{ sources ? import ../website/npins
, system ? builtins.currentSystem
, pkgs ? import sources.nixpkgs {
    inherit system;
    config = { };
    overlays = [ ];
  }
, lib ? import "${sources.nixpkgs}/lib"
}:
let
  # TODO: don't hard code target hosts; wire all of it up with NixOps4
  host = "vm02117.procolix.com";
  deploy = pkgs.writeShellApplication {
    name = "deploy-webserver";
    text = ''
      # HACK: decouple system evaluation from shell evaluation
      # the structured way for using this hack is encoded in https://github.com/fricklerhandwerk/lazy-drv
      result="$(nix-build ${toString ./.} -A machine --no-out-link --eval-store auto --store ssh-ng://${host})"
      # shellcheck disable=SC2087
      ssh ${host} << EOF
      sudo nix-env -p /nix/var/nix/profiles/system --set "$result"
      sudo "$result"/bin/switch-to-configuration switch
      EOF
    '';
  };
  nixos-configuration = config:
    import "${pkgs.path}/nixos/lib/eval-config.nix" {
      modules = [
        config
      ];
      system = null;
    };
in
rec {
  nixos = nixos-configuration ./configuration.nix;
  machine = nixos.config.system.build.toplevel;
  shell = pkgs.mkShellNoCC {
    packages = with pkgs; [
      deploy
    ];
    env = {
      # TODO: reusing other pins for now; wire up the whole repo to use the same dependencies
      NPINS_DIRECTORY = toString ../website/npins;
    };
  };
}