#!/usr/bin/env bash

usage() {
	# shellcheck disable=SC2016
	echo 'encrypted-dir-archive <dir>

This script streams an gpg-encrypted byte-stream of a zstd-compressed \
tarball this can be redirected to a file for an encrypted backup.

Very roughly, this is a small wrapper around `tar cf . | zstd | gpg --encrypt` \
so you can go backwards to reverse the process `gpg --decrypt | zstd -d | tar xf`.

You can stream over ssh as a remote backup by piping to something like this: \
`ssh "$HOST" "cat - > '\$REMOTE_FILE'"`'.
}

if [ "$1" = '-h' ] || [ "$1" = "--help" ]; then
	usage
	exit 0
fi

dir="$1"

if [ -z "$dir" ]; then
	echo "no directory argument provided" >&2
	usage
	exit 1
fi

if [ ! -d "$dir" ]; then
	echo "'$dir' is not a directory" >&2
	usage
	exit 2
fi

# go to directory containing target directory
parent="$(dirname "$dir")"
pushd "$parent" >/dev/null || { echo "failed to cd to '$parent'" >&2; exit 3; }

# https://stackoverflow.com/a/30520299
if [ -t 1 ]; then
	echo "not dumping encrypted data to terminal"
	exit 4
fi

tar cf - "$(basename "$dir")" \
	| zstd --ultra -T2 -22 \
	| gpg --encrypt --recipient daniel@lyte.dev

popd || echo "failed to return to original directory" >&2