely wipe $USB_DEVICE"
echo "Press Ctrl+C to abort, or Enter to continue..."
read

echo "Creating partition and formatting as FAT32..."
parted -s "$USB_DEVICE" mklabel msdos
parted -s "$USB_DEVICE" mkpart primary fat32 0% 100%
parted -s "$USB_DEVICE" set 1 boot on

USB_PARTITION="${USB_DEVICE}1"
mkfs.fat -F 32 -n "SECRETS" "$USB_PARTITION"

echo "Copying key to USB..."
MOUNT_POINT=$(mktemp -d)
trap "umount $MOUNT_POINT 2>/dev/null || true; rmdir $MOUNT_POINT" EXIT

mount "$USB_PARTITION" "$MOUNT_POINT"
cp "$SCRIPT_DIR/usb-secrets/usb-secrets-key" "$MOUNT_POINT/"
umount "$MOUNT_POINT"

echo "USB setup complete! Label: SECRETS"
echo "Create multiple backup USB keys for redundancy."