default.nix: copy everything to the nix store before evaluating any of my config

default.nix

@@ -1,61 +1,5 @@
-# limited, non-flake interface to this repo.
-# this file exposes the same view into `pkgs` which the flake would see when evaluated.
-#
-# the primary purpose of this file is so i can run `updateScript`s which expect
-# the root to be `default.nix`
-{ }:
+{ ... }@args:
 let
-  mkPkgs = args: (import ./pkgs/additional/nixpkgs args).extend
-    (import ./overlays/all.nix);
-  inherit (mkPkgs {}) lib;
-
-  evalHost = { name, system, branch ? "master", variant ? null }:
-  let
-    pkgs = mkPkgs { inherit system; variant = branch; };
-  in pkgs.nixos (
-    [
-      (import ./hosts/instantiate.nix { hostName = name; inherit variant; })
-      (import ./modules)
-      pkgs.sops-nix.nixosModules.sops
-    ]
-  );
-  mkFlavoredHost = args: let
-    host = evalHost args;
-    # expose the toplevel nixos system as the toplevel attribute itself,
-    # with nested aliases for other common build targets
-  in host.config.system.build.toplevel.overrideAttrs (base: {
-    passthru = (base.passthru or {}) // {
-      config = host.config;
-      fs = host.config.sane.fs;
-      img = host.config.system.build.img;
-      pkgs = host.config.system.build.pkgs;
-      programs = lib.mapAttrs (_: p: p.package) host.config.sane.programs;
-      toplevel = host.config.system.build.toplevel;  #< self
-    };
-  });
-  mkHost = args: {
-    # TODO: swap order: $host-{next,staging}-{min,light}:
-    # then lexicographically-adjacent targets would also have the minimal difference in closure,
-    # and the order in which each target should be built is more evident
-    "${args.name}" = mkFlavoredHost args;
-    "${args.name}-next" = mkFlavoredHost (args // { branch = "staging-next"; });
-    "${args.name}-staging" = mkFlavoredHost (args // { branch = "staging"; });
-    "${args.name}-light" = mkFlavoredHost (args // { variant = "light"; });
-    "${args.name}-light-next" = mkFlavoredHost (args // { variant = "light"; branch = "staging-next"; });
-    "${args.name}-light-staging" = mkFlavoredHost (args // { variant = "light"; branch = "staging"; });
-    "${args.name}-min" = mkFlavoredHost (args // { variant = "min"; });
-    "${args.name}-min-next" = mkFlavoredHost (args // { variant = "min"; branch = "staging-next"; });
-    "${args.name}-min-staging" = mkFlavoredHost (args // { variant = "min"; branch = "staging-staging"; });
-  };
-
-  hosts = lib.foldl' (acc: host: acc // (mkHost host)) {} [
-    { name = "crappy"; system = "armv7l-linux";  }
-    { name = "desko";  system = "x86_64-linux";  }
-    { name = "lappy";  system = "x86_64-linux";  }
-    { name = "moby";   system = "aarch64-linux"; }
-    { name = "rescue"; system = "x86_64-linux";  }
-    { name = "servo";  system = "x86_64-linux";  }
-  ];
-in {
-  inherit hosts;
-} // (mkPkgs {})
+  sane-nix-files = import ./pkgs/additional/sane-nix-files { };
+in
+  import "${sane-nix-files}/impure.nix" args

