This is unfortunately a similarly hard case as firewall in RHEL-88425. Basically the whole role – module_utils/network_lsr/nm/ , library/network_connections.py , library/network_state, the whole test setup etc. rely on runtime operations.

In my experimental branch I at least disabled the obvious test hardware setup and service: bits, then the tests at least get to the more interesting parts. Try e.g. tox -e container-ansible-core-2.16 – --image-name centos-9-bootc tests/tests_ethernet_nm.yml.

There is nm-cli --offline similar to firewall-offline-cmd, i.e. some official API which creates the NM ini config files without current hardware detection or talking to the service. See https://docs.fedoraproject.org/en-US/bootc/sysconfig-network-configuration/ . That is probably a more reliable way than directly writing the NM ini files (again, parallel to what we did in firewall).

Fortunately the role already has a backend abstraction, as it also still supports initscripts. So it could grow an nm_offline backend. The role is a lot more complex than firewall, and there are also a myriad of tests. So my first guesstimation is that this would take about two weeks.