#!/run/current-system/sw/bin/bash
# SPDX-FileCopyrightText: 2022-2023 Alyssa Ross <hi@alyssa.is>
# SPDX-License-Identifier: EUPL-1.2+
#
# Swap setup adapted from swap-to-disk.nix, from commit
# 8796bc3006917c14b6c5e383d6ae706d08a5e48e of
# <https://github.com/DeterminateSystems/nix-netboot-serve>:
# SPDX-FileCopyrightText: Determinate Systems
# SPDX-License-Identifier: MIT

set -uexo pipefail
export PATH=/run/wrappers/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin

cryptsetup open -d /dev/random --type plain /dev/vda swap
mkswap /dev/mapper/swap
swapon /dev/mapper/swap

size=$(lsblk --noheadings --bytes --output SIZE /dev/mapper/swap)
pagesize=$(getconf PAGESIZE)
inodes=$((size / pagesize))
mount -o remount,size="$size",nr_inodes="$inodes" /

mkdir /nix2 /rshared

# Make sure nothing is modifying the store while we're swapping it out.
systemctl stop nix-daemon nix-daemon.socket

# Create a copy of the store on the root tmpfs, so that builds are not
# running on overlayfs, which is a bit weird and can introduce impurities.
cp -a /nix/store /nix/var /nix2

# Create another instance of the root filesystem, so the store
# filesystems are still accessible for unmounting after we do a bind
# mount over the top of them in /.
mount --rbind / /rshared

# Mounts should propagate from /rshared to /, so that unmounting the
# filesystems in /rshared unmounts them in /, but they should not
# propagate in the other direction, so that bind mounting /nix2 over
# /nix does not obscure those filesytems in /rshared.
mount --make-slave /
mount --bind /nix2 /nix
mount --make-shared /
systemctl start nix-daemon.socket

# For some reason, the overlay ends up being mounted several times, so
# keep unmounting it until it's gone, then unmount its components.
# The filesystems will probably still end up in use for as long as
# we're up, because programs already running will have pages from
# them.  We could fix this by restarting userspace after setting up
# the filesystems, but we'd need to either do this earlier in boot
# (which isn't feasible because we need systemd-run-generator to be
# able to sequence commands), or systemd would need to support this,
# e.g.  https://github.com/systemd/systemd/pull/27435
while umount -l /rshared/nix/store; do :; done
umount -l /rshared/nix/.rw-store /rshared/nix/.ro-store

# Detach /rshared, without affecting /.
mount --make-rprivate /rshared
umount -l /rshared
rmdir /rshared

for o in $(</proc/cmdline); do
	case $o in
		configuration=*)
			configuration="${o#configuration=}"
			;;
		userdata=*)
			userdata="${o#userdata=}"
			;;
	esac
done

systemctl start network-online.target

# --ignore-garbage because provider might e.g. insert carriage returns.
curl -fLsS --retry-all-errors --retry 5 "$userdata" | base64 -d --ignore-garbage > user-data.tar.zst
tar -Pxvf user-data.tar.zst
rm user-data.tar.zst
curl -fLsSo /tmp/spectrum-main.tar.gz https://spectrum-os.org/git/spectrum/snapshot/spectrum-main.tar.gz
tar -C /tmp -xf /tmp/spectrum-main.tar.gz

curl -fLsSo /etc/nixos/configuration.nix "$configuration"
systemctl start dbus.socket
nixos-rebuild switch -I nixos-config=/etc/nixos/configuration.nix \
	--show-trace \
	-I nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos
systemctl start --no-block multi-user.target systemd-journal-gatewayd.socket

systemd-run -u nix-collect-garbage nix-collect-garbage -d

exec systemd-run --wait -u nix-build \
	-p Restart=on-failure \
	-p StartLimitBurst=5 \
	-p StartLimitIntervalSec=1d \
	nix-build --keep-going /tmp/spectrum-main/release.nix