impure.nix

@@ -0,0 +1,62 @@
+# this entry-point exposes all packages, hosts, etc, but with no purity guarnatees.
+# the intended way to use this is to first copy every .nix file and dependency in this repo to the nix store, then enter this file.
+# entering this file *before* copying anything into the nix store can cause interesting
+# race conditions or eval failures.
+#
+# see default.nix for a wrapper around this with better purity guarantees.
+{ }:
+let
+  mkPkgs = args: (import ./pkgs/additional/nixpkgs args).extend
+    (import ./overlays/all.nix);
+  inherit (mkPkgs {}) lib;
+
+  evalHost = { name, system, branch ? "master", variant ? null }:
+  let
+    pkgs = mkPkgs { inherit system; variant = branch; };
+  in pkgs.nixos (
+    [
+      (import ./hosts/instantiate.nix { hostName = name; inherit variant; })
+      (import ./modules)
+      pkgs.sops-nix.nixosModules.sops
+    ]
+  );
+  mkFlavoredHost = args: let
+    host = evalHost args;
+    # expose the toplevel nixos system as the toplevel attribute itself,
+    # with nested aliases for other common build targets
+  in host.config.system.build.toplevel.overrideAttrs (base: {
+    passthru = (base.passthru or {}) // {
+      config = host.config;
+      fs = host.config.sane.fs;
+      img = host.config.system.build.img;
+      pkgs = host.config.system.build.pkgs;
+      programs = lib.mapAttrs (_: p: p.package) host.config.sane.programs;
+      toplevel = host.config.system.build.toplevel;  #< self
+    };
+  });
+  mkHost = args: {
+    # TODO: swap order: $host-{next,staging}-{min,light}:
+    # then lexicographically-adjacent targets would also have the minimal difference in closure,
+    # and the order in which each target should be built is more evident
+    "${args.name}" = mkFlavoredHost args;
+    "${args.name}-next" = mkFlavoredHost (args // { branch = "staging-next"; });
+    "${args.name}-staging" = mkFlavoredHost (args // { branch = "staging"; });
+    "${args.name}-light" = mkFlavoredHost (args // { variant = "light"; });
+    "${args.name}-light-next" = mkFlavoredHost (args // { variant = "light"; branch = "staging-next"; });
+    "${args.name}-light-staging" = mkFlavoredHost (args // { variant = "light"; branch = "staging"; });
+    "${args.name}-min" = mkFlavoredHost (args // { variant = "min"; });
+    "${args.name}-min-next" = mkFlavoredHost (args // { variant = "min"; branch = "staging-next"; });
+    "${args.name}-min-staging" = mkFlavoredHost (args // { variant = "min"; branch = "staging-staging"; });
+  };
+
+  hosts = lib.foldl' (acc: host: acc // (mkHost host)) {} [
+    { name = "crappy"; system = "armv7l-linux";  }
+    { name = "desko";  system = "x86_64-linux";  }
+    { name = "lappy";  system = "x86_64-linux";  }
+    { name = "moby";   system = "aarch64-linux"; }
+    { name = "rescue"; system = "x86_64-linux";  }
+    { name = "servo";  system = "x86_64-linux";  }
+  ];
+in {
+  inherit hosts;
+} // (mkPkgs {})

pkgs/additional/sane-nix-files/default.nix

@@ -1,34 +1,54 @@
-{
-  findutils,
-  runCommandLocal,
-  rsync,
-}:
-runCommandLocal "sane-nix-files" {
-  nativeBuildInputs = [
-    findutils
-    rsync
-  ];
+{ stdenv ? null }:
+with builtins;
+let
+  src = filterSource
+    (path: type:
+      let name = baseNameOf path;
+    in !(
+      # mimic .gitignore
+      (name == ".working")
+      || (name == "result")
+      || (match "^result-.*" name != null)
+    ))
+    ../../../.
+  ;
 
-  meta = {
-    description = "top-level host configs for Colin's machines";
-    longDescription = ''
-      i like to ensure a copy of my config is present on all my machines,
-      and this does that in a hermetic way.
-    '';
+  fakeDeriv = {
+    # in the bootstrap path, we don't have enough available to actually
+    # link these files into a derivation.
+    # but that's ok, because the caller immediately `import`s it anyway,
+    # so just yield something importable.
+    outPath = src;
+  };
+  realDeriv = stdenv.mkDerivation {
+    name = "sane-nix-files";
+    inherit src;
+    installPhase = ''
+      ln -s "$src" "$out"
+    '';
+    dontFixup = true;
   };
-} ''
-  mkdir src
-  pushd src
 
-  rsync -lptr ${../../../.}/ ./
-  chmod u+w .
-  for pat in $(cat .gitignore); do
-    set +e
-    chmod u+w -R "$pat" ; rm -rf "$pat"
-    find $PWD -name "$pat" -exec 'chmod u+w -R {}; rm -rf {}' \;
-    set -e
-  done
-  rsync -lptr ./ $out/
+  # alternative implementation which always returns a real derivation,
+  # but requires a pre-compiled statically-linked `sln` or `cp` implementation.
+  # self = derivation {
+  #   name = "sane-nix-files";
+  #   system = "x86_64-linux";
 
-  popd
-''
+  #   # builder = "${./sln}";
+  #   # args = [
+  #   #   src
+  #   #   self.outPath
+  #   # ];
+
+  #   builder = "/bin/sh";
+  #   args = [
+  #     "-c"
+  #     "${./sln} ${src} $out"
+  #   ];
+  # };
+in
+  if stdenv == null then
+    fakeDeriv
+  else
+    realDeriv