5 changed files with 74 additions and 22 deletions
--- a/deployment/check/common/deployerNode.nix
+++ b/deployment/check/common/deployerNode.nix
@ -49,16 +49,12 @@ in
      substituters = mkForce [ ];
      hashed-mirrors = null;
      connect-timeout = 1;
+      download-attempts = 1;
      extra-experimental-features = "flakes";
    };

    system.extraDependencies =
      [
-        inputs.nixops4
-        inputs.nixops4-nixos
-        inputs.nixpkgs
-
-        sources.flake-parts
        sources.nixpkgs

        sources.flake-inputs
--- a/deployment/check/common/targetNode.nix
+++ b/deployment/check/common/targetNode.nix
@ -18,6 +18,7 @@ in
    (modulesPath + "/profiles/qemu-guest.nix")
    (modulesPath + "/../lib/testing/nixos-test-base.nix")
    ./sharedOptions.nix
+    ../../../infra/common/nixos/users.nix
  ];

  config = mkMerge [
@ -28,11 +29,12 @@ in
      system.switch.enable = true;

      nix = {
-        # short-cut network time-outs
-        settings.download-attempts = 1;
        ## Not used; save a large copy operation
        channel.enable = false;
        registry = lib.mkForce { };
+        settings = {
+          download-attempts = 1;
+        };
      };

      services.openssh = {
@ -40,10 +42,46 @@ in
        settings.PermitRootLogin = "yes";
      };

-      networking.firewall.allowedTCPPorts = [ 22 ];
+      networking = {
+        firewall.enable = false;
+        enableIPv6 = false;
+      };
+
+      services.getty.autologinUser = lib.mkForce "root";

      ## Test VMs don't have a bootloader by default.
-      boot.loader.grub.enable = false;
+      # boot.loader = {
+      #   # GRUB enabled: installation of GRUB on /dev/disk/by-id/virtio-root failed: No such file or directory
+      #   grub.enable = false;
+      #   # systemd boot enabled: '/boot' is not a mounted partition. Is the path configured correctly?
+      #   systemd-boot.enable = true;
+      #   efi.canTouchEfiVariables = true;
+      # };
+      # # same issue as no bootloader
+      # boot.loader.generic-extlinux-compatible.enable = false;
+      # builds but won't boot back up
+      boot.loader.grub.forceInstall = true;
+      # # builds but won't boot back up
+      # # to be used with --no-bootloader, which i could only find for flakes
+      # boot.loader.grub.enable = false;
+
+      users.mutableUsers = false;
+      users.users.root = {
+        password = "password";
+        hashedPassword = null;
+        hashedPasswordFile = null;
+        openssh.authorizedKeys.keys =
+          let
+            keys = import ../../../keys;
+          in
+          lib.attrValues keys.contributors
+          ++ [
+            # allow our panel vm access to the test machines
+            keys.panel
+            # allow continuous deployment access
+            keys.cd
+          ];
+      };
    }

    (mkIf config.enableAcme {
--- a/deployment/check/data-model/deployment.nix
+++ b/deployment/check/data-model/deployment.nix
@ -1,11 +1,13 @@
 {
  inputs,
+  # sources,
  lib,
  config,
  ...
 }:

 let
+  # inherit (import ./constants.nix) targetMachines pathToRoot pathFromRoot;
  eval =
    module:
    (lib.evalModules {
--- a/deployment/check/data-model/nixosTest.nix
+++ b/deployment/check/data-model/nixosTest.nix
@ -42,6 +42,7 @@ in
        {
          environment.systemPackages = with pkgs; [
            hello
+            cowsay
            automake
            autoconf
          ];
@ -65,6 +66,14 @@ in

              '
              let
+                args = builtins.fromJSON "${
+                  lib.replaceStrings [ "\"" ] [ "\\\\\"" ] (
+                    lib.strings.toJSON {
+                      inherit sources;
+                    }
+                  )
+                }";
+                inherit (args) sources;
                configuration = { pkgs, config, ... }: {
                  imports = [
                    ${pathToRoot}/deployment/check/common/sharedOptions.nix
@ -81,8 +90,24 @@ in
                    autoconf
                  ];
                };
+                eval = import "${sources.nixpkgs}/nixos/lib/eval-config.nix" {
+                  system = builtins.currentSystem;
+                  specialArgs = {
+                    inherit sources;
+                  };
+                  modules = [ configuration ];
+                };
+                os = {
+                  inherit (eval) pkgs config options;
+                  system = eval.config.system.build.toplevel;
+                  inherit (eval.config.system.build) vm vmWithBootLoader;
+                };
              in
-              import ${pathToRoot}/deployment/nixos.nix { inherit configuration; }
+              # import "${pathToRoot}/deployment/nixos.nix" {}
+              {
+                drv_path = os.config.system.build.toplevel.drvPath;
+                out_path = os.config.system.build.toplevel;
+              }
              '
            )
            # instantiate the config in /nix/store
--- a/deployment/nixos.nix
+++ b/deployment/nixos.nix
@ -4,20 +4,11 @@
 }:
 let
  sources = import ../npins;
-  eval = import "${sources.nixpkgs}/nixos/lib/eval-config.nix" {
-    inherit system;
-    specialArgs = {
-      inherit sources;
-    };
-    modules = [ configuration ];
-  };
-  os = {
-    inherit (eval) pkgs config options;
-    system = eval.config.system.build.toplevel;
-    inherit (eval.config.system.build) vm vmWithBootLoader;
-  };
+  os = import "${sources.nixpkgs}/nixos" { inherit system configuration; };
 in
 {
+  substituters = builtins.concatStringsSep " " os.config.nix.settings.substituters;
+  trusted_public_keys = builtins.concatStringsSep " " os.config.nix.settings.trusted-public-keys;
  drv_path = os.config.system.build.toplevel.drvPath;
  out_path = os.config.system.build.toplevel;
 }