(define-module (nbde system build-host-kexec-installer)
  #:use-module (gnu)
  #:use-module (gnu packages)
  #:use-module (gnu packages base)
  #:use-module (gnu packages compression)
  #:use-module (gnu packages disk)
  #:use-module (gnu packages file-systems)
  #:use-module (gnu packages linux)
  #:use-module (gnu packages package-management)
  #:use-module (gnu packages ssh)
  #:use-module (gnu services networking)
  #:use-module (gnu services ssh)
  #:use-module (guix gexp)
  #:use-module (nbde system kexec-initrd)
  #:export (build-host-kexec-installer-os))

(define %build-host-kexec-shell-packages
  (map specification->package
       '("bash-minimal"
         "coreutils"
         "diffutils"
         "findutils"
         "gawk"
         "grep"
         "gzip"
         "inetutils"
         "iproute2"
         "less"
         "nss-certs"
         "procps"
         "rsync"
         "sed"
         "tar"
         "which"
         "xz")))

(define %build-host-kexec-packages
  (append
   %build-host-kexec-shell-packages
   (list guix
         dosfstools
         e2fsprogs
         gptfdisk
         kexec-tools
         kmod
         parted
         util-linux)))

(define %build-host-kexec-initrd-modules
  '("ahci"
    "fat"
    "loop"
    "nls_cp437"
    "nls_iso8859-1"
    "nvme"
    "overlay"
    "sd_mod"
    "squashfs"
    "vfat"
    "virtio_blk"
    "virtio_console"
    "virtio_net"
    "virtio_pci"
    "virtio_scsi"))

(define build-host-kexec-installer-os
  (operating-system
    (host-name "guix-build-host-kexec")
    (timezone "Etc/UTC")
    (locale "en_US.UTF-8")
    (keyboard-layout (keyboard-layout "us"))
    (label "Guix build-host kexec installer")
    (initrd-modules %build-host-kexec-initrd-modules)
    (initrd kexec-installer-initrd)
    (kernel-arguments
     '("console=ttyS0,115200n8"
       "net.ifnames=0"
       "panic=30"
       "loglevel=4"))
    (bootloader
     (bootloader-configuration
      (bootloader grub-bootloader)
      (targets '())))
    (file-systems
     (cons (file-system
             (device "tmpfs")
             (mount-point "/")
             (type "tmpfs")
             (check? #f))
           %base-file-systems))
    (packages %build-host-kexec-packages)
    (services
     (append
      (list (service dhcpcd-service-type)
            (simple-service
             'build-host-kexec-launch-authorized-keys
             activation-service-type
             (with-imported-modules '((guix build utils))
               #~(begin
                   (use-modules (guix build utils))
                   (let ((source "/etc/guix-kexec/authorized_keys/root")
                         (target-dir "/root/.ssh")
                         (target "/root/.ssh/authorized_keys"))
                     (when (file-exists? source)
                       (mkdir-p target-dir)
                       (copy-file source target)
                       (chmod target-dir #o700)
                       (chmod target #o600))))))
            (service mingetty-service-type
                     (mingetty-configuration
                      (tty "ttyS0")
                      (auto-login "root")
                      (login-pause? #f)))
            (service mingetty-service-type
                     (mingetty-configuration
                      (tty "tty1")
                      (auto-login "root")
                      (login-pause? #f)))
            (service openssh-service-type
                     (openssh-configuration
                      (openssh openssh-sans-x)
                      (port-number 22)
                      (permit-root-login 'prohibit-password)
                      (extra-content
                       "AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2 /etc/ssh/authorized_keys.d/%u /etc/guix-kexec/authorized_keys/%u")
                      (password-authentication? #f)
                      (challenge-response-authentication? #f))))
      (modify-services %base-services
        (delete console-font-service-type)
        (delete agetty-service-type)
        (delete mingetty-service-type))))))