# This doesn't seem to work for some reason. I wonder why.
# The VMs themselves don't want to launch properly.
kittybox:
{ lib, system, ... }: let
  kittyboxModule = { config, pkgs, lib, ... }: {
    imports = [ kittybox.nixosModule commonModule ];

    services.kittybox = {
      enable = true;
      tokenEndpoint = "https://example.com";
      authorizationEndpoint = "https://example.com";
      backendUri = "file:///srv/kittybox";
    };

    environment.systemPackages = with pkgs; [ xh curl ];

    virtualisation.fileSystems."/srv" = {
      fsType = "nfs";
      options = [ "vers=4" ];
      device = "primrose:/";
    };

    systemd.services.kittybox = {
      bindsTo = [ "srv.mount" ];
      after = [ "srv.mount" ];
      serviceConfig = {
        DynamicUser = lib.mkForce false;
        User = "kittybox";
        Group = "kittybox";
      };
    };
  };
  commonModule = {
    users.users.kittybox = {
      isSystemUser = true;
      uid = 990;
      group = "kittybox";
    };
    users.groups.kittybox.gid = 990;
    networking.firewall.enable = false;
  };
in {
  name = "kittybox-distributed";

  nodes = {
    primrose = { config, pkgs, lib, ... }: {
      imports = [ commonModule ];
      services.nfs.server.enable = true;
      services.nfs.server.createMountPoints = true;
      services.nfs.server.exports = ''
        /srv 192.168.1.0/255.255.255.0(rw,no_root_squash,no_subtree_check,fsid=0)
      '';
      systemd.tmpfiles.rules = [
        "d /srv/kittybox 1750 kittybox root -"
      ];
    };
    longiflorum = { config, pkgs, lib, ... }: {
      imports = [ kittyboxModule ];
    };
    amaranthus = { config, pkgs, lib, ... }: {
      imports = [ kittyboxModule ];
    };
    hydrangea = { config, pkgs, lib, ... }: {
      imports = [ kittyboxModule ];
    };
  };

  testScript = ''
    primary = primrose;
    servants = [longiflorum, amaranthus, hydrangea];

    primary.wait_for_unit("nfs-server")
    primary.succeed("systemctl start network-online.target")
    primary.wait_for_unit("network-online.target")

    start_all()

    for machine in servants:
        machine.wait_for_open_port(8080)

    # Onboarding
    servants[0].copy_from_host("${./onboarding.json}", "/root/onboarding.json")
    servants[0].succeed("curl -vvv http://localhost:8080/onboarding -d@/root/onboarding.json -H 'Content-Type: application/json'")

    # Check that all machines got this address onboarded
    for machine in servants:
        machine.succeed("curl --silent http://localhost:8080/ | grep 'vestige of the past long gone'")
  '';
}