From 2457fc44a2a12818c9edea3a6e557c21aee37105 Mon Sep 17 00:00:00 2001
From: Kiara Grouwstra <kiara@procolix.eu>
Date: Wed, 27 Aug 2025 22:00:04 +0200
Subject: [PATCH] split tests to allow running the faster ssh test separately

---
 .forgejo/workflows/ci.yaml                    |  10 +-
 deployment/check/common/nixosTest.nix         |   2 +-
 deployment/check/data-model-ssh/nixosTest.nix |  10 +-
 deployment/check/data-model/constants.nix     |   9 --
 deployment/check/data-model/default.nix       |  21 ---
 .../check/data-model/flake-under-test.nix     |  29 -----
 deployment/check/data-model/nixosTest.nix     | 123 ------------------
 deployment/flake-part.nix                     |   7 +-
 8 files changed, 21 insertions(+), 190 deletions(-)
 delete mode 100644 deployment/check/data-model/constants.nix
 delete mode 100644 deployment/check/data-model/default.nix
 delete mode 100644 deployment/check/data-model/flake-under-test.nix
 delete mode 100644 deployment/check/data-model/nixosTest.nix

diff --git a/.forgejo/workflows/ci.yaml b/.forgejo/workflows/ci.yaml
index dc665e6f..d386d2dd 100644
--- a/.forgejo/workflows/ci.yaml
+++ b/.forgejo/workflows/ci.yaml
@@ -64,6 +64,12 @@ jobs:
       - uses: actions/checkout@v4
       - run: nix build .#checks.x86_64-linux.deployment-panel -L
 
+  check-deployment-model:
+    runs-on: native
+    steps:
+      - uses: actions/checkout@v4
+      - run: nix build .#checks.x86_64-linux.deployment-model-ssh -L
+
   check-deployment-model-ssh:
     runs-on: native
     steps:
@@ -76,11 +82,11 @@ jobs:
       - uses: actions/checkout@v4
       - run: nix build .#checks.x86_64-linux.deployment-model-nixops4 -L
 
-  check-deployment-model:
+  check-deployment-model-nixops4:
     runs-on: native
     steps:
       - uses: actions/checkout@v4
-      - run: nix build .#checks.x86_64-linux.deployment-model -L
+      - run: nix build .#checks.x86_64-linux.deployment-model-nixops4 -L
 
   ## NOTE: NixOps4 does not provide a good “dry run” mode, so we instead check
   ## proxies for resources, namely whether their `.#vmOptions.<machine>` and
diff --git a/deployment/check/common/nixosTest.nix b/deployment/check/common/nixosTest.nix
index 574621c4..93bd3fef 100644
--- a/deployment/check/common/nixosTest.nix
+++ b/deployment/check/common/nixosTest.nix
@@ -163,7 +163,7 @@ in
         '')}
 
