#!/usr/bin/env bash
set -euo pipefail

USER="${USER:-$(whoami)}"
HOST="${HOST:-$(hostname)}"
DATE="$(date +%F)"
SSH_DIR="$HOME/.ssh"
mkdir -p "$SSH_DIR"
PASS_PATH="personal/ssh/$USER@$HOST/$DATE"

# --- Temporary RAM-backed file for private key ---
TMP_PRIV="/dev/shm/sshkey_$USER@$HOST$DATE"
trap 'rm -f "$TMP_PRIV"' EXIT

# Generate Ed25519 key pair into RAM
ssh-keygen -t ed25519 -f "$TMP_PRIV" -N "" -q

# Insert private key into pass
cat "$TMP_PRIV" | pass insert --multiline --force "$PASS_PATH"
echo "Private key stored in pass at $PASS_PATH"

# Extract public key from the same temp file
ssh-keygen -y -f "$TMP_PRIV" > "$SSH_DIR/$USER@$HOST.pub"
echo "Public key written to $SSH_DIR/$USER@$HOST.pub"

# Private key removed from /dev/shm automatically