# Inspired by this file: /nixpkgs/nixos/tests/nsd.nix
{
  nixos-lib,
  pkgsUnstable,
  nixpkgs-unstable,
  vhackPackages,
  pkgs,
  extraModules,
  nixLib,
  ...
}: let
  common = {...}: {
    networking.firewall.enable = false;
    networking.dhcpcd.enable = false;
  };

  mkClient = version: {
    lib,
    nodes,
    ...
  }: {
    environment.systemPackages = [pkgs.dig pkgs.dig.dnsutils];

    imports = [common];
    networking.nameservers = lib.mkForce [
      (lib.head nodes.server.networking.interfaces.eth1."${version}".addresses).address
    ];
  };
in
  nixos-lib.runTest {
    hostPkgs = pkgs; # the Nixpkgs package set used outside the VMs

    name = "dns";

    node = {
      specialArgs = {inherit pkgsUnstable vhackPackages nixpkgs-unstable nixLib;};

      # Use the nixpkgs as constructed by the `nixpkgs.*` options
      pkgs = null;
    };

    nodes = {
      server = {
        config,
        lib,
        ...
      }: {
        imports =
          extraModules
          ++ [
            ../../../../modules
            common
          ];

        vhack = {
          dns = {
            enable = true;
            interfaces = lib.debug.traceValSeqN 2 [
              (lib.head config.networking.interfaces.eth1.ipv4.addresses).address
              (lib.head config.networking.interfaces.eth1.ipv6.addresses).address
            ];
            zones = {
              "example.com" = {
                SOA = {
                  nameServer = "ns";
                  adminEmail = "admin@example.com";
                  serial = 2024012301;
                };

                useOrigin = false;
                NS = [
                  "ns.example.com."
                ];

                subdomains = {
                  ns = {
                    A = ["192.168.1.3"];
                  };
                  ipv4 = {
                    A = ["1.2.3.4"];
                  };
                  ipv6 = {
                    AAAA = ["dead:beef::1"];
                  };
                  openpgpkey = {
                    TXT = ["Hi!"];
                  };
                };
              };
            };
          };
        };
      };

      clientV4 = mkClient "ipv4";
      clientV6 = mkClient "ipv6";
    };

    testScript = {nodes, ...}:
    /*
    python
    */
    ''
      start_all()

      clientV4.wait_for_unit("network.target")
      clientV6.wait_for_unit("network.target")
      server.wait_for_unit("nsd.service")

      def assert_host(ipVersion, dnsRecordType, dnsQuery, expected):
          self = clientV4 if ipVersion == 4 else clientV6
          out = self.succeed(f"host -{ipVersion} -t {dnsRecordType} {dnsQuery}").rstrip()
          self.log(f"output: {out}")
          import re
          assert re.search(expected, out), f"DNS IPv{ipVersion} dnsQuery on {dnsQuery} gave '{out}' instead of '{expected}'"


      for ipv in 4, 6:
          with subtest(f"IPv{ipv}"):
              assert_host(ipv, "a", "example.com", "has no [^ ]+ record")
              assert_host(ipv, "aaaa", "example.com", "has no [^ ]+ record")

              assert_host(ipv, "soa", "example.com", "SOA.*?admin\\.example\\.com")
              assert_host(ipv, "a", "ipv4.example.com", "address 1.2.3.4$")
              assert_host(ipv, "aaaa", "ipv6.example.com", "address dead:beef::1$")

              assert_host(ipv, "txt", "openpgpkey.example.com", "descriptive text \"Hi!\"$")
    '';
  }