{ pkgs, self }:
let
  lib = pkgs.lib;
  rebuildableTest = import ./rebuildableTest.nix pkgs;
  seleniumScript = pkgs.writers.writePython3Bin "selenium-script"
    {
      libraries = with pkgs.python3Packages; [ selenium ];
    } ''
    import sys
    from selenium import webdriver
    from selenium.webdriver.common.by import By
    from selenium.webdriver.support.wait import WebDriverWait
    from selenium.webdriver.chrome.options import Options

    print("starting selenium script")

    email = sys.argv[1]
    password = sys.argv[2]

    green_path = "${./green.png}"
    screenshot_path = "/home/seleniumUser/screenshot.png"

    # Create and configure driver. It is important to set the window size such that
    # the “Create New Post” button is visible.
    print("Create and configure driver...")
    options = Options()
    options.add_argument("--headless=new")
    service = webdriver.ChromeService(executable_path="${lib.getExe pkgs.chromedriver}")  # noqa: E501
    driver = webdriver.Chrome(options=options, service=service)
    driver.implicitly_wait(10)
    driver.set_window_size(1920, 1200)

    # FIXME: Replace the By.XPATH by By.CSS_SELECTOR.

    # Go to Pixelfed and login.
    print("Open login page...")
    driver.get("http://pixelfed.localhost/login")
    print("Enter email...")
    driver.find_element(By.ID, "email").send_keys(email)
    print("Enter password...")
    driver.find_element(By.ID, "password").send_keys(password)
    # FIXME: This is disgusting. Find instead the input type submit in the form
    # with action ending in "/login".
    print("Click “Login” button...")
    driver.find_element(By.XPATH, "//button[normalize-space()='Login']").click()

    # Find the new post form, fill it in with our pictureand a caption.
    print("Click on “Create New Post”...")
    driver.find_element(By.LINK_TEXT, "Create New Post").click()
    print("Add file to input element...")
    driver.find_element(By.XPATH, "//input[@type='file']").send_keys(green_path)
    print("Click on “Post” button...")
    driver.find_element(By.LINK_TEXT, "Post").click()

    # Wait until the post loads, and in particular its picture, then take a
    # screenshot of the whole page.
    print("Wait for post and image to be loaded...")
    WebDriverWait(driver, timeout=10).until(
        lambda d: d.execute_script(
            "return arguments[0].complete",
            d.find_element(
                By.XPATH, "//div[@class='timeline-status-component-content']//img"
            ),
        )
    )
    print("Take screenshot...")
    if not driver.save_screenshot(screenshot_path):
        raise Exception("selenium could not save screenshot")

    print("Quitting...")
    driver.quit()
    print("All done!")
  '';
in
pkgs.nixosTest {
  name = "test-pixelfed-garage";

  nodes = {
    server = { config, ... }: {
      virtualisation = {
        memorySize = lib.mkVMOverride 8192;
        cores = 8;
      };
      imports = with self.nixosModules; [ 
        garage 
        pixelfed 
        pixelfed-vm 
      ];
      # TODO: pair down
      environment.systemPackages = with pkgs; [
        python3
        chromium
        chromedriver
        xh
        seleniumScript
        helix
        imagemagick
      ];
      environment.variables = {
        POST_MEDIA = ./green.png;
        # AWS_ACCESS_KEY_ID = config.services.garage.ensureKeys.pixelfed.id;
        # AWS_SECRET_ACCESS_KEY = config.services.garage.ensureKeys.pixelfed.secret;
      };
      # chrome does not like being run as root
      users.users.seleniumUser = {
        isNormalUser = true;
      };
    };
  };

  testScript = ''
    import re
    # import time

    server.start()

    with subtest("Pixelfed starts"):
      server.wait_for_unit("phpfpm-pixelfed.service")

