From 0e5f92985160e5a9064861882179b6d4878f2220 Mon Sep 17 00:00:00 2001
From: nikstur <nikstur@outlook.com>
Date: Fri, 23 Feb 2024 00:00:37 +0100
Subject: [PATCH] nixos/tests/qemu-vm-store: init

---
 nixos/tests/all-tests.nix     |  1 +
 nixos/tests/qemu-vm-store.nix | 71 +++++++++++++++++++++++++++++++++++
 2 files changed, 72 insertions(+)
 create mode 100644 nixos/tests/qemu-vm-store.nix

diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix
index 29eb36ab1f28..6503aa5bda7f 100644
--- a/nixos/tests/all-tests.nix
+++ b/nixos/tests/all-tests.nix
@@ -799,6 +799,7 @@ in {
   qemu-vm-restrictnetwork = handleTest ./qemu-vm-restrictnetwork.nix {};
   qemu-vm-volatile-root = runTest ./qemu-vm-volatile-root.nix;
   qemu-vm-external-disk-image = runTest ./qemu-vm-external-disk-image.nix;
+  qemu-vm-store = runTest ./qemu-vm-store.nix;
   qgis = handleTest ./qgis.nix { qgisPackage = pkgs.qgis; };
   qgis-ltr = handleTest ./qgis.nix { qgisPackage = pkgs.qgis-ltr; };
   qownnotes = handleTest ./qownnotes.nix {};
diff --git a/nixos/tests/qemu-vm-store.nix b/nixos/tests/qemu-vm-store.nix
new file mode 100644
index 000000000000..9fb9f4baaafc
--- /dev/null
+++ b/nixos/tests/qemu-vm-store.nix
@@ -0,0 +1,71 @@
+{ lib, ... }: {
+
+  name = "qemu-vm-store";
+
+  meta.maintainers = with lib.maintainers; [ nikstur ];
+
+  nodes = {
+    sharedWritable = {
+      virtualisation.writableStore = true;
+    };
+
+    sharedReadOnly = {
+      virtualisation.writableStore = false;
+    };
+
+    imageWritable = {
+      virtualisation.useNixStoreImage = true;
+      virtualisation.writableStore = true;
+    };
+
+    imageReadOnly = {
+      virtualisation.useNixStoreImage = true;
+      virtualisation.writableStore = false;
+    };
+
+    fullDisk = {
+      virtualisation.useBootLoader = true;
+    };
+  };
+
+  testScript = ''
+    build_derivation = """
+      nix-build --option substitute false -E 'derivation {
+        name = "t";
+        builder = "/bin/sh";
+        args = ["-c" "echo something > $out"];
+        system = builtins.currentSystem;
+        preferLocalBuild = true;
+      }'
+    """
+
+    start_all()
+
+    with subtest("Nix Store is writable"):
+      sharedWritable.succeed(build_derivation)
+      imageWritable.succeed(build_derivation)
+      fullDisk.succeed(build_derivation)
+
+    with subtest("Nix Store is read only"):
+      sharedReadOnly.fail(build_derivation)
+      imageReadOnly.fail(build_derivation)
+
+    # Checking whether the fs type is 9P is just a proxy to test whether the
+    # Nix Store is shared. If we switch to a different technology (e.g.
+    # virtiofs) for sharing, we need to adjust these tests.
+
+    with subtest("Nix store is shared from the host via 9P"):
+      sharedWritable.succeed("findmnt --kernel --type 9P /nix/.ro-store")
+      sharedReadOnly.succeed("findmnt --kernel --type 9P /nix/.ro-store")
+
+    with subtest("Nix store is not shared via 9P"):
+      imageWritable.fail("findmnt --kernel --type 9P /nix/.ro-store")
+      imageReadOnly.fail("findmnt --kernel --type 9P /nix/.ro-store")
+
+    with subtest("Nix store is not mounted separately"):
+      rootDevice = fullDisk.succeed("stat -c %d /")
+      nixStoreDevice = fullDisk.succeed("stat -c %d /nix/store")
+      assert rootDevice == nixStoreDevice, "Nix store is mounted separately from the root fs"
+  '';
+
+}