nixos/test-driver: exit early if /dev/vhost-vsock isn't available

Right now it wrongly seems as if you can set
`sshBackdoor.enable = true;` for each test and not only for debugging
purposes.

This is wrong however since you'd need to pass /dev/vhost-vsock into the
sandbox for this (which is also a prerequisite for #392117).

To make that clear, two things were changed:

* add a warning to the manual to communicate this.
* exit both interactive and non-interactive driver early if
  /dev/vhost-vsock is missing and the ssh backdoor is enabled.

  If that's the case, we pass a CLI flag to the driver already in the
  interactive case. This change also sets the flag for the
  non-interactive case.

  That way we also get a better error if somebody tries to enable this
  on a system that doesn't support that.

Author: Ma27

nixos/doc/manual/development/running-nixos-tests-interactively.section.md

@@ -71,10 +71,19 @@ An SSH-based backdoor to log into machines can be enabled with
 {
   name = "…";
   nodes.machines = { /* … */ };
-  sshBackdoor.enable = true;
+  interactive.sshBackdoor.enable = true;
 }
 ```
 
+::: {.warning}
+Make sure to only enable the backdoor for interactive tests
+(i.e. by using `interactive.sshBackdoor.enable`)! This is the only
+supported configuration.
+
+Running a test in a sandbox with this will fail because `/dev/vhost-vsock` isn't available
+in the sandbox.
+:::
+
 This creates a [vsock socket](https://man7.org/linux/man-pages/man7/vsock.7.html)
 for each VM to log in with SSH. This configures root login with an empty password.
 

nixos/lib/testing/run.nix

@@ -43,27 +43,30 @@ in
   };
 
   config = {
-    rawTestDerivation = hostPkgs.stdenv.mkDerivation {
-      name = "vm-test-run-${config.name}";
+    rawTestDerivation =
+      assert lib.assertMsg (!config.sshBackdoor.enable)
+        "The SSH backdoor is currently not supported for non-interactive testing! Please make sure to only set `interactive.sshBackdoor.enable = true;`!";
+      hostPkgs.stdenv.mkDerivation {
+        name = "vm-test-run-${config.name}";
 
-      requiredSystemFeatures =
-        [ "nixos-test" ]
-        ++ lib.optionals hostPkgs.stdenv.hostPlatform.isLinux [ "kvm" ]
-        ++ lib.optionals hostPkgs.stdenv.hostPlatform.isDarwin [ "apple-virt" ];
+        requiredSystemFeatures =
+          [ "nixos-test" ]
+          ++ lib.optionals hostPkgs.stdenv.hostPlatform.isLinux [ "kvm" ]
+          ++ lib.optionals hostPkgs.stdenv.hostPlatform.isDarwin [ "apple-virt" ];
 
-      buildCommand = ''
-        mkdir -p $out
+        buildCommand = ''
+          mkdir -p $out
 
-        # effectively mute the XMLLogger
-        export LOGFILE=/dev/null
+          # effectively mute the XMLLogger
+          export LOGFILE=/dev/null
 
-        ${config.driver}/bin/nixos-test-driver -o $out
-      '';
+          ${config.driver}/bin/nixos-test-driver -o $out
+        '';
 
-      passthru = config.passthru;
+        passthru = config.passthru;
 
-      meta = config.meta;
-    };
+        meta = config.meta;
+      };
     test = lib.lazyDerivation {
       # lazyDerivation improves performance when only passthru items and/or meta are used.
       derivation = config.rawTestDerivation;