Merge pull request 'add run-vm-test-offline package for offline VM testing' (#3994) from run-vm-test-offline into main

Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/3994

checks/flake-module.nix

@@ -112,6 +112,9 @@ in
             cp ${../flake.lock} $out/flake.lock
           '';
         };
+      packages = lib.optionalAttrs (pkgs.stdenv.isLinux) {
+        run-vm-test-offline = pkgs.callPackage ../pkgs/run-vm-test-offline { };
+      };
       legacyPackages = {
         nixosTests =
           let

pkgs/run-vm-test-offline/default.nix

@@ -0,0 +1,38 @@
+{
+  writeShellApplication,
+  util-linux,
+  coreutils,
+}:
+
+writeShellApplication {
+  name = "run-vm-test-offline";
+  runtimeInputs = [
+    util-linux
+    coreutils
+  ]; # nix is inherited from the environment
+  text = ''
+    set -euo pipefail
+
+    if [ $# -eq 0 ]; then
+      echo "Error: Test name required"
+      echo "Usage: nix run .#run-offline-test -- <test-name>"
+      echo "Example: nix run .#run-offline-test -- installation"
+      exit 1
+    fi
+
+    TEST_NAME="$1"
+
+    echo "Building $TEST_NAME test driver..."
+    SYSTEM=$(nix eval --impure --raw --expr 'builtins.currentSystem')
+    nix build ".#checks.$SYSTEM.$TEST_NAME.driver"
+
+    echo "Running $TEST_NAME test in offline environment..."
+    # We use unshare here with root to avoid usernamespace issues originating from bubblewrap
+    currentUser="$(whoami)"
+    sudo unshare --net -- bash -c "
+      ip link set lo up
+      runuser -u $(printf "%q" "$currentUser") ./result/bin/nixos-test-driver
+    "
+  '';
+  meta.description = "Run interactivly NixOS VM tests in an sandbox without network access";
+}