clan-core/checks/service-dummy-test/default.nix

{
  pkgs,
  nixosLib,
  clan-core,
  ...
}:
nixosLib.runTest (
  { ... }:
  {
    imports = [
      clan-core.modules.nixosTest.clanTest
    ];

    hostPkgs = pkgs;

    # This tests the compatibility of the inventory
    # With the test framework
    # - legacy-modules
    # - clan.service modules
    name = "service-dummy-test";

    clan = {
      directory = ./.;
      inventory = {
        machines.peer1 = { };
        machines.admin1 = { };
        services = {
          legacy-module.default = {
            roles.peer.machines = [ "peer1" ];
            roles.admin.machines = [ "admin1" ];
          };
        };

        instances."test" = {
          module.name = "new-service";
          module.input = "self";
          roles.peer.machines.peer1 = { };
        };

        modules = {
          legacy-module = ./legacy-module;
        };
      };
      modules.new-service = {
        _class = "clan.service";
        manifest.name = "new-service";
        roles.peer = { };
        perMachine = {
          nixosModule = {
            # This should be generated by:
            # nix run .#generate-test-vars -- checks/service-dummy-test service-dummy-test
            clan.core.vars.generators.new-service = {
              files.not-a-secret = {
                secret = false;
                deploy = true;
              };
              files.a-secret = {
                secret = true;
                deploy = true;
                owner = "nobody";
                group = "users";
                mode = "0644";
              };
              script = ''
                # This is a dummy script that does nothing
                echo -n "not-a-secret" > $out/not-a-secret
                echo -n "a-secret" > $out/a-secret
              '';
            };
          };
        };
      };
    };

    testScript =
      { nodes, ... }:
      ''
        start_all()
        admin1.wait_for_unit("multi-user.target")
        peer1.wait_for_unit("multi-user.target")
        # Provided by the legacy module
        print(admin1.succeed("systemctl status dummy-service"))
        print(peer1.succeed("systemctl status dummy-service"))

        # peer1 should have the 'hello' file
        peer1.succeed("cat ${nodes.peer1.clan.core.vars.generators.new-service.files.not-a-secret.path}")

        ls_out = peer1.succeed("ls -la ${nodes.peer1.clan.core.vars.generators.new-service.files.a-secret.path}")
        # Check that the file is owned by 'nobody'
        assert "nobody" in ls_out, f"File is not owned by 'nobody': {ls_out}"
        # Check that the file is in the 'users' group
        assert "users" in ls_out, f"File is not in the 'users' group: {ls_out}"
        # Check that the file is in the '0644' mode
        assert "-rw-r--r--" in ls_out, f"File is not in the '0644' mode: {ls_out}"
      '';
  }
)