#!/usr/bin/env bats
# Integration tests for configuration files
# Validates preseed, package lists, and hook configurations
# Copyright © 2026 Known Element Enterprises LLC
# License: GNU Affero General Public License v3.0 only

# =============================================================================
# PRESEED CONFIGURATION TESTS
# =============================================================================

@test "preseed.cfg exists" {
    [ -f "/workspace/config/includes.installer/preseed.cfg" ]
}

@test "preseed.cfg is not empty" {
    [ -s "/workspace/config/includes.installer/preseed.cfg" ]
}

@test "preseed has locale configuration" {
    grep -q "locales\|locale" /workspace/config/includes.installer/preseed.cfg
}

@test "preseed has keyboard configuration" {
    grep -q "keyboard\|console-keymaps" /workspace/config/includes.installer/preseed.cfg
}

@test "preseed has network configuration" {
    grep -q "netcfg\|network" /workspace/config/includes.installer/preseed.cfg
}

@test "preseed has timezone configuration" {
    grep -q "time\|zone" /workspace/config/includes.installer/preseed.cfg
}

@test "preseed has partition configuration" {
    grep -q "partman\|partition" /workspace/config/includes.installer/preseed.cfg
}

@test "preseed has crypto/encryption configuration" {
    grep -q "crypto\|Crypto\|encrypted\|luks" /workspace/config/includes.installer/preseed.cfg || true
}

@test "preseed has boot loader configuration" {
    grep -q "grub\|grub-installer\|bootloader" /workspace/config/includes.installer/preseed.cfg
}

@test "preseed has package selection" {
    grep -q "tasksel\|pkgsel\|popularity-contest" /workspace/config/includes.installer/preseed.cfg
}

@test "preseed finishes installation automatically" {
    grep -q "finish-install" /workspace/config/includes.installer/preseed.cfg
}

# =============================================================================
# PACKAGE LIST TESTS
# =============================================================================

@test "package list exists" {
    [ -f "/workspace/config/package-lists/knel-football.list.chroot" ]
}

@test "package list is not empty" {
    [ -s "/workspace/config/package-lists/knel-football.list.chroot" ]
}

@test "package list has comments explaining sections" {
    grep -q "^#" /workspace/config/package-lists/knel-football.list.chroot
}

# Core system packages

@test "package list contains linux kernel" {
    grep -q "linux-image-amd64" /workspace/config/package-lists/knel-football.list.chroot
}

@test "package list contains initramfs tools" {
    grep -q "initramfs-tools" /workspace/config/package-lists/knel-football.list.chroot
}

# Secure Boot packages (FR-004)

@test "package list contains shim-signed for Secure Boot" {
    grep -q "shim-signed" /workspace/config/package-lists/knel-football.list.chroot
}

@test "package list contains grub-efi-amd64-signed for Secure Boot" {
    grep -q "grub-efi-amd64-signed" /workspace/config/package-lists/knel-football.list.chroot
}

@test "package list contains grub-efi-amd64-bin" {
    grep -q "grub-efi-amd64-bin" /workspace/config/package-lists/knel-football.list.chroot
}

@test "package list contains efibootmgr for UEFI" {
    grep -q "efibootmgr" /workspace/config/package-lists/knel-football.list.chroot
}

# Desktop environment packages (FR-003)

@test "package list contains icewm window manager" {
    grep -q "icewm" /workspace/config/package-lists/knel-football.list.chroot
}

@test "package list contains lightdm display manager" {
    grep -q "lightdm" /workspace/config/package-lists/knel-football.list.chroot
}

@test "package list contains X.org server" {
    grep -q "xorg" /workspace/config/package-lists/knel-football.list.chroot
}

# Application packages

@test "package list contains remmina for RDP" {
    grep -q "remmina" /workspace/config/package-lists/knel-football.list.chroot
}

@test "package list contains mousepad text editor" {
    grep -q "mousepad" /workspace/config/package-lists/knel-football.list.chroot
}

@test "package list contains pcmanfm file manager" {
    grep -q "pcmanfm" /workspace/config/package-lists/knel-football.list.chroot
}

# Network packages (FR-005, FR-006)

@test "package list contains WireGuard" {
    grep -q "wireguard" /workspace/config/package-lists/knel-football.list.chroot
}

@test "package list contains WireGuard tools" {
    grep -q "wireguard-tools" /workspace/config/package-lists/knel-football.list.chroot
}

@test "package list contains nftables for firewall" {
    grep -q "nftables" /workspace/config/package-lists/knel-football.list.chroot
}

@test "package list contains SSH client only (FR-006)" {
    grep -q "openssh-client" /workspace/config/package-lists/knel-football.list.chroot
}

@test "package list does NOT contain SSH server" {
    ! grep -q "openssh-server" /workspace/config/package-lists/knel-football.list.chroot
}

@test "package list contains zbar-tools for QR codes" {
    grep -q "zbar-tools" /workspace/config/package-lists/knel-football.list.chroot
}

# Security packages

@test "package list contains auditd" {
    grep -q "auditd" /workspace/config/package-lists/knel-football.list.chroot
}

@test "package list contains audispd-plugins" {
    grep -q "audispd-plugins" /workspace/config/package-lists/knel-football.list.chroot
}

@test "package list contains AIDE for FIM" {
    grep -q "aide" /workspace/config/package-lists/knel-football.list.chroot
}

@test "package list contains sudo" {
    grep -q "sudo" /workspace/config/package-lists/knel-football.list.chroot
}

@test "package list contains rsyslog" {
    grep -q "rsyslog" /workspace/config/package-lists/knel-football.list.chroot
}

