import ./make-test-python.nix ({ pkgs, ... }:
let
  fakeReply = pkgs.writeText "namecoin-reply.json" ''
  { "error": null,
    "id": 1,
    "result": {
      "address": "T31q8ucJ4dI1xzhxQ5QispfECld5c7Xw",
      "expired": false,
      "expires_in": 2248,
      "height": 438155,
      "name": "d/test",
      "txid": "db61c0b2540ba0c1a2c8cc92af703a37002e7566ecea4dbf8727c7191421edfb",
      "value": "{\"ip\": \"1.2.3.4\", \"email\": \"root@test.bit\",\"info\": \"Fake record\"}",
      "vout": 0
    }
  }
  '';
in

{
  name = "ncdns";

  nodes.server = { ... }: {
    networking.nameservers = [ "127.0.0.1" ];

    services.namecoind.rpc = {
      address = "127.0.0.1";
      user = "namecoin";
      password = "secret";
      port = 8332;
    };

    # Fake namecoin RPC server because we can't
    # run a full node in a test.
    systemd.services.namecoind = {
      wantedBy = [ "multi-user.target" ];
      script = ''
        while true; do
          echo -e "HTTP/1.1 200 OK\n\n $(<${fakeReply})\n" \
            | ${pkgs.netcat}/bin/nc -N -l 127.0.0.1 8332
        done
      '';
    };

    services.ncdns = {
      enable = true;
      dnssec.enable = true;
    };

    services.pdns-recursor = {
      enable = true;
      dns.allowFrom = [ "127.0.0.0/8" ];
      settings.loglevel = 8;
      resolveNamecoin = true;
    };

    environment.systemPackages = [ pkgs.dnsutils ];

  };

  testScript = ''
    with subtest("DNSSEC keys have been generated"):
        server.wait_for_unit("ncdns")
        server.wait_for_file("/var/lib/ncdns/bit.key")
        server.wait_for_file("/var/lib/ncdns/bit-zone.key")

    with subtest("DNSKEY bit record is present"):
        server.wait_for_unit("pdns-recursor")
        server.wait_for_open_port("53")
        server.succeed("host -t DNSKEY bit")

    with subtest("can resolve a .bit name"):
        server.wait_for_unit("namecoind")
        server.wait_for_open_port("8332")
        assert "1.2.3.4" in server.succeed("host -t A test.bit")
  '';
})