/**
  Convert a NixOS configuration to one for a minimal installer ISO

  WARNING: Running this installer will format the target disk!
*/

{
  nixpkgs,
  hostKeys ? { },
}:
machine:

let
  inherit (builtins) concatStringsSep attrValues mapAttrs;

  installer =
    {
      config,
      pkgs,
      lib,
      ...
    }:
    let
      bootstrap = pkgs.writeShellApplication {
        name = "bootstrap";
        runtimeInputs = with pkgs; [ nixos-install-tools ];
        text = ''
          ${machine.config.system.build.diskoScript}
          nixos-install --no-root-password --no-channel-copy --system ${machine.config.system.build.toplevel}
          ${concatStringsSep "\n" (
            attrValues (
              mapAttrs (kind: keys: ''
                cp ${keys.private} /mnt/etc/ssh/ssh_host_${kind}_key
                chmod 600 /mnt/etc/ssh/ssh_host_${kind}_key
                cp ${keys.public} /mnt/etc/ssh/ssh_host_${kind}_key.pub
                chmod 644 /mnt/etc/ssh/ssh_host_${kind}_key.pub
              '') hostKeys
            )
          )}
          poweroff
        '';
      };
    in
    {
      imports = [ "${nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix" ];
      nixpkgs.hostPlatform = "x86_64-linux";
      services.getty.autologinUser = lib.mkForce "root";
      programs.bash.loginShellInit = nixpkgs.lib.getExe bootstrap;

      isoImage = {
        compressImage = false;
        squashfsCompression = "lz4";
        isoName = lib.mkForce "installer.iso";
        ## ^^ FIXME: Use a more interesting name or keep the default name and
        ## use `isoImage.isoName` in the tests.
      };
    };
in
(nixpkgs.lib.nixosSystem { modules = [ installer ]; }).config.system.build.isoImage