pyrox.dev
1{ lib, ... }:
2
3let
4 normaloHashedPassword = "$y$j9T$IEWqhKtWg.r.8fVkSEF56.$iKNxdMC6hOAQRp6eBtYvBk4c7BGpONXeZMqc8I/LM46";
5
6 common = {
7 services.userborn.enable = true;
8 boot.initrd.systemd.enable = true;
9 networking.useNetworkd = true;
10 system.etc.overlay = {
11 enable = true;
12 mutable = false;
13 };
14 };
15in
16
17{
18
19 name = "userborn-immutable-etc";
20
21 meta.maintainers = with lib.maintainers; [ nikstur ];
22
23 nodes.machine =
24 { config, ... }:
25 {
26 imports = [ common ];
27
28 users = {
29 users = {
30 normalo = {
31 isNormalUser = true;
32 hashedPassword = normaloHashedPassword;
33 };
34 };
35 };
36
37 specialisation.new-generation = {
38 inheritParentConfig = false;
39 configuration = {
40 nixpkgs = {
41 inherit (config.nixpkgs) hostPlatform;
42 };
43 imports = [ common ];
44
45 users.users = {
46 new-normalo = {
47 isNormalUser = true;
48 };
49 };
50 };
51 };
52 };
53
54 testScript = ''
55 machine.wait_for_unit("userborn.service")
56
57 with subtest("normalo user is created"):
58 assert "${normaloHashedPassword}" in machine.succeed("getent shadow normalo"), "normalo user password is not correct"
59
60
61 machine.succeed("/run/current-system/specialisation/new-generation/bin/switch-to-configuration switch")
62
63
64 with subtest("normalo user is disabled"):
65 print(machine.succeed("getent shadow normalo"))
66 assert "!*" in machine.succeed("getent shadow normalo"), "normalo user is not disabled"
67
68 with subtest("new-normalo user is created after switching to new generation"):
69 print(machine.succeed("getent passwd new-normalo"))
70 '';
71}