#!/usr/bin/env bash

# Configure FIDO2 support declaratively for Nnomarchy NixOS.

STATE_FILE="/etc/nixos/state.json"

if [[ "--remove" == $1 ]]; then
    sudo jq ".features.fido2 = false" "$STATE_FILE" > /tmp/state.json && sudo mv /tmp/state.json "$STATE_FILE"
    echo "FIDO2 support disabled. Applying changes..."
    sudo sys-update
    exit 0
fi

sudo jq ".features.fido2 = true" "$STATE_FILE" > /tmp/state.json && sudo mv /tmp/state.json "$STATE_FILE"
echo "FIDO2 support enabled. Applying changes..."
sudo sys-update

# Enrollment is still an imperative action
if command -v pamu2fcfg &> /dev/null; then
    echo "Let's register your FIDO2 key now."
    mkdir -p ~/.config/Yubico
    pamu2fcfg > ~/.config/Yubico/u2f_keys
    echo "FIDO2 key registered."
else
    echo "pamu2fcfg not found. It will be available after the next reboot or sys-update."
fi