{
  pkgs,
  ...
}:
{
  name = "pam_honeypot-test";
  hostPkgs = pkgs;
  node.pkgs = pkgs;
  nodes.machine =
    { ... }:
    {
      imports = [ ./module.nix ];
    };
  testScript = ''
    machine.wait_for_unit("multi-user.target")

    with subtest("create user"):
        machine.succeed("useradd -m alice")
        machine.succeed("(echo foobar; echo foobar) | passwd alice")

    with subtest("Switch to tty2 and wait for agetty"):
        machine.send_key("alt-f2")
        machine.wait_until_succeeds("[ $(fgconsole) = 2 ]")
        machine.wait_for_unit("getty@tty2.service")
        machine.wait_until_succeeds("pgrep -f 'agetty.*tty2'")

    with subtest("Log in with honeypot credentials should fail and be logged"):
        machine.wait_until_tty_matches("2", "login: ")
        machine.send_chars("Admin\n")
        machine.wait_until_tty_matches("2", "login: Admin")
        machine.wait_until_succeeds("pgrep login")
        machine.wait_until_tty_matches("2", "Password: ")
        machine.send_chars("AdminPwdQ1\n")
        machine.wait_until_tty_matches("2", "login: ")
        machine.succeed("journalctl | grep 'log in with the honeypot credentials'")

    with subtest("Switch to tty3 and wait for agetty"):
        machine.send_key("alt-f3")
        machine.wait_until_succeeds("[ $(fgconsole) = 3 ]")
        machine.wait_for_unit("getty@tty3.service")
        machine.wait_until_succeeds("pgrep -f 'agetty.*tty3'")

    with subtest("Log in as alice on a virtual console should still work"):
        machine.wait_until_tty_matches("3", "login: ")
        machine.send_chars("alice\n")
        machine.wait_until_tty_matches("3", "login: alice")
        machine.wait_until_succeeds("pgrep login")
        machine.wait_until_tty_matches("3", "Password: ")
        machine.send_chars("foobar\n")
        machine.wait_until_succeeds("pgrep -u alice bash")
  '';
}