pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / tests / systemd-homed.nix
at 23.11-beta 4.1 kB view raw
1import ./make-test-python.nix ({ pkgs, lib, ... }: 2let 3 password = "foobar"; 4 newPass = "barfoo"; 5in 6{ 7 name = "systemd-homed"; 8 nodes.machine = { config, pkgs, ... }: { 9 services.homed.enable = true; 10 11 users.users.test-normal-user = { 12 extraGroups = [ "wheel" ]; 13 isNormalUser = true; 14 initialPassword = password; 15 }; 16 }; 17 testScript = '' 18 def switchTTY(number): 19 machine.send_key(f"alt-f{number}") 20 machine.wait_until_succeeds(f"[ $(fgconsole) = {number} ]") 21 machine.wait_for_unit(f"getty@tty{number}.service") 22 machine.wait_until_succeeds(f"pgrep -f 'agetty.*tty{number}'") 23 24 machine.wait_for_unit("multi-user.target") 25 26 # Smoke test to make sure the pam changes didn't break regular users. 27 machine.wait_until_succeeds("pgrep -f 'agetty.*tty1'") 28 with subtest("login as regular user"): 29 switchTTY(2) 30 machine.wait_until_tty_matches("2", "login: ") 31 machine.send_chars("test-normal-user\n") 32 machine.wait_until_tty_matches("2", "login: test-normal-user") 33 machine.wait_until_tty_matches("2", "Password: ") 34 machine.send_chars("${password}\n") 35 machine.wait_until_succeeds("pgrep -u test-normal-user bash") 36 machine.send_chars("whoami > /tmp/1\n") 37 machine.wait_for_file("/tmp/1") 38 assert "test-normal-user" in machine.succeed("cat /tmp/1") 39 40 with subtest("create homed encrypted user"): 41 # TODO: Figure out how to pass password manually. 42 # 43 # This environment variable is used for homed internal testing 44 # and is not documented. 45 machine.succeed("NEWPASSWORD=${password} homectl create --shell=/run/current-system/sw/bin/bash --storage=luks -G wheel test-homed-user") 46 47 with subtest("login as homed user"): 48 switchTTY(3) 49 machine.wait_until_tty_matches("3", "login: ") 50 machine.send_chars("test-homed-user\n") 51 machine.wait_until_tty_matches("3", "login: test-homed-user") 52 machine.wait_until_tty_matches("3", "Password: ") 53 machine.send_chars("${password}\n") 54 machine.wait_until_succeeds("pgrep -t tty3 -u test-homed-user bash") 55 machine.send_chars("whoami > /tmp/2\n") 56 machine.wait_for_file("/tmp/2") 57 assert "test-homed-user" in machine.succeed("cat /tmp/2") 58 59 with subtest("change homed user password"): 60 switchTTY(4) 61 machine.wait_until_tty_matches("4", "login: ") 62 machine.send_chars("test-homed-user\n") 63 machine.wait_until_tty_matches("4", "login: test-homed-user") 64 machine.wait_until_tty_matches("4", "Password: ") 65 machine.send_chars("${password}\n") 66 machine.wait_until_succeeds("pgrep -t tty4 -u test-homed-user bash") 67 machine.send_chars("passwd\n") 68 # homed does it in a weird order, it asks for new passes, then it asks 69 # for the old one. 70 machine.sleep(2) 71 machine.send_chars("${newPass}\n") 72 machine.sleep(2) 73 machine.send_chars("${newPass}\n") 74 machine.sleep(4) 75 machine.send_chars("${password}\n") 76 machine.wait_until_fails("pgrep -t tty4 passwd") 77 78 @polling_condition 79 def not_logged_in_tty5(): 80 machine.fail("pgrep -t tty5 bash") 81 82 switchTTY(5) 83 with not_logged_in_tty5: # type: ignore[union-attr] 84 machine.wait_until_tty_matches("5", "login: ") 85 machine.send_chars("test-homed-user\n") 86 machine.wait_until_tty_matches("5", "login: test-homed-user") 87 machine.wait_until_tty_matches("5", "Password: ") 88 machine.send_chars("${password}\n") 89 machine.wait_until_tty_matches("5", "Password incorrect or not sufficient for authentication of user test-homed-user.") 90 machine.wait_until_tty_matches("5", "Sorry, try again: ") 91 machine.send_chars("${newPass}\n") 92 machine.send_chars("whoami > /tmp/4\n") 93 machine.wait_for_file("/tmp/4") 94 assert "test-homed-user" in machine.succeed("cat /tmp/4") 95 96 with subtest("homed user should be in wheel according to NSS"): 97 machine.succeed("userdbctl group wheel -s io.systemd.NameServiceSwitch | grep test-homed-user") 98 ''; 99})