#!/bin/bash
set -e

echo "=== Phase 1: Creating user '$NEW_USER' on $SSH_TARGET ==="

PUBKEY_B64=$(echo "$PUBKEY" | base64 -w 0)
PASS_B64=$(echo "$USER_PASSWORD" | base64 -w 0)

ssh -o StrictHostKeyChecking=accept-new "$SSH_TARGET" bash -s -- "$NEW_USER" "$PUBKEY_B64" "$PASS_B64" <<'REMOTE'
set -e
NEW_USER="$1"
PUBKEY=$(echo "$2" | base64 -d)
USER_PASSWORD=$(echo "$3" | base64 -d)

sudo adduser --disabled-password --gecos "" "$NEW_USER"
echo "$NEW_USER:$USER_PASSWORD" | sudo chpasswd
sudo usermod -aG sudo "$NEW_USER"

sudo mkdir -p /home/$NEW_USER/.ssh
echo "$PUBKEY" | sudo tee /home/$NEW_USER/.ssh/authorized_keys > /dev/null
sudo chmod 700 /home/$NEW_USER/.ssh
sudo chmod 600 /home/$NEW_USER/.ssh/authorized_keys
sudo chown -R $NEW_USER:$NEW_USER /home/$NEW_USER/.ssh
REMOTE