{ config, desktop, lib, pkgs, username, ... }:
let
  ifExists = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;
  install-system = pkgs.writeScriptBin "install-system" ''
#!${pkgs.stdenv.shell}

#set -euo pipefail

TARGET_HOST="''${1:-}"
TARGET_USER="''${2:-albert}"

if [ "$(id -u)" -eq 0 ]; then
  echo "ERROR! $(basename "$0") should be run as a regular user"
  exit 1
fi

if [ ! -d "/tmp/nixos/git/.git" ]; then
  git clone --filter=blob:none --no-checkout https://git.sysctl.io/albert/nix "/tmp/nixos/git"
  cd /tmp/nixos/git
  git sparse-checkout set --cone docs/ home-manager/ keys/ssh/ lib/ nixos/ flake.lock flake.nix shell.nix
  git checkout main
fi

pushd /tmp/nixos/git

if [[ -z "$TARGET_HOST" ]]; then
  echo "ERROR! $(basename "$0") requires a hostname as the first argument"
  echo "       The following hosts are available"
  ls -1 nixos/hosts/*/default.nix | cut -d'/' -f3 | grep -v -E "iso|rpi"
  exit 1
fi

if [[ -z "$TARGET_USER" ]]; then
  echo "ERROR! $(basename "$0") requires a username as the second argument"
  echo "       The following users are available"
  ls -1 nixos/users/ | grep -v -E "nixos|root"
  exit 1
fi

if [ ! -e "nixos/hosts/$TARGET_HOST/disks.nix" ]; then
  echo "ERROR! $(basename "$0") could not find the required nixos/$TARGET_HOST/disks.nix"
  exit 1
fi

# Check if the machine we're provisioning expects a keyfile to unlock a disk.
# If it does, generate a new key, and write to a known location.
if grep -q "secret.key" "nixos/$TARGET_HOST/disks.nix"; then
  echo "Secret key not found.  Create one at /tmp/secret.key"
  exit 1
fi

echo "WARNING! The disks in $TARGET_HOST are about to get wiped"
echo "         NixOS will be re-installed"
echo "         This is a destructive operation"
echo
read -p "Are you sure? [y/N]" -n 1 -r
echo
if [[ $REPLY =~ ^[Yy]$ ]]; then
  sudo true

  sudo nix run github:nix-community/disko \
    --extra-experimental-features "nix-command flakes" \
    --no-write-lock-file \
    -- \
    --mode disko \
    "nixos/hosts/$TARGET_HOST/disks.nix"

  sudo nixos-install --no-root-password --flake ".#$TARGET_HOST"

  # Rsync nix-config to the target install.
  sudo mkdir -p "/mnt/etc/nixos"
  sudo rsync -a --delete "/tmp/nixos/git/" "/mnt/etc/nixos/git/"
  pushd "/mnt/etc/nixos/git/"
  popd

  # If there is a keyfile for a data disk, put copy it to the root partition and
  # ensure the permissions are set appropriately.
  if [[ -f "/tmp/secret.key" ]]; then
    sudo cp /tmp/secret.key /mnt/etc/secret.key
    sudo chmod 0400 /mnt/etc/secret.key
  fi
fi
'';
in
{
  config.environment.systemPackages = [ install-system ];
}