pyrox.dev
1{ lib, ... }:
2
3let
4 normaloHashedPassword = "$y$j9T$IEWqhKtWg.r.8fVkSEF56.$iKNxdMC6hOAQRp6eBtYvBk4c7BGpONXeZMqc8I/LM46";
5
6 common = {
7 services.userborn.enable = true;
8 boot.initrd.systemd.enable = true;
9 system.etc.overlay = {
10 enable = true;
11 mutable = true;
12 };
13 };
14in
15
16{
17
18 name = "userborn-mutable-etc";
19
20 meta.maintainers = with lib.maintainers; [ nikstur ];
21
22 nodes.machine =
23 { config, ... }:
24 {
25 imports = [ common ];
26
27 users = {
28 users = {
29 normalo = {
30 isNormalUser = true;
31 hashedPassword = normaloHashedPassword;
32 };
33 };
34 };
35
36 specialisation.new-generation = {
37 inheritParentConfig = false;
38 configuration = {
39 nixpkgs = {
40 inherit (config.nixpkgs) hostPlatform;
41 };
42 imports = [ common ];
43
44 users.users = {
45 new-normalo = {
46 isNormalUser = true;
47 };
48 };
49 };
50 };
51 };
52
53 testScript = ''
54 machine.wait_for_unit("userborn.service")
55
56 with subtest("normalo user is created"):
57 assert "${normaloHashedPassword}" in machine.succeed("getent shadow normalo"), "normalo user password is not correct"
58
59
60 machine.succeed("/run/current-system/specialisation/new-generation/bin/switch-to-configuration switch")
61
62
63 with subtest("normalo user is disabled"):
64 print(machine.succeed("getent shadow normalo"))
65 assert "!*" in machine.succeed("getent shadow normalo"), "normalo user is not disabled"
66
67 with subtest("new-normalo user is created after switching to new generation"):
68 print(machine.succeed("getent passwd new-normalo"))
69 '';
70}