clan-core/checks/installation/test-helpers.nix

{
  lib,
  pkgs,
  self,
  ...
}:
let
  # Common target VM configuration used by both installation and update tests
  target =
    { modulesPath, pkgs, ... }:
    {
      imports = [
        (modulesPath + "/../tests/common/auto-format-root-device.nix")
      ];
      networking.useNetworkd = true;
      services.openssh.enable = true;
      services.openssh.settings.UseDns = false;
      services.openssh.settings.PasswordAuthentication = false;
      system.nixos.variant_id = "installer";
      environment.systemPackages = [
        pkgs.nixos-facter
      ];
      # Disable cache.nixos.org to speed up tests
      nix.settings.substituters = [ ];
      nix.settings.trusted-public-keys = [ ];
      virtualisation.emptyDiskImages = [ 512 ];
      virtualisation.diskSize = 8 * 1024;
      virtualisation.rootDevice = "/dev/vdb";
      # both installer and target need to use the same diskImage
      virtualisation.diskImage = "./target.qcow2";
      virtualisation.memorySize = 3048;
      users.users.nonrootuser = {
        isNormalUser = true;
        openssh.authorizedKeys.keys = [ (builtins.readFile ../assets/ssh/pubkey) ];
        extraGroups = [ "wheel" ];
      };
      users.users.root.openssh.authorizedKeys.keys = [ (builtins.readFile ../assets/ssh/pubkey) ];
      # Allow users to manage their own SSH keys
      services.openssh.authorizedKeysFiles = [
        "/root/.ssh/authorized_keys"
        "/home/%u/.ssh/authorized_keys"
        "/etc/ssh/authorized_keys.d/%u"
      ];
      security.sudo.wheelNeedsPassword = false;
    };

  # Common base test machine configuration
  baseTestMachine =
    { lib, modulesPath, ... }:
    {
      imports = [
        (modulesPath + "/testing/test-instrumentation.nix")
        (modulesPath + "/profiles/qemu-guest.nix")
        self.clanLib.test.minifyModule
      ];

      # Enable SSH and add authorized key for testing
      services.openssh.enable = true;
      services.openssh.settings.PasswordAuthentication = false;
      users.users.nonrootuser = {
        isNormalUser = true;
        openssh.authorizedKeys.keys = [ (builtins.readFile ../assets/ssh/pubkey) ];
        extraGroups = [ "wheel" ];
        home = "/home/nonrootuser";
        createHome = true;
      };
      users.users.root.openssh.authorizedKeys.keys = [ (builtins.readFile ../assets/ssh/pubkey) ];
      # Allow users to manage their own SSH keys
      services.openssh.authorizedKeysFiles = [
        "/root/.ssh/authorized_keys"
        "/home/%u/.ssh/authorized_keys"
        "/etc/ssh/authorized_keys.d/%u"
      ];
      security.sudo.wheelNeedsPassword = false;

      boot.consoleLogLevel = lib.mkForce 100;
      boot.kernelParams = [ "boot.shell_on_fail" ];

      # disko config
      boot.loader.grub.efiSupport = lib.mkDefault true;
      boot.loader.grub.efiInstallAsRemovable = lib.mkDefault true;
      clan.core.vars.settings.secretStore = "vm";
      clan.core.vars.generators.test = {
        files.test.neededFor = "partitioning";
        script = ''
          echo "notok" > "$out"/test
        '';
      };
      disko.devices = {
        disk = {
          main = {
            type = "disk";
            device = "/dev/vda";

            preCreateHook = ''
              test -e /run/partitioning-secrets/test/test
            '';

            content = {
              type = "gpt";
              partitions = {
                boot = {
                  size = "1M";
                  type = "EF02"; # for grub MBR
                  priority = 1;
                };
                ESP = {
                  size = "512M";
                  type = "EF00";
                  content = {
                    type = "filesystem";
                    format = "vfat";
                    mountpoint = "/boot";
                    mountOptions = [ "umask=0077" ];
                  };
                };
                root = {
                  size = "100%";
                  content = {
                    type = "filesystem";
                    format = "ext4";
                    mountpoint = "/";
                  };
                };
              };
            };
          };
        };
      };
    };

  # NixOS test library combining port utils and clan VM test utilities
  nixosTestLib = pkgs.python3Packages.buildPythonPackage {
    pname = "nixos-test-lib";
    version = "1.0.0";
    format = "pyproject";
    src = lib.fileset.toSource {
      root = ./.;
      fileset = lib.fileset.unions [
        ./pyproject.toml
        ./nixos_test_lib
      ];
    };
    nativeBuildInputs = with pkgs.python3Packages; [
      setuptools
      wheel
    ];
    doCheck = false;
  };

  # Common closure info
  closureInfo = pkgs.closureInfo {
    rootPaths = [
      self.checks.x86_64-linux.clan-core-for-checks
      self.clanInternals.machines.${pkgs.hostPlatform.system}.test-install-machine-with-system.config.system.build.toplevel
      self.clanInternals.machines.${pkgs.hostPlatform.system}.test-install-machine-with-system.config.system.build.initialRamdisk
      self.clanInternals.machines.${pkgs.hostPlatform.system}.test-install-machine-with-system.config.system.build.diskoScript
      self.clanInternals.machines.${pkgs.hostPlatform.system}.test-install-machine-with-system.config.system.clan.deployment.file
      pkgs.stdenv.drvPath
      pkgs.bash.drvPath
      pkgs.buildPackages.xorg.lndir
    ] ++ builtins.map (i: i.outPath) (builtins.attrValues self.inputs);
  };

in
{
  inherit
    target
    baseTestMachine
    nixosTestLib
    closureInfo
    ;
}