nixos/tests/mutable-users.nix at 25.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / mutable-users.nix
at 25.11-pre 2.9 kB view raw
 1# Mutable users tests.
 2
 3import ./make-test-python.nix (
 4  { pkgs, ... }:
 5  {
 6    name = "mutable-users";
 7    meta = with pkgs.lib.maintainers; {
 8      maintainers = [ gleber ];
 9    };
10
11    nodes = {
12      machine = {
13        specialisation.immutable.configuration = {
14          users.mutableUsers = false;
15        };
16
17        specialisation.mutable.configuration = {
18          users.mutableUsers = true;
19          users.users.dry-test.isNormalUser = true;
20        };
21      };
22    };
23
24    testScript = ''
25      machine.start()
26      machine.wait_for_unit("default.target")
27
28      # Machine starts in immutable mode. Add a user and test if reactivating
29      # configuration removes the user.
30      with subtest("Machine in immutable mode"):
31          assert "foobar" not in machine.succeed("cat /etc/passwd")
32          machine.succeed("sudo useradd foobar")
33          assert "foobar" in machine.succeed("cat /etc/passwd")
34          machine.succeed(
35              "/run/booted-system/specialisation/immutable/bin/switch-to-configuration test"
36          )
37          assert "foobar" not in machine.succeed("cat /etc/passwd")
38
39      # In immutable mode passwd is not wrapped, while in mutable mode it is
40      # wrapped.
41      with subtest("Password is wrapped in mutable mode"):
42          assert "/run/current-system/" in machine.succeed("which passwd")
43          machine.succeed(
44              "/run/booted-system/specialisation/mutable/bin/switch-to-configuration test"
45          )
46          assert "/run/wrappers/" in machine.succeed("which passwd")
47
48      with subtest("dry-activation does not change files"):
49          machine.succeed('test -e /home/dry-test')  # home was created
50          machine.succeed('rm -rf /home/dry-test')
51
52          files_to_check = ['/etc/group',
53                            '/etc/passwd',
54                            '/etc/shadow',
55                            '/etc/subuid',
56                            '/etc/subgid',
57                            '/var/lib/nixos/uid-map',
58                            '/var/lib/nixos/gid-map',
59                            '/var/lib/nixos/declarative-groups',
60                            '/var/lib/nixos/declarative-users'
61                           ]
62          expected_hashes = {}
63          expected_stats = {}
64          for file in files_to_check:
65              expected_hashes[file] = machine.succeed(f"sha256sum {file}")
66              expected_stats[file] = machine.succeed(f"stat {file}")
67
68          machine.succeed("/run/booted-system/specialisation/mutable/bin/switch-to-configuration dry-activate")
69
70          machine.fail('test -e /home/dry-test')  # home was not recreated
71          for file in files_to_check:
72              assert machine.succeed(f"sha256sum {file}") == expected_hashes[file]
73              assert machine.succeed(f"stat {file}") == expected_stats[file]
74    '';
75  }
76)