{ pkgs, lib, config, modulesPath, nodes, ... }:

with lib;

let
  manager = nodes."manager".config;

  auto-install = pkgs.writers.writeBash "auto-install" ''
    set -o errexit
    set -o nounset
    set -o pipefail

    set -x

    if [[ "$(cat /proc/cmdline)" =~ nixos\.install=([^ ]+) ]]; then
      INSTALL="''${BASH_REMATCH[1]}"
    else
      echo "No install derivation found" >&2
      exit 1
    fi

    ${pkgs.retry}/bin/retry \
      --times 10 \
      --delay 15 \
      -- ${pkgs.nix}/bin/nix-store \
          --realize \
          --add-root /tmp/install \
          "$INSTALL"

    exec /tmp/install
  '';
in
{
  imports = [
    "${modulesPath}/installer/netboot/netboot-minimal.nix"
    ../../../modules
  ];

  config = {
    services.getty.autologinUser = lib.mkForce "root";

    networking.hostName = "installer";

    users.users."root" = {
      openssh.authorizedKeys.keys = manager.users.users."root".openssh.authorizedKeys.keys;
    };

    systemd.services."auto-install" = {
      description = "Automated NixOS installer";

      wants = [ "network-online.target" ];
      after = [ "network-online.target" ];

      conflicts = [ "getty@tty1.service" ];

      wantedBy = [ "multi-user.target" ];

      path = [ pkgs.bash pkgs.nix ];

      unitConfig = {
        AssertKernelCommandLine = "nixos.install";

        FailureAction = "reboot-force";
      };

      serviceConfig = {
        Type = "oneshot";

        ExecStart = auto-install;

        StandardInput = "none";
        StandardOutput = "journal+console";
        StandardError = "journal+console";
      };
    };

    nix.settings = {
      substituters = [
        "http://cache.${manager.networking.domain}"
      ];
      trusted-public-keys = [
        (fileContents manager.gather.parts."cache/key".path)
      ];
    };

    system.stateVersion = config.system.nixos.release;
  };
}