nixos/tests/systemd-sysusers-mutable.nix at 24.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / systemd-sysusers-mutable.nix
at 24.11-pre 2.6 kB view raw
 1{ lib, ... }:
 2
 3let
 4  rootPassword = "$y$j9T$p6OI0WN7.rSfZBOijjRdR.$xUOA2MTcB48ac.9Oc5fz8cxwLv1mMqabnn333iOzSA6";
 5  normaloPassword = "hello";
 6  newNormaloPassword = "$y$j9T$p6OI0WN7.rSfZBOijjRdR.$xUOA2MTcB48ac.9Oc5fz8cxwLv1mMqabnn333iOzSA6";
 7in
 8
 9{
10
11  name = "activation-sysusers-mutable";
12
13  meta.maintainers = with lib.maintainers; [ nikstur ];
14
15  nodes.machine = { pkgs, ... }: {
16    systemd.sysusers.enable = true;
17    users.mutableUsers = true;
18
19    # Prerequisites
20    system.etc.overlay.enable = true;
21    boot.initrd.systemd.enable = true;
22    boot.kernelPackages = pkgs.linuxPackages_latest;
23
24    # Override the empty root password set by the test instrumentation
25    users.users.root.hashedPasswordFile = lib.mkForce null;
26    users.users.root.initialHashedPassword = rootPassword;
27    users.users.normalo = {
28      isNormalUser = true;
29      initialPassword = normaloPassword;
30    };
31
32    specialisation.new-generation.configuration = {
33      users.users.new-normalo = {
34        isNormalUser = true;
35        initialHashedPassword = newNormaloPassword;
36      };
37    };
38  };
39
40  testScript = ''
41    machine.wait_for_unit("systemd-sysusers.service")
42
43    with subtest("systemd-sysusers.service contains the credentials"):
44      sysusers_service = machine.succeed("systemctl cat systemd-sysusers.service")
45      print(sysusers_service)
46      assert "SetCredential=passwd.plaintext-password.normalo:${normaloPassword}" in sysusers_service
47
48    with subtest("Correct mode on the password files"):
49      assert machine.succeed("stat -c '%a' /etc/passwd") == "644\n"
50      assert machine.succeed("stat -c '%a' /etc/group") == "644\n"
51      assert machine.succeed("stat -c '%a' /etc/shadow") == "0\n"
52      assert machine.succeed("stat -c '%a' /etc/gshadow") == "0\n"
53
54    with subtest("root user has correct password"):
55      print(machine.succeed("getent passwd root"))
56      assert "${rootPassword}" in machine.succeed("getent shadow root"), "root user password is not correct"
57
58    with subtest("normalo user is created"):
59      print(machine.succeed("getent passwd normalo"))
60      assert machine.succeed("stat -c '%U' /home/normalo") == "normalo\n"
61
62
63    machine.succeed("/run/current-system/specialisation/new-generation/bin/switch-to-configuration switch")
64
65
66    with subtest("new-normalo user is created after switching to new generation"):
67      print(machine.succeed("getent passwd new-normalo"))
68      assert machine.succeed("stat -c '%U' /home/new-normalo") == "new-normalo\n"
69      assert "${newNormaloPassword}" in machine.succeed("getent shadow new-normalo"), "new-normalo user password is not correct"
70  '';
71}