diff --git a/services/tests/mastodon-garage.nix b/services/tests/mastodon-garage.nix
index b0a9d62..8a2b34c 100644
--- a/services/tests/mastodon-garage.nix
+++ b/services/tests/mastodon-garage.nix
@@ -5,6 +5,9 @@ let
   ## FIXME: this binding was not used, but maybe we want a side-effect or something?
   # rebuildableTest = import ./rebuildableTest.nix pkgs;
 
+  testImage = pkgs.copyPathToStore ./green.png;
+  testImageColour = "#00FF00";
+
   seleniumScript =
     pkgs.writers.writePython3Bin "selenium-script"
       { libraries = with pkgs.python3Packages; [ selenium ]; }
@@ -14,8 +17,6 @@ let
         from selenium.webdriver.firefox.options import Options
         from selenium.webdriver.support.ui import WebDriverWait
 
-        print(1)
-
         options = Options()
         options.add_argument("--headless")
         # devtools don't show up in headless screenshots
@@ -23,7 +24,7 @@ let
         service = webdriver.FirefoxService(executable_path="${lib.getExe pkgs.geckodriver}")  # noqa: E501
 
         driver = webdriver.Firefox(options=options, service=service)
-        driver.get("http://mastodon.localhost:55001/public/local")
+        driver.get("http://mastodon.localhost/public/local")
 
         # wait until the statuses load
         WebDriverWait(driver, 90).until(
@@ -46,6 +47,7 @@ pkgs.nixosTest {
           fediversity
           ../vm/garage-vm.nix
           ../vm/mastodon-vm.nix
+          ../vm/interactive-vm.nix
         ];
         # TODO: pair down
         environment.systemPackages = with pkgs; [
@@ -57,9 +59,9 @@ pkgs.nixosTest {
           seleniumScript
           helix
           imagemagick
+          expect
         ];
         environment.variables = {
-          POST_MEDIA = ./green.png;
           AWS_ACCESS_KEY_ID = config.services.garage.ensureKeys.mastodon.id;
           AWS_SECRET_ACCESS_KEY = config.services.garage.ensureKeys.mastodon.secret;
         };
@@ -87,64 +89,67 @@ pkgs.nixosTest {
         if password_match is None:
           raise Exception(f"account creation did not generate a password.\n{account_creation_output}")
         password = password_match.group(1)
-
-      with subtest("TTY Login"):
-        server.wait_until_tty_matches("1", "login: ")
-        server.send_chars("root\n");
+        # print(f"Test user (test@test.com)'s password is: {password}")
 
       with subtest("Log in with toot"):
-        # toot doesn't provide a way to just specify our login details as arguments, so we have to pretend we're typing them in at the prompt
-        server.send_chars("toot login_cli --instance http://mastodon.localhost:55001 --email test@test.com\n")
-        server.wait_until_tty_matches("1", "Password: ")
-        server.send_chars(password + "\n")
-        server.wait_until_tty_matches("1", "Successfully logged in.")
+        # toot doesn't provide a way to just specify our login details as
+        # arguments, so we have to pretend we're typing them in at the prompt;
+        # we use 'expect' for this purpose.
+        server.succeed(f"""
+          expect -c '
+            spawn toot login_cli --instance http://mastodon.localhost:55001 --email test@test.com
+            expect "Password: "
+            send "{password}\\n"
+            interact
+          ' >&2
+        """)
 
-      with subtest("post text"):
+      with subtest("Post a text"):
         server.succeed("echo 'hello mastodon' | toot post")
 
-      with subtest("post image"):
-        server.succeed("toot post --media $POST_MEDIA")
+      with subtest("Post an image"):
+        server.succeed("toot post --media ${testImage}")
 
-      with subtest("access garage"):
+      with subtest("Access garage"):
         server.succeed("mc alias set garage ${nodes.server.fediversity.internal.garage.api.url} --api s3v4 --path off $AWS_ACCESS_KEY_ID $AWS_SECRET_ACCESS_KEY")
         server.succeed("mc ls garage/mastodon")
 
-      with subtest("access image in garage"):
+      with subtest("Access image in garage"):
         image = server.succeed("mc find garage --regex original")
         image = image.rstrip()
         if image == "":
           raise Exception("image posted to mastodon did not get stored in garage")
         server.succeed(f"mc cat {image} >/garage-image.webp")
         garage_image_hash = server.succeed("identify -quiet -format '%#' /garage-image.webp")
-        image_hash = server.succeed("identify -quiet -format '%#' $POST_MEDIA")
+        image_hash = server.succeed("identify -quiet -format '%#' ${testImage}")
         if garage_image_hash != image_hash:
           raise Exception("image stored in garage did not match image uploaded")
 
-      with subtest("Content security policy allows garage images"):
+      with subtest("Content-Security-Policy allows garage content"):
         headers = server.succeed("xh -h http://mastodon.localhost:55001/public/local")
         csp_match = None
         # I can't figure out re.MULTILINE
         for header in headers.split("\n"):
-          csp_match =  re.match('^Content-Security-Policy: (.*)$', header)
+          csp_match = re.match('^Content-Security-Policy: (.*)$', header)
           if csp_match is not None:
             break
         if csp_match is None:
           raise Exception("mastodon did not send a content security policy header")
         csp = csp_match.group(1)
-        # the img-src content security policy should include the garage server
+        # the connect-src content security policy should include the garage server
         ## TODO: use `nodes.server.fediversity.internal.garage.api.url` same as above, but beware of escaping the regex. Be careful with port 80 though.
         garage_csp = re.match(".*; img-src[^;]*web\.garage\.localhost.*", csp)
         if garage_csp is None:
-          raise Exception("Mastodon's content security policy does not include garage server. image will not be displayed properly on mastodon.")
+          raise Exception("Mastodon's Content-Security-Policy does not include Garage.")
 
-      # this could in theory give a false positive if mastodon changes it's colorscheme to include pure green.
-      with subtest("image displays"):
+      # this could in theory give a false positive if mastodon changes it's colorscheme to include ${testImageColour}.
+      with subtest("Image displays"):
         server.succeed("selenium-script")
         server.copy_from_vm("/mastodon-screenshot.png", "")
         displayed_colors = server.succeed("convert /mastodon-screenshot.png -define histogram:unique-colors=true -format %c histogram:info:")
-        # check that the green image displayed somewhere
-        green_check = re.match(".*#00FF00.*", displayed_colors, re.S)
-        if green_check is None:
+        # check that the image displayed somewhere
+        image_check = re.match(".*${testImageColour}.*", displayed_colors, re.S)
+        if image_check is None:
           raise Exception("cannot detect the uploaded image on mastodon page.")
     '';
 }
diff --git a/services/vm/mastodon-vm.nix b/services/vm/mastodon-vm.nix
index 907900e..5a9daf2 100644
--- a/services/vm/mastodon-vm.nix
+++ b/services/vm/mastodon-vm.nix
@@ -49,7 +49,6 @@
           BIND = "0.0.0.0";
           # for letter_opener (still doesn't work though)
           REMOTE_DEV = "true";
-          LOCAL_DOMAIN = "${config.fediversity.internal.mastodon.domain}:8443";
         };
       };