1 files changed, 151 insertions, 0 deletions
diff --git a/old/default.nix b/old/default.nix
new file mode 100644
index 000000000..841534824
--- /dev/null
+++ b/old/default.nix
@@ -0,0 +1,151 @@
+{ system-name
+, rsync-target ? null
+, deploy-target ? null
+}:
+
+# TODO assert that only one of rsync-target or deploy-target is not null
+
+with builtins;
+assert (typeOf system-name == "string");
+with import <nixpkgs/lib>;
+let
+  paths-file = toPath "${dirOf __curPos.file}/modules/${system-name}/paths.nix";
+
+  paths = import paths-file;
+
+  prefetch.file = ''
+    echo "$prefetch_in_url"
+  '';
+
+  prefetch.git = ''
+    ${concatMapStringsSep "\n" (attr-name: ''
+      case ''${prefetch_in_${escapeShellArg attr-name}-?} in \?)
+        printf '%s: %s: missing attribute: %s' \
+          ${escapeShellArg paths-file} \
+          "$prefetch_name" \
+          ${escapeShellArg attr-name} \
+          >&2
+        return 1
+      esac
+    '') [ "rev" "url" "cache" ]}
+
+    git_rev=$prefetch_in_rev
+    git_url=$prefetch_in_url
+
+    # cache_dir points to a (maybe non-existent) directory, where a shared cache of
+    # the repository should be maintained.  The shared cache is used to create
+    # multiple working trees of the repository.
+    cache_dir=$prefetch_in_cache/$(echo "$git_url" | urlencode)
+    cache_git() {
+      git --git-dir="$cache_dir" "$@"
+    }
+
+    # work_dir points to a (maybe non-existent) directory, where a specific
+    # revision of the repository is checked out.
+    # XXX this is probably a bad idea if git_rev is not a commit
+    work_dir=$cache_dir-$(cache_git rev-parse --verify "$git_rev" | urlencode)
+    work_git() {
+      git -C "$work_dir" "$@"
+    }
+
+    is_up_to_date() {
+      test -d "$cache_dir" &&
+      test -d "$work_dir" &&
+      test "$(cache_git rev-parse --verify "$git_rev")" = "$git_rev" &&
+      test "$(work_git rev-parse --verify HEAD)" = "$git_rev"
+    }
+
+    # Notice how the remote name "origin" has been chosen arbitrarily, but must be
+    # kept in sync with the default value of nixpkgs.rev.
+    if ! is_up_to_date; then
+      if ! test -d "$cache_dir"; then
+        mkdir -p "$cache_dir"
+        cache_git init --bare
+      fi
+      if ! cache_git_url=$(cache_git config remote.origin.url); then
+        cache_git remote add origin "$git_url"
+      elif test "$cache_git_url" != "$git_url"; then
+        cache_git remote set-url origin "$git_url"
+      fi
+      cache_git fetch origin
+      if ! test -d "$work_dir"; then
+        git clone -n --shared "$cache_dir" "$work_dir"
+      fi
+      commit_name=$(cache_git rev-parse --verify "$git_rev")
+      work_git checkout "$commit_name" -- "$(readlink -f "$work_dir")"
+      work_git checkout -q "$commit_name"
+      work_git submodule init
+      work_git submodule update
+    fi
+    work_git clean -dxf
+
+    echo "$work_dir"
+  '';
+
+
+  f = pkg-name: pkg-spec:
+    let
+      types = attrNames pkg-spec;
+      type = elemAt types 0;
+    in
+    assert (length types == 1); # there can be only one source type
+    ''
+      out=$(${concatStringsSep " \\\n" (mapAttrsToList (k: v:
+          "prefetch_in_${escapeShellArg k}=${escapeShellArg (toString v)}") pkg-spec.${type})} \
+          prefetch_name=${escapeShellArg pkg-name} \
+          __prefetch_${escapeShellArg type})
+      printf '%s=%s\n' \
+        ${escapeShellArg pkg-name} \
+        "$out"
+    '';
+in
+''
+#! /bin/sh
+set -euf
+
+PATH=${toString ./.}/bin:$PATH
+export PATH
+
+__prefetch_file() {
+${prefetch.file}
+}
+__prefetch_git() {
+${prefetch.git}
+}
+
+# TODO make sure x contains only sane chars
+x=$(${concatStrings (mapAttrsToList f paths)})
+
+${optionalString (rsync-target != null) ''
+  proot $(echo "$x" | sed -n 's@^\([^=]\+\)=\(.*\)@-b \2:/shitment/\1@p') \
+    rsync --delete --delete-excluded \
+      --filter='- /*/.git' \
+      --rsync-path='mkdir -p -m 0700 /shitment/ && rsync' \
+      -vaz \
+      --no-owner \
+      --no-group \
+      '/shitment/' \
+      ${escapeShellArg rsync-target}
+''}
+
+
+${optionalString (deploy-target != null) ''
+  system_path=$(proot $(echo "$x" | sed -n 's@^\([^=]\+\)=\(.*\)@-b \2:/shitment/\1@p') \
+    env \
+        NIX_PATH=/shitment \
+        NIXOS_CONFIG=/shitment/modules/${escapeShellArg system-name} \
+      nix-build -A system --no-out-link '<nixpkgs/nixos>')
+
+  system_name=${escapeShellArg system-name}
+  target=${escapeShellArg deploy-target}
+
+  nix-copy-closure --gzip --to "$target" "$system_path"
+
+  secrets_root=${toString ./.}/secrets \
+  config_root=${toString ./.} \
+    copy-secrets "$system_name" "$target"
+
+  ssh ''${NIX_SSHOPTS-} "$target" "$system_path/bin/switch-to-configuration" switch
+''}
+
+''