#!/bin/bash

set -euxo pipefail;

if [[ -z "${1+x}" ]]; then
  echo "Usage: $(basename "$0") HOST [PATH]" >&2
  exit 2;
fi

key_path="${2:-1}";
if [[ "$key_path" = /* ]]; then
  target="$key_path";
else
  target="$PWD/$key_path";
fi

tmpdir="$(mktemp --directory)";
cd "$tmpdir";
name="$(dnssec-keygen -a {{ global_dns_update_key_algorithm }} -n HOST -T KEY "$1")";
for suffix in "key" "private"; do
  mv "$tmpdir/$name.$suffix" "$target.$suffix";
done
rm -rf "$tmpdir";