From 99c82a2898c894aa49a21f0f5bd6f6ff66987b98 Mon Sep 17 00:00:00 2001
From: clerie <git@clerie.de>
Date: Fri, 21 Feb 2025 20:33:01 +0100
Subject: [PATCH] pkgs/clerie-system-remote-install: Install NixOS system
 remotely without evaluating anything on remote

---
 flake.nix                                     |  1 +
 .../clerie-system-remote-install.sh           | 31 +++++++++++++++++++
 pkgs/clerie-system-remote-install/default.nix |  6 ++++
 pkgs/overlay.nix                              |  1 +
 4 files changed, 39 insertions(+)
 create mode 100755 pkgs/clerie-system-remote-install/clerie-system-remote-install.sh
 create mode 100644 pkgs/clerie-system-remote-install/default.nix

diff --git a/flake.nix b/flake.nix
index 936ba9f..c385647 100644
--- a/flake.nix
+++ b/flake.nix
@@ -135,6 +135,7 @@
       inherit (pkgs)
         clerie-backup
         clerie-keys
+        clerie-system-remote-install
         clerie-system-upgrade
         clerie-merge-nixfiles-update
         clerie-update-nixfiles
diff --git a/pkgs/clerie-system-remote-install/clerie-system-remote-install.sh b/pkgs/clerie-system-remote-install/clerie-system-remote-install.sh
new file mode 100755
index 0000000..293bf40
--- /dev/null
+++ b/pkgs/clerie-system-remote-install/clerie-system-remote-install.sh
@@ -0,0 +1,31 @@
+#!/usr/bin/env bash
+
+set -xeuo pipefail
+
+SYSTEM="$1"
+REMOTE_HOST="$2"
+REMOTE_ROOT="$3"
+
+nix copy "${SYSTEM}" --to "ssh://${REMOTE_HOST}?remote-store=${REMOTE_ROOT}"
+
+ssh "${REMOTE_HOST}" -- nix-env --store "${REMOTE_ROOT}" -p "${REMOTE_ROOT}/nix/var/nix/profiles/system" --set "${SYSTEM}"
+
+ssh "${REMOTE_HOST}" -- mkdir -p "${REMOTE_ROOT}/tmp"
+TMPSH="$(ssh "${REMOTE_HOST}" -- mktemp -p "${REMOTE_ROOT}/tmp")"
+
+# shellcheck disable=SC2087
+ssh "${REMOTE_HOST}" -- tee "${TMPSH}" <<EOF
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+nix-env --store "${REMOTE_ROOT}" -p "${REMOTE_ROOT}/nix/var/nix/profiles/system" --set "${SYSTEM}"
+mkdir -m 0775 -p "${REMOTE_ROOT}/etc"
+touch "${REMOTE_ROOT}/etc/NIXOS"
+
+ln -sfn /proc/mounts "${REMOTE_ROOT}/etc/mtab"
+
+NIXOS_INSTALL_BOOTLOADER=1 nixos-enter --root "${REMOTE_ROOT}" -c "/run/current-system/bin/switch-to-configuration boot"
+EOF
+
+ssh "${REMOTE_HOST}" -- bash "${TMPSH}"
diff --git a/pkgs/clerie-system-remote-install/default.nix b/pkgs/clerie-system-remote-install/default.nix
new file mode 100644
index 0000000..142c2a3
--- /dev/null
+++ b/pkgs/clerie-system-remote-install/default.nix
@@ -0,0 +1,6 @@
+{ pkgs, ... }:
+
+pkgs.writeShellApplication {
+  name = "clerie-system-remote-install";
+  text = builtins.readFile ./clerie-system-remote-install.sh;
+}
diff --git a/pkgs/overlay.nix b/pkgs/overlay.nix
index b6db58e..e478135 100644
--- a/pkgs/overlay.nix
+++ b/pkgs/overlay.nix
@@ -1,6 +1,7 @@
 final: prev: {
   clerie-backup = final.callPackage ./clerie-backup {};
   clerie-keys = final.callPackage ./clerie-keys {};
+  clerie-system-remote-install = final.callPackage ./clerie-system-remote-install {};
   clerie-system-upgrade = final.callPackage ./clerie-system-upgrade/clerie-system-upgrade.nix {};
   clerie-merge-nixfiles-update = final.callPackage ./clerie-update-nixfiles/clerie-merge-nixfiles-update.nix {};
   clerie-sops = final.callPackage ./clerie-sops/clerie-sops.nix {};