{ testers, config, extendModules, lib, system }:

let
  lift = config;

  snakeoil = {
    ssh = {
      public = lib.fileContents ./snakeoil/ssh/snakeoil-key.pub;
      private = ./snakeoil/ssh/snakeoil-key;
    };
    wireguard = {
      public = lib.genAttrs nodes (node: lib.fileContents ./snakeoil/wireguard/public-key-${toString digits.${node}});
      private = lib.genAttrs nodes (node: ./snakeoil/wireguard/private-key-${toString digits.${node}});
    };
  };

  nodes = lib.attrNames config.gods.fromLight;
  digits = lib.attrsets.listToAttrs (lib.zipListsWith lib.nameValuePair nodes (lib.range 1 255));
  depot' = extendModules {
    modules = [
      ({ config, ... }: {
        gods.fromLight = lib.mapAttrs (name: cfg: {
          interfaces.primary = {
            link = lib.mkForce "eth1";
            addr = lib.mkForce "192.168.1.${toString digits.${name}}";
            addrPublic = lib.mkForce "192.168.1.${toString digits.${name}}";
          };
          ssh.id.publicKey = lib.mkForce snakeoil.ssh.public;
        }) lift.gods.fromLight;

        cluster = lib.mkForce (lift.cluster.extendModules {
          specialArgs.depot = config;
          modules = [
            {
              hostLinks = lib.genAttrs nodes (node: {
                mesh.extra = lib.mkForce (lift.cluster.config.hostLinks.${node}.mesh.extra // {
                  pubKey = snakeoil.wireguard.public.${node};
                });
              });
            }
          ];
        });
      })
    ];
  };
  specialArgs = depot'.config.lib.summon system lib.id;
in

testers.runNixOSTest {
  name = "simulacrum";

  node = { inherit specialArgs; };
  nodes = lib.genAttrs nodes (node: {
    imports = [
      specialArgs.depot.hours.${node}.nixos
      ./modules/nixos/age-dummy-secrets
      ./modules/nixos/external-storage.nix
    ] ++ depot'.config.cluster.config.out.injectNixosConfig node;

    systemd.services = {
      hyprspace.enable = false;
      cachix-agent.enable = false;
    };

    environment.etc = {
      "ssh/ssh_host_ed25519_key" = {
        source = snakeoil.ssh.private;
        mode = "0400";
      };
      "dummy-secrets/cluster-wireguard-meshPrivateKey".source = lib.mkForce snakeoil.wireguard.private.${node};
      "dummy-secrets/grafana-agent-blackbox-secret-monitoring".text = lib.mkForce ''
        SECRET_MONITORING_BLACKBOX_TARGET_1_NAME=example-external-service
        SECRET_MONITORING_BLACKBOX_TARGET_1_MODULE=http2xx
        SECRET_MONITORING_BLACKBOX_TARGET_1_ADDRESS=http://127.0.0.1:1
      '';
      "dummy-secrets/garageRpcSecret".text = lib.mkForce "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa";
    };
    virtualisation = {
      cores = 2;
      memorySize = 4096;
    };
  });

  testScript = ''
    grail.succeed("false")
  '';
}