nixpkgs/nixos/modules/installer/tools/nixos-prepare-root.sh

#! @shell@

# This script's goal is to perform all "static" setup of a filesystem structure from pre-built store paths. Everything
# in here should run in a non-root context and inside a Nix builder. It's designed primarily to be called from image-
# building scripts and from nixos-install, but because it makes very few assumptions about the context in which it runs,
# it could be useful in other contexts as well.
#
# Current behavior:
#  - set up basic filesystem structure
#  - make Nix store etc.
#  - copy Nix, system, channel, and misceallaneous closures to target Nix store
#  - register validity of all paths in the target store
#  - set up channel and system profiles

# Ensure a consistent umask.
umask 0022

set -e

mountPoint="$1"
channel="$2"
system="$3"
shift 3
closures="$@"

PATH="@coreutils@/bin:@nix@/bin:@perl@/bin:@utillinux@/bin:@rsync@/bin"

if ! test -e "$mountPoint"; then
    echo "mount point $mountPoint doesn't exist"
    exit 1
fi

# Create a few of the standard directories in the target root directory.
install -m 0755 -d $mountPoint/dev $mountPoint/proc $mountPoint/sys $mountPoint/etc $mountPoint/run $mountPoint/home
install -m 01777 -d $mountPoint/tmp
install -m 0755 -d $mountPoint/tmp/root
install -m 0755 -d $mountPoint/var
install -m 0700 -d $mountPoint/root

ln -sf /run $mountPoint/var/run

# Create the necessary Nix directories on the target device
install -m 0755 -d \
    $mountPoint/nix/var/nix/gcroots \
    $mountPoint/nix/var/nix/temproots \
    $mountPoint/nix/var/nix/userpool \
    $mountPoint/nix/var/nix/profiles \
    $mountPoint/nix/var/nix/db \
    $mountPoint/nix/var/log/nix/drvs

install -m 1775 -d $mountPoint/nix/store

# All Nix operations below should operate on our target store, not /nix/store.
# N.B: this relies on Nix 1.12 or higher
export NIX_REMOTE=local?root=$mountPoint

# Copy our closures to the Nix store on the target mount point, unless they're already there.
for i in $closures; do
    # We support closures both in the format produced by `nix-store --export` and by `exportReferencesGraph`,
    # mostly because there doesn't seem to be a single format that can be produced outside of a nix build and
    # inside one. See https://github.com/NixOS/nix/issues/1242 for more discussion.
    if [[ "$i" =~ \.closure$ ]]; then
        echo "importing serialized closure $i to $mountPoint..."
        nix-store --import < $i
    else
        # There has to be a better way to do this, right?
        echo "copying closure $i to $mountPoint..."
        for j in $(perl @pathsFromGraph@ $i); do
            echo "  $j... "
            rsync -a $j $mountPoint/nix/store/
        done

        nix-store --option build-users-group root --register-validity < $i
    fi
done

# Create the required /bin/sh symlink; otherwise lots of things
# (notably the system() function) won't work.
if [ ! -x $mountPoint/@shell@ ]; then
    echo "Error: @shell@ wasn't included in the closure" >&2
    exit 1
fi
install -m 0755 -d $mountPoint/bin
ln -sf @shell@ $mountPoint/bin/sh

echo "setting the system closure to '$system'..."
nix-env "${extraBuildFlags[@]}" -p $mountPoint/nix/var/nix/profiles/system --set "$system"

ln -sfn /nix/var/nix/profiles/system $mountPoint/run/current-system

# Copy the NixOS/Nixpkgs sources to the target as the initial contents of the NixOS channel.
install -m 0755 -d $mountPoint/nix/var/nix/profiles
install -m 1777 -d $mountPoint/nix/var/nix/profiles/per-user
install -m 0755 -d $mountPoint/nix/var/nix/profiles/per-user/root

if [ -z "$noChannelCopy" ] && [ -n "$channel" ]; then
    echo "copying channel..."
    nix-env --option build-use-substitutes false "${extraBuildFlags[@]}" -p $mountPoint/nix/var/nix/profiles/per-user/root/channels --set "$channel" --quiet
fi
install -m 0700 -d $mountPoint/root/.nix-defexpr
ln -sfn /nix/var/nix/profiles/per-user/root/channels $mountPoint/root/.nix-defexpr/channels

# Mark the target as a NixOS installation, otherwise switch-to-configuration will chicken out.
touch $mountPoint/etc/NIXOS