# SPDX-FileCopyrightText: 2020 Luke Granger-Brown <depot@lukegb.com>
#
# SPDX-License-Identifier: Apache-2.0

{ system, depot, pkgs, ... }:
pkgs.writeShellScriptBin "rebuilder" ''
  set -ue
  if [[ $EUID -ne 0 ]]; then
    exec sudo "$0" "$@"
  fi

  DEPOT_PATH="''${1:-<depot>}"

  export AWS_ACCESS_KEY_ID="$(${pkgs.vault}/bin/vault kv get --address=unix:///run/tokend/sock -field=cacheAccessKeyID kv/apps/nix-daemon)"
  export AWS_SECRET_ACCESS_KEY="$(${pkgs.vault}/bin/vault kv get --address=unix:///run/tokend/sock -field=cacheSecretAccessKey kv/apps/nix-daemon)"

  current_specialisation="$(cat /run/current-system/specialisation-name 2>/dev/null)"
  specialisation_path=""
  if [[ ! -z "$current_specialisation" ]]; then
    specialisation_path="specialisation/$current_specialisation/"
  fi

  system="$(nix-build --option substituters "https://cache.nixos.org s3://lukegb-nix-cache?endpoint=storage.googleapis.com&trusted=1" -E "(import $DEPOT_PATH {}).ops.nixos.${system}" --no-out-link)"
  nix-env -p /nix/var/nix/profiles/system --set "$system"
  "$system/''${specialisation_path}bin/switch-to-configuration" test
  "$system/bin/switch-to-configuration" boot
''