nixos/test-driver: add backdoor based on systemd-ssh-proxy & AF_VSOCK

With this it's possible to trivially SSH into running machines from the
test-driver. This is especially useful when running VM tests
interactively on a remote system.

This is based on `systemd-ssh-proxy(1)`, so there's no need to configure
any additional networking on the host-side.

Suggested-by: Ryan Lahfa <masterancpp@gmail.com>

nixos/modules/testing/test-instrumentation.nix

@@ -87,6 +87,10 @@ in
       machine.switch_root() to leave stage 1 and proceed to stage 2
     '';
 
+    sshBackdoor = {
+      enable = mkEnableOption "vsock-based ssh backdoor for the VM";
+    };
+
   };
 
   config = {
@@ -100,6 +104,18 @@ in
       }
     ];
 
+    services.openssh = mkIf config.testing.sshBackdoor.enable {
+      enable = true;
+      settings = {
+        PermitRootLogin = "yes";
+        PermitEmptyPasswords = "yes";
+      };
+    };
+
+    security.pam.services.sshd = mkIf config.testing.sshBackdoor.enable {
+      allowNullPassword = true;
+    };
+
     systemd.services.backdoor = lib.mkMerge [
       backdoorService
       {
@@ -175,6 +191,10 @@ in
         #       we avoid defining attributes if not possible.
         # TODO: refactor such that test-instrumentation can import qemu-vm
         package = lib.mkDefault pkgs.qemu_test;
+
+        options = mkIf config.testing.sshBackdoor.enable [
+          "-device vhost-vsock-pci,guest-cid=${toString (config.virtualisation.test.nodeNumber + 2)}"
+        ];
       };
     };