feat(gs:system): steal tazjin's rebuilder script

gonna use this instead of nixos-rebuild switch, in part to get away from
global nixpkgs pins.

Change-Id: I46e2951660465790adfdf75e6e3413b5c2dfd7c7
Reviewed-on: https://cl.tvl.fyi/c/depot/+/886
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: BuildkiteCI
Tested-by: BuildkiteCI

users/glittershark/system/system/default.nix

@@ -1,7 +1,36 @@
 { depot, ... }:
 
-{
+rec {
   chupacabra = (depot.third_party.nixos {
     configuration = import ./machines/chupacabra.nix;
   }).system;
+
+  rebuilder =
+    let
+      depotPath = "/home/grfn/code/depot";
+
+      caseFor = hostname: ''
+        ${hostname})
+          echo "Rebuilding NixOS for //users/glittershark/nixos/${hostname}"
+          system=$(nix-build -E '(import ${depotPath} {}).users.glittershark.system.system.${hostname}' --no-out-link)
+          ;;
+      '';
+    in depot.third_party.writeShellScriptBin "rebuilder" ''
+      set -ue
+      if [[ $EUID -ne 0 ]]; then
+        echo "Oh no! Only root is allowed to rebuild the system!" >&2
+        exit 1
+      fi
+
+      case $HOSTNAME in
+      ${caseFor "chupacabra"}
+      *)
+        echo "$HOSTNAME is not a known NixOS host!" >&2
+        exit 1
+        ;;
+      esac
+
+      nix-env -p /nix/var/nix/profiles/system --set $system
+      $system/bin/switch-to-configuration switch
+    '';
 }

users/glittershark/system/system/modules/common.nix

@@ -1,5 +1,11 @@
 { config, lib, pkgs, ... }:
 
+let
+
+  depot = import ../../../../.. {};
+
+in
+
 {
   imports =
     [
@@ -35,6 +41,7 @@
     libnotify
     file
     lm_sensors
+    depot.users.glittershark.system.system.rebuilder
   ];
 
   # Some programs need SUID wrappers, can be configured further or are