/**
  Convert a NixOS configuration to one for a minimal installer ISO

  WARNING: Running this installer will format the target disk!
*/

{
  nixosConfiguration,
  hostKeys ? { },
  nixpkgs ? (import ../npins).nixpkgs,
}:

let
  inherit (builtins) concatStringsSep attrValues mapAttrs;

  installer =
    {
      pkgs,
      lib,
      ...
    }:
    let
      bootstrap = pkgs.writeShellApplication {
        name = "bootstrap";
        runtimeInputs = with pkgs; [ nixos-install-tools ];
        text = ''
          ${nixosConfiguration.config.system.build.diskoScript}
          nixos-install --no-root-password --no-channel-copy --system ${nixosConfiguration.config.system.build.toplevel}
          ${concatStringsSep "\n" (
            attrValues (
              mapAttrs (kind: keys: ''
                cp ${keys.private} /mnt/etc/ssh/ssh_host_${kind}_key
                chmod 600 /mnt/etc/ssh/ssh_host_${kind}_key
                cp ${keys.public} /mnt/etc/ssh/ssh_host_${kind}_key.pub
                chmod 644 /mnt/etc/ssh/ssh_host_${kind}_key.pub
              '') hostKeys
            )
          )}
          poweroff
        '';
      };
    in
    {
      imports = [ "${nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix" ];
      nixpkgs.hostPlatform = "x86_64-linux";
      services.getty.autologinUser = lib.mkForce "root";
      programs.bash.loginShellInit = lib.getExe bootstrap;

      isoImage = {
        compressImage = false;
        squashfsCompression = "lz4";
        isoName = lib.mkForce "installer.iso";
        ## ^^ FIXME: Use a more interesting name or keep the default name and
        ## use `isoImage.isoName` in the tests.
      };
    };
in
(import "${nixpkgs}/nixos/lib/eval-config.nix" {
  modules = [ installer ];
  # Allow system to be set modularly in nixpkgs.system.
  # We set it to null, to remove the "legacy" entrypoint's
  # non-hermetic default.
  system = null;
}).config.system.build.isoImage