nixosTests/systemd-initrd-luks-tpm2: replace direct bootctl call with switch-to-configuration invocation

nixos/tests/systemd-initrd-luks-tpm2.nix

@@ -35,21 +35,27 @@
       };
     };
 
-  testScript = ''
-    # Create encrypted volume
-    machine.wait_for_unit("multi-user.target")
-    machine.succeed("echo -n supersecret | cryptsetup luksFormat -q --iter-time=1 /dev/vdb -")
-    machine.succeed("echo -n supersecret | cryptsetup luksOpen -q /dev/vdb cryptroot")
-    machine.succeed("mkfs.ext4 /dev/mapper/cryptroot")
-    machine.succeed("PASSWORD=supersecret SYSTEMD_LOG_LEVEL=debug systemd-cryptenroll --tpm2-pcrs= --tpm2-device=auto /dev/vdb |& systemd-cat")
+  testScript =
+    { nodes, ... }:
+    let
+      boot-luks = nodes.machine.specialisation.boot-luks.configuration.system.build.toplevel;
+    in
+    # python
+    ''
+      # Create encrypted volume
+      machine.wait_for_unit("multi-user.target")
+      machine.succeed("echo -n supersecret | cryptsetup luksFormat -q --iter-time=1 /dev/vdb -")
+      machine.succeed("echo -n supersecret | cryptsetup luksOpen -q /dev/vdb cryptroot")
+      machine.succeed("mkfs.ext4 /dev/mapper/cryptroot")
+      machine.succeed("PASSWORD=supersecret SYSTEMD_LOG_LEVEL=debug systemd-cryptenroll --tpm2-pcrs= --tpm2-device=auto /dev/vdb |& systemd-cat")
 
-    # Boot from the encrypted disk
-    machine.succeed("bootctl set-default nixos-generation-1-specialisation-boot-luks.conf")
-    machine.succeed("sync")
-    machine.crash()
+      # Boot from the encrypted disk
+      machine.succeed("${boot-luks}/bin/switch-to-configuration boot")
+      machine.succeed("sync")
+      machine.crash()
 
-    # Boot and decrypt the disk
-    machine.wait_for_unit("multi-user.target")
-    assert "/dev/mapper/cryptroot on / type ext4" in machine.succeed("mount")
-  '';
+      # Boot and decrypt the disk
+      machine.wait_for_unit("multi-user.target")
+      assert "/dev/mapper/cryptroot on / type ext4" in machine.succeed("mount")
+    '';
 }