{ pkgs, lib, config, ... }:
let
  inherit (lib) types;
  inherit (config) networking;
  cfg = config.install.ssh-nixos;
  nixRunDefaultCommand = "bash";
in
{
options.install.ssh-nixos = {
  PATH = lib.mkOption {
    type = types.listOf types.package;
    default = [];
    apply = lib.makeBinPath;
    description = "Packages to be added to the <literal>PATH<literal> of the install script.";
  };
  script = lib.mkOption {
    type = types.lines;
    default = "";
    example = ''
      lib.mkBefore ''''''
        gpg --decrypt initrd/ssh.key.gpg |
        ssh root@''${config.install.ssh-nixos.target} \
        install -D -m 400 -o root -g root /dev/stdin /root/initrd/ssh.key
      '''''';
    '';
    description = ''
      Install script copying the configured NixOS to the <link linkend="opt-install.ssh-nixos.target">target</link>
      and switching to the new configuration.
      It is made available here for prepending or appending commands
      with the usual <literal>mkBefore</literal> and <literal>mkAfter</literal>.
      In case you run it often or add multiple ssh calls to it,
      consider configuring the OpenSSH client with <literal>ControlMaster auto</literal>
      to keep the SSH connexion alive between calls to <literal>literal</literal>.

      This script is usually run with:
      <screen>
      <prompt>$ </prompt> nix run system.config.install.ssh-nixos -f nixos.nix
      </screen>
      where <literal>nixos.nix</literal> can be:
      <screen>
      import <nixpkgs/nixos> {
        system = "x86_64-linux";
        configuration = { config, lib, pkgs }: {
        # Your usual configuration.nix content can go here
        };
      }
      </screen>
    '';
    apply = script: pkgs.writeShellScriptBin nixRunDefaultCommand ''
      set -eu
      set -o pipefail
      PATH="$PATH:${cfg.PATH}"
      set -x
      ${script}
    '';
  };
  target = lib.mkOption {
    type = types.str;
    default = "${networking.hostName}.${networking.domain}";
    example = "192.168.1.10";
    description = "Destination where to install NixOS by SSH.";
  };
  sshFlags = lib.mkOption {
    type = types.listOf types.str;
    default = ["--substitute-on-destination"];
    description = ''
      Extra flags passed to <literal>ssh</literal>.
      Environment variable <literal>SSH_FLAGS</literal> can also be used at runtime.
    '';
  };
  nixCopyFlags = lib.mkOption {
    type = types.listOf types.str;
    default = ["--substitute-on-destination"];
    description = ''
      Extra flags passed to <literal>nix copy</literal>.
      Environment variable <literal>SSH_FLAGS</literal> can also be used at runtime.
    '';
  };
  profile = lib.mkOption {
    type = types.str;
    default = "/nix/var/nix/profiles/system";
  };
};
config = {
  install.ssh-nixos.PATH = with pkgs; [nix openssh];
  install.ssh-nixos.script =
    let nixos = config.system.build.toplevel; in ''
    nix ''${NIX_FLAGS:-} copy \
     --to ssh://root@${cfg.target} ${lib.concatStringsSep " " cfg.nixCopyFlags} ''${NIX_COPY_FLAGS:-} \
     ${nixos}
    ssh ''${SSH_FLAGS:-} 'root@${cfg.target}' nix-env --profile '${cfg.profile}' --set '${nixos}' \
     '&&' '${cfg.profile}'/bin/switch-to-configuration "''${NIXOS_SWITCH:-switch}"
  '';
};
meta.maintainers = [ lib.maintainers.julm ];
}