#!/bin/bash
set -euo pipefail

if [ "$#" -ne 1 ]; then
  echo "Gebruik: $0 <hostname>"
  echo "Voorbeeld: $0 backup"
  exit 1
fi

NAME="$1"
ANSIBLE_DIR="/home/wouter/infra/ansible"
INV="$ANSIBLE_DIR/inventories/lab.ini"
MAINT_PUBKEY="$(cat /home/wouter/.ssh/id_ed25519.pub)"

if ! grep -q "^$NAME " "$INV"; then
  echo "FOUT: hostname '$NAME' staat niet in inventory."
  exit 1
fi

IP="$(awk -v name="$NAME" '$1 == name { for (i=1;i<=NF;i++) if ($i ~ /^ansible_host=/) { split($i,a,"="); print a[2] } }' "$INV")"

echo "Server verwijderen: $NAME ($IP)"

echo "1. Maintenance SSH-key verwijderen van server..."
if ssh -o BatchMode=yes -o ConnectTimeout=5 "wouter@$IP" "echo ok" >/dev/null 2>&1; then
  ssh "wouter@$IP" "grep -vxF '$MAINT_PUBKEY' ~/.ssh/authorized_keys > ~/.ssh/authorized_keys.tmp && mv ~/.ssh/authorized_keys.tmp ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"
  echo "Maintenance-key verwijderd."
else
  echo "WAARSCHUWING: server niet bereikbaar of key werkt niet. Inventory wordt wel opgeschoond."
fi

echo "2. Inventory backup maken..."
cp "$INV" "$INV.bak.$(date +%Y%m%d-%H%M%S)"

echo "3. Server uit inventory halen..."
sed -i "/^$NAME /d" "$INV"

echo "4. Known_hosts opschonen..."
ssh-keygen -R "$IP" >/dev/null 2>&1 || true
ssh-keygen -R "$NAME" >/dev/null 2>&1 || true

echo "Klaar: $NAME verwijderd."