# Filesystem support

@test "package list contains e2fsprogs" {
    grep -q "e2fsprogs" /workspace/config/package-lists/knel-football.list.chroot
}

@test "package list contains dosfstools" {
    grep -q "dosfstools" /workspace/config/package-lists/knel-football.list.chroot
}

@test "package list contains ntfs-3g" {
    grep -q "ntfs-3g" /workspace/config/package-lists/knel-football.list.chroot
}

# =============================================================================
# LIVE HOOKS CONFIGURATION TESTS
# =============================================================================

@test "desktop-environment.sh hook exists" {
    [ -f "/workspace/config/hooks/live/desktop-environment.sh" ]
}

@test "desktop-environment.sh is executable" {
    [ -x "/workspace/config/hooks/live/desktop-environment.sh" ]
}

@test "desktop-environment.sh configures icewm" {
    grep -q "icewm" /workspace/config/hooks/live/desktop-environment.sh
}

@test "firewall-setup.sh hook exists" {
    [ -f "/workspace/config/hooks/live/firewall-setup.sh" ]
}

@test "firewall-setup.sh is executable" {
    [ -x "/workspace/config/hooks/live/firewall-setup.sh" ]
}

@test "firewall-setup.sh uses nftables" {
    grep -q "nft\|nftables" /workspace/config/hooks/live/firewall-setup.sh
}

@test "qr-code-import.sh hook exists" {
    [ -f "/workspace/config/hooks/live/qr-code-import.sh" ]
}

@test "qr-code-import.sh is executable" {
    [ -x "/workspace/config/hooks/live/qr-code-import.sh" ]
}

@test "qr-code-import.sh handles QR codes" {
    grep -q "qr\|QR\|zbar" /workspace/config/hooks/live/qr-code-import.sh
}

@test "security-hardening.sh hook exists" {
    [ -f "/workspace/config/hooks/live/security-hardening.sh" ]
}

@test "security-hardening.sh is executable" {
    [ -x "/workspace/config/hooks/live/security-hardening.sh" ]
}

@test "usb-automount.sh hook exists" {
    [ -f "/workspace/config/hooks/live/usb-automount.sh" ]
}

@test "usb-automount.sh is executable" {
    [ -x "/workspace/config/hooks/live/usb-automount.sh" ]
}

@test "usb-automount.sh configures automount" {
    grep -q "automount\|mount\|udev" /workspace/config/hooks/live/usb-automount.sh
}

# =============================================================================
# INSTALLED HOOKS CONFIGURATION TESTS
# =============================================================================

@test "encryption-setup.sh hook exists" {
    [ -f "/workspace/config/hooks/installed/encryption-setup.sh" ]
}

@test "encryption-setup.sh is executable" {
    [ -x "/workspace/config/hooks/installed/encryption-setup.sh" ]
}

@test "encryption-setup.sh uses LUKS2" {
    grep -q "luks2\|LUKS2" /workspace/config/hooks/installed/encryption-setup.sh
}

@test "encryption-setup.sh uses AES-256-XTS" {
    grep -q "aes-xts\|aes_xts\|AES-256" /workspace/config/hooks/installed/encryption-setup.sh
}

@test "encryption-validation.sh hook exists" {
    [ -f "/workspace/config/hooks/installed/encryption-validation.sh" ]
}

@test "encryption-validation.sh is executable" {
    [ -x "/workspace/config/hooks/installed/encryption-validation.sh" ]
}

@test "disable-package-management.sh hook exists" {
    [ -f "/workspace/config/hooks/installed/disable-package-management.sh" ]
}

@test "disable-package-management.sh is executable" {
    [ -x "/workspace/config/hooks/installed/disable-package-management.sh" ]
}

@test "disable-package-management.sh disables apt" {
    grep -q "apt\|dpkg\|package" /workspace/config/hooks/installed/disable-package-management.sh
}

@test "install-scripts.sh hook exists" {
    [ -f "/workspace/config/hooks/installed/install-scripts.sh" ]
}

@test "install-scripts.sh is executable" {
    [ -x "/workspace/config/hooks/installed/install-scripts.sh" ]
}

# =============================================================================
# SOURCE SCRIPT TESTS
# =============================================================================

@test "build-iso.sh uses Docker" {
    grep -q "docker" /workspace/src/build-iso.sh
}

@test "build-iso.sh references live-build" {
    grep -q "lb \|live-build" /workspace/src/build-iso.sh
}

@test "firewall-setup.sh has WireGuard port" {
    grep -q "wireguard\|WireGuard\|WG" /workspace/src/firewall-setup.sh
}

@test "security-hardening.sh blacklists WiFi" {
    grep -q "cfg80211\|wifi\|wireless" /workspace/src/security-hardening.sh
}

@test "security-hardening.sh blacklists Bluetooth" {
    grep -q "bluetooth\|btusb" /workspace/src/security-hardening.sh
}

@test "security-hardening.sh configures password quality" {
    grep -q "pwquality\|minlen\|dcredit" /workspace/src/security-hardening.sh
}

# =============================================================================
# DOCKERFILE TESTS
# =============================================================================

@test "Dockerfile exists" {
    [ -f "/workspace/Dockerfile" ]
}

@test "Dockerfile is not empty" {
    [ -s "/workspace/Dockerfile" ]
}

@test "Dockerfile is based on Debian" {
    grep -q "FROM debian\|FROM ubuntu" /workspace/Dockerfile
}

@test "Dockerfile installs build dependencies" {
    grep -q "apt-get\|apt install" /workspace/Dockerfile
}

@test "Dockerfile creates workspace directory" {
    grep -q "mkdir\|WORKDIR" /workspace/Dockerfile
}