with import <nix/config.nix>;

{ derivations, manifest }:

derivation {
  name = "user-environment";
  system = builtins.currentSystem;
  builder = nixLibexecDir + "/nix/buildenv";

  inherit manifest;

  # !!! grmbl, need structured data for passing this in a clean way.
  derivations =
    map (d:
      [ (d.meta.active or "true")
        (d.meta.priority or 5)
        (builtins.length d.outputs)
      ] ++ map (output: builtins.getAttr output d) d.outputs)
      derivations;

  # Building user environments remotely just causes huge amounts of
  # network traffic, so don't do that.
  preferLocalBuild = true;

  # Also don't bother substituting.
  allowSubstitutes = false;

  __sandboxProfile = ''
    (allow sysctl-read)
    (allow file-read*
           (literal "/usr/lib/libSystem.dylib")
           (literal "/usr/lib/libSystem.B.dylib")
           (literal "/usr/lib/libobjc.A.dylib")
           (literal "/usr/lib/libobjc.dylib")
           (literal "/usr/lib/libauto.dylib")
           (literal "/usr/lib/libc++abi.dylib")
           (literal "/usr/lib/libc++.1.dylib")
           (literal "/usr/lib/libDiagnosticMessagesClient.dylib")
           (subpath "/usr/lib/system")
           (subpath "/dev"))
  '';

  inherit chrootDeps;
}