#!/bin/sh
case "${@}" in
    bootstrap-store)
        [[ -d ${HOME}/nix ]] || {
            docker create --name nix-data-${USER} nixos/nix sh >/dev/null 2>&1
            sudo docker cp nix-data-${USER}:/nix ~
            docker rm nix-data-${USER}
        }
        docker create -v ${HOME}/nix:/nix --name nix-data-${USER} nixos/nix sh
        ;;
    nuke)
        docker rm nix-data-${USER}
        docker rm nixos-${USER}
        ;;
    "")
        if ! docker image ls | grep nixos-${USER}; then
            cat > /tmp/docker-build-${USER} <<EOF
FROM alpine

# Enable HTTPS support in wget and set nsswitch.conf to make resolution work within containers
RUN apk add --no-cache --update openssl \
  && echo hosts: files dns > /etc/nsswitch.conf

# Download Nix and install it into the system.
ARG NIX_VERSION=2.3.14
RUN wget https://nixos.org/releases/nix/nix-\${NIX_VERSION}/nix-\${NIX_VERSION}-\$(uname -m)-linux.tar.xz \
  && tar xf nix-\${NIX_VERSION}-\$(uname -m)-linux.tar.xz \
  && addgroup -g 30000 -S nixbld \
  && for i in \$(seq 1 30); do adduser -S -D -h /var/empty -g "Nix build user \$i" -u \$((30000 + i)) -G nixbld nixbld\$i ; done \
  && mkdir -m 0755 /etc/nix \
  && echo 'sandbox = false' > /etc/nix/nix.conf \
  && mkdir -m 0755 /nix && USER=root sh nix-\${NIX_VERSION}-\$(uname -m)-linux/install \
  && ln -s /nix/var/nix/profiles/default/etc/profile.d/nix.sh /etc/profile.d/ \
  && rm -r /nix-\${NIX_VERSION}-\$(uname -m)-linux* \
  && /nix/var/nix/profiles/default/bin/nix-collect-garbage --delete-old \
  && /nix/var/nix/profiles/default/bin/nix-store --optimise \
  && /nix/var/nix/profiles/default/bin/nix-store --verify --check-contents

# Somehow this file is missing?
RUN mkdir -p /etc/bash && touch /etc/bash/bashrc

ONBUILD ENV \
    ENV=/etc/profile \
    USER=root \
    PATH=/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:/bin:/sbin:/usr/bin:/usr/sbin \
    GIT_SSL_CAINFO=/etc/ssl/certs/ca-certificates.crt \
    NIX_SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt

ENV \
    ENV=/etc/profile \
    USER=root \
    PATH=/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:/bin:/sbin:/usr/bin:/usr/sbin \
    GIT_SSL_CAINFO=/etc/ssl/certs/ca-certificates.crt \
    NIX_SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt \
    NIX_PATH=/nix/var/nix/profiles/per-user/root/channels

# Add your user the alpine way
RUN apk add --no-cache --update shadow \
    && groupadd -g $(getent group docker | cut -d: -f3) docker \
    && groupadd -g $(id -g) ${USER} \
    && useradd -g $(id -g) --groups wheel,docker -u $(id -u) ${USER} \
    && rm -rf /var/cache/apk/*
EOF
            docker build . -t nixos-${USER} -f /tmp/docker-build-${USER}
        fi
        docker run --volumes-from=nix-data-${USER} --rm -it \
        -v /var/run/docker.sock:/var/run/docker.sock \
        -v /etc/kube:/etc/kube \
        -v /etc/ssl/certs/ca-bundle.crt:/etc/ssl/certs/ca-bundle.crt \
        -v /etc/ssl/certs/ca-bundle.crt:/etc/ssl/certs/ca-certificates.crt \
        -e GIT_SSL_CAINFO=/etc/ssl/certs/ca-bundle.crt \
        -e NIX_SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt \
        -e SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt \
        -e no_proxy=$no_proxy \
        -e http_proxy=$http_proxy \
        -e https_proxy=$http_proxy \
        -e SHELL=bash \
        -e USER=${USER} \
        -u $(id -u):$(id -g) \
        --group-add wheel \
        --group-add docker \
        -v ${HOME}:${HOME} \
        -w ${HOME} \
        --name nixos-${USER} \
        --network host \
        nixos-${USER} bash --login
        ;;
    clear)
        docker run --rm --volumes-from=nix-data-${USER} nixos/nix nix-collect-garbage -d
        ;;
    list)
        docker run --rm --volumes-from nix-data-${USER} nixos/nix ls -la /nix
        ;;
esac