pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / tests / systemd-sysusers-immutable.nix
at 24.11-pre 2.3 kB view raw
1{ lib, ... }: 2 3let 4 rootPassword = "$y$j9T$p6OI0WN7.rSfZBOijjRdR.$xUOA2MTcB48ac.9Oc5fz8cxwLv1mMqabnn333iOzSA6"; 5 normaloPassword = "$y$j9T$3aiOV/8CADAK22OK2QT3/0$67OKd50Z4qTaZ8c/eRWHLIM.o3ujtC1.n9ysmJfv639"; 6 newNormaloPassword = "mellow"; 7in 8 9{ 10 11 name = "activation-sysusers-immutable"; 12 13 meta.maintainers = with lib.maintainers; [ nikstur ]; 14 15 nodes.machine = { 16 systemd.sysusers.enable = true; 17 users.mutableUsers = false; 18 19 # Override the empty root password set by the test instrumentation 20 users.users.root.hashedPasswordFile = lib.mkForce null; 21 users.users.root.initialHashedPassword = rootPassword; 22 users.users.normalo = { 23 isNormalUser = true; 24 initialHashedPassword = normaloPassword; 25 }; 26 27 specialisation.new-generation.configuration = { 28 users.users.new-normalo = { 29 isNormalUser = true; 30 initialPassword = newNormaloPassword; 31 }; 32 }; 33 }; 34 35 testScript = '' 36 with subtest("Users are not created with systemd-sysusers"): 37 machine.fail("systemctl status systemd-sysusers.service") 38 machine.fail("ls /etc/sysusers.d") 39 40 with subtest("Correct mode on the password files"): 41 assert machine.succeed("stat -c '%a' /etc/passwd") == "644\n" 42 assert machine.succeed("stat -c '%a' /etc/group") == "644\n" 43 assert machine.succeed("stat -c '%a' /etc/shadow") == "0\n" 44 assert machine.succeed("stat -c '%a' /etc/gshadow") == "0\n" 45 46 with subtest("root user has correct password"): 47 print(machine.succeed("getent passwd root")) 48 assert "${rootPassword}" in machine.succeed("getent shadow root"), "root user password is not correct" 49 50 with subtest("normalo user is created"): 51 print(machine.succeed("getent passwd normalo")) 52 assert machine.succeed("stat -c '%U' /home/normalo") == "normalo\n" 53 assert "${normaloPassword}" in machine.succeed("getent shadow normalo"), "normalo user password is not correct" 54 55 56 machine.succeed("/run/current-system/specialisation/new-generation/bin/switch-to-configuration switch") 57 58 59 with subtest("new-normalo user is created after switching to new generation"): 60 print(machine.succeed("getent passwd new-normalo")) 61 print(machine.succeed("getent shadow new-normalo")) 62 assert machine.succeed("stat -c '%U' /home/new-normalo") == "new-normalo\n" 63 ''; 64}