    # make sure pixelfed is fully up and running before we interact with it
    # TODO: is there a way to test for this?
    # REVIEW: this is copied from the Mastodon test; Pixelfed might be faster to start up.
    # time.sleep(180)

    # # REVIEW: not sure why necessary. if it is, could we push this into the installation?
    # # FIXME: this is an interactive command; look into flags to make it non-interactive
    # with subtest("Passport install"):
    #   server.succeed("pixelfed-manage passport:install")

    with subtest("Account creation"):
      password = "testtest"
      server.succeed(f"pixelfed-manage user:create --name=test --username=test --email=test@test.com --password={password} --confirm_email=1")

    # # REVIEW: do we actually need TTY?
    # with subtest("TTY Login"):
    #   server.wait_until_tty_matches("1", "login: ")
    #   server.send_chars("root\n");

    # with subtest("Log in with toot"):
    #   # toot doesn't provide a way to just specify our login details as arguments, so we have to pretend we're typing them in at the prompt
    #   server.send_chars("toot login_cli --instance http://mastodon.localhost:55001 --email test@test.com\n")
    #   server.wait_until_tty_matches("1", "Password: ")
    #   server.send_chars(password + "\n")
    #   server.wait_until_tty_matches("1", "Successfully logged in.")

    # with subtest("post text"):
    #   server.succeed("echo 'hello mastodon' | toot post")

    # with subtest("post image"):
    #   server.succeed("toot post --media $POST_MEDIA")

    # with subtest("access garage"):
    #   server.succeed("mc alias set pixelfed http://s3.garage.localhost:3900 --api s3v4 --path off $AWS_ACCESS_KEY_ID $AWS_SECRET_ACCESS_KEY")
    #   server.succeed("mc ls garage/pixelfed")

    # with subtest("access image in garage"):
    #   image = server.succeed("mc find garage --regex original")
    #   image = image.rstrip()
    #   if image == "":
    #     raise Exception("image posted to pixelfed did not get stored in garage")
    #   server.succeed(f"mc cat {image} >/garage-image.webp")
    #   garage_image_hash = server.succeed("identify -quiet -format '%#' /garage-image.webp")
    #   image_hash = server.succeed("identify -quiet -format '%#' $POST_MEDIA")
    #   if garage_image_hash != image_hash:
    #     raise Exception("image stored in garage did not match image uploaded")

    # with subtest("Content security policy allows garage images"):
    #   headers = server.succeed("xh -h http://mastodon.localhost:55001/public/local")
    #   csp_match = None
    #   # I can't figure out re.MULTILINE
    #   for header in headers.split("\n"):
    #     csp_match =  re.match('^Content-Security-Policy: (.*)$', header)
    #     if csp_match is not None:
    #       break
    #   if csp_match is None:
    #     raise Exception("pixelfed did not send a content security policy header")
    #   csp = csp_match.group(1)
    #   # the img-src content security policy should include the garage server
    #   garage_csp = re.match(".*; img-src[^;]*web\.garage\.localhost:3902.*", csp)
    #   if garage_csp is None:
    #     raise Exception("Pixelfed's content security policy does not include garage server. image will not be displayed properly on pixelfed.")

    # NOTE: This could in theory give a false positive if pixelfed changes it's
    # colorscheme to include pure green. (see same problem in pixelfed-garage.nix).
    # TODO: For instance: post a red image and check that the green pixel IS NOT
    # there, then post a green image and check that the green pixel IS there.

    with subtest("image displays"):
      server.succeed(f"su - seleniumUser -c 'selenium-script test@test.com {password}'")
      server.copy_from_vm("/home/seleniumUser/screenshot.png", "")
      displayed_colors = server.succeed("convert /screenshot.png -define histogram:unique-colors=true -format %c histogram:info:")
      # check that the green image displayed somewhere
      green_check = re.match(".*#00FF00.*", displayed_colors, re.S)
      if green_check is None:
        raise Exception("cannot detect the uploaded image on pixelfed page.")
  '';
}