       ${
-        if true then
+        if config.useFlake then
           ''
             ## NOTE: This is super slow. It could probably be optimised in Nix, for
             ## instance by allowing to grab things directly from the host's store.
diff --git a/deployment/check/data-model-ssh/nixosTest.nix b/deployment/check/data-model-ssh/nixosTest.nix
index 0e129493..f662c5da 100644
--- a/deployment/check/data-model-ssh/nixosTest.nix
+++ b/deployment/check/data-model-ssh/nixosTest.nix
@@ -1,6 +1,8 @@
 {
   lib,
+  config,
   pkgs,
+  inputs,
   ...
 }:
 let
@@ -32,10 +34,10 @@ in
   sourceFileset = lib.fileset.unions [
     ../../data-model.nix
     ../../function.nix
-    ../../nixos.nix
-    ../../run/ssh-single-host/run.sh
-    ../../../npins/default.nix
-    ../../../npins/sources.json
+    # ../../nixos.nix
+    # ../../run/ssh-single-host/run.sh
+    # ../../../npins/default.nix
+    # ../../../npins/sources.json
     ../common/data-model.nix
     ../common/data-model-options.nix
     ./constants.nix
diff --git a/deployment/check/data-model/constants.nix b/deployment/check/data-model/constants.nix
deleted file mode 100644
index 9cc81ea9..00000000
--- a/deployment/check/data-model/constants.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{
-  targetMachines = [
-    "ssh"
-    "nixops4"
-  ];
-  pathToRoot = ../../..;
-  pathFromRoot = ./.;
-  enableAcme = true;
-}
diff --git a/deployment/check/data-model/default.nix b/deployment/check/data-model/default.nix
deleted file mode 100644
index 1815f19a..00000000
--- a/deployment/check/data-model/default.nix
+++ /dev/null
@@ -1,21 +0,0 @@
-{
-  runNixOSTest,
-  inputs,
-  sources,
-}:
-
-runNixOSTest {
-  imports = [
-    ../../data-model.nix
-    ../../function.nix
-    ../common/nixosTest.nix
-    ./nixosTest.nix
-  ];
-  _module.args = { inherit inputs sources; };
-  inherit (import ./constants.nix)
-    targetMachines
-    pathToRoot
-    pathFromRoot
-    enableAcme
-    ;
-}
diff --git a/deployment/check/data-model/flake-under-test.nix b/deployment/check/data-model/flake-under-test.nix
deleted file mode 100644
index 60b0ee38..00000000
--- a/deployment/check/data-model/flake-under-test.nix
+++ /dev/null
@@ -1,29 +0,0 @@
-{
-  inputs = {
-    nixops4.follows = "nixops4-nixos/nixops4";
-    nixops4-nixos.url = "github:nixops4/nixops4-nixos";
-  };
-
-  outputs =
-    inputs:
-    import ./mkFlake.nix inputs (
-      { inputs, ... }:
-      let
-        system = "x86_64-linux";
-      in
-      {
-        imports = [
-          inputs.nixops4.modules.flake.default
-        ];
-
-        nixops4Deployments.check-deployment-model =
-          (import ./deployment/check/common/data-model.nix {
-            inherit system inputs;
-            config = {
-              inherit (import ./deployment/check/data-model/constants.nix) pathToRoot pathFromRoot;
-              nodeName = "nixops4";
-            };
-          })."nixops4-deployment".nixops4;
-      }
-    );
-}
diff --git a/deployment/check/data-model/nixosTest.nix b/deployment/check/data-model/nixosTest.nix
deleted file mode 100644
index a10c32e6..00000000
--- a/deployment/check/data-model/nixosTest.nix
+++ /dev/null
@@ -1,123 +0,0 @@
-{
-  lib,
-  config,
-  pkgs,
-  inputs,
-  ...
-}:
-let
-  inherit (import ./constants.nix) pathToRoot;
-  escapedJson = v: lib.replaceStrings [ "\"" ] [ "\\\\\"" ] (lib.strings.toJSON v);
-  deployment-config = {
-    inherit (import ./constants.nix) pathToRoot pathFromRoot;
-    inherit (config) enableAcme;
-    acmeNodeIP = if config.enableAcme then config.nodes.acme.networking.primaryIPAddress else null;
-    nodeName = "ssh";
-  };
-  inherit
-    ((import ../common/data-model.nix {
-      inherit (pkgs) system;
-      inherit inputs;
-      config = deployment-config;
-    })."ssh-deployment".ssh-host.ssh
-    )
-    host
-    username
-    key-file
-    ;
-in
-{
-  _class = "nixosTest";
-  imports = [
-    ../common/data-model-options.nix
-  ];
-
-  name = "deployment-model";
-  sourceFileset = lib.fileset.unions [
-    ../../data-model.nix
-    ../../function.nix
-    ../common/data-model.nix
-    ../common/data-model-options.nix
-    ./constants.nix
-    (config.pathToCwd + "/flake-under-test.nix")
-  ];
-
-  nodes.deployer =
-    { pkgs, ... }:
-    {
-      environment.systemPackages = with pkgs; [
-        inputs.nixops4.packages.${system}.default
-        jq
-      ];
-
-      # FIXME: sad times
-      system.extraDependencies = with pkgs; [
-        jq
-        jq.inputDerivation
-      ];
-
-      system.extraDependenciesFromModule =
-        { pkgs, ... }:
-        {
-          environment.systemPackages = with pkgs; [
-            hello
-          ];
-        };
-    };
-
-  extraTestScript = ''
-    with subtest("nixops4"):
-      nixops4.fail("hello 1>&2")
-      deployer.succeed("nixops4 apply check-deployment-model --show-trace --verbose --no-interactive 1>&2")
-      nixops4.succeed("su - operator -c hello 1>&2")
-
-    with subtest("ssh: Check the status before deployment"):
-      ssh.fail("hello 1>&2")
-
-    with subtest("ssh: Run the deployment"):
-      deployer.succeed("""
-        set -euo pipefail
-
-        # INSTANTIATE
-        command=(nix-instantiate --show-trace --expr '
-          let
-            system = "${pkgs.system}"; # FIXME: what system are we deploying to?
-          in
-          import ${pathToRoot}/deployment/nixos.nix {
-            inherit system;
-            configuration = (
-              import ${pathToRoot}/deployment/check/common/data-model.nix {
-                inherit system;
-                config = builtins.fromJSON "${escapedJson deployment-config}";
-              }
-            )."ssh-deployment".ssh-host.nixos-configuration;
-          }
-        ')
-        # DEPLOY
-        host="${lib.defaultTo "root" username}@${host}"
-        sshOpts=(
-          ${if key-file == null then "" else "-i ${key-file}"}
-          -o StrictHostKeyChecking=no
-          -o "ConnectTimeout=1"
-          -o "ServerAliveInterval=1"
-        )
-        # instantiate the config in /nix/store
-        "''${command[@]}" --show-trace -A out_path
-        # get the realized derivation to deploy
-        outPath=$(nix-store --realize "$("''${command[@]}" --show-trace --eval --strict --json | jq -r '.drv_path')")
-        # deploy the config by nix-copy-closure
-        NIX_SSHOPTS="''${sshOpts[*]}" nix-copy-closure --to "$host" "$outPath" --gzip --use-substitutes
-        # switch the remote host to the config
-        output=$(ssh "''${sshOpts[@]}" "$host" "nix-env --profile /nix/var/nix/profiles/system --set $outPath; nohup $outPath/bin/switch-to-configuration switch &" 2>&1) || echo "status code: $?"
-        echo "output: $output"
-        if [[ $output != *"Timeout, server ssh not responding"* ]]; then
-          echo "non-timeout error: $output"
-          exit 1
-        else
-          exit 0
-        fi
-      """)
-      ssh.wait_for_unit("multi-user.target")
-      ssh.succeed("su - operator -c hello 1>&2")
-  '';
-}
diff --git a/deployment/flake-part.nix b/deployment/flake-part.nix
index c1d469b6..1b67a386 100644
--- a/deployment/flake-part.nix
+++ b/deployment/flake-part.nix
@@ -27,7 +27,12 @@
           inherit inputs sources;
         };
 
-        deployment-model = import ./check/data-model {
+        deployment-model-ssh = import ./check/data-model-ssh {
+          inherit (pkgs.testers) runNixOSTest;
+          inherit inputs sources;
+        };
+
+        deployment-model-nixops4 = import ./check/data-model-nixops4 {
           inherit (pkgs.testers) runNixOSTest;
           inherit inputs sources;
         };