#!/usr/bin/env bash
#
# gpg-forward - Forward local gpg-agent socket to remote machine
#
# GPG operations (like git commit signing) require access to a gpg-agent socket.
# When working on a remote machine, we want to use the yubikey connected to our
# local machine. This requires forwarding the local gpg-agent socket to the remote
# machine.
#
# This script establishes ONLY the socket forwarding via ssh, without a terminal.
# Run this in a separate terminal when you need gpg operations to work on the
# remote machine (e.g. when using et/eternal-terminal).
#
if [ -z "$1" ]; then
    echo "Usage: gpg-forward [hostname]"
    exit 1
fi

HOST=$1

echo "Forwarding gpg-agent to $HOST..."

# kill any existing ControlMaster connection
ssh -O exit "$HOST" 2>/dev/null || true

# first, clean up any stale socket on the remote
ssh -o "ControlMaster=no" "$HOST" "rm -f /run/user/1000/gnupg/S.gpg-agent"

# -N = no remote commands (no shell)
# -T = disable pseudo-terminal allocation
# -o ExitOnForwardFailure=yes = exit if forwarding fails instead of connecting anyway
# -o StreamLocalBindUnlink=yes = remove existing socket on remote if present
ssh -N -T \
    -o "ExitOnForwardFailure=yes" \
    -o "StreamLocalBindUnlink=yes" \
    -R "/run/user/1000/gnupg/S.gpg-agent:/run/user/1000/gnupg/S.gpg-agent.extra" \
    "$HOST" &

# capture the ssh process id
SSH_PID=$!

# wait a moment for connection to establish
sleep 1

# check if ssh process is still running (connection succeeded)
if kill -0 $SSH_PID 2>/dev/null; then
    echo "Connection established. GPG agent forwarded successfully."
    echo "Forwarding will continue until you press Ctrl-C"
    # wait for ssh process to exit (when user presses Ctrl-C)
    wait $SSH_PID
else
    echo "Failed to establish connection!"
    exit 1
fi

echo "GPG agent forwarding stopped."