pyrox.dev
1{ lib, ... }:
2
3let
4 rootPassword = "$y$j9T$p6OI0WN7.rSfZBOijjRdR.$xUOA2MTcB48ac.9Oc5fz8cxwLv1mMqabnn333iOzSA6";
5 sysuserPassword = "$y$j9T$3aiOV/8CADAK22OK2QT3/0$67OKd50Z4qTaZ8c/eRWHLIM.o3ujtC1.n9ysmJfv639";
6 newSysuserPassword = "mellow";
7in
8
9{
10
11 name = "activation-sysusers-immutable";
12
13 meta.maintainers = with lib.maintainers; [ nikstur ];
14
15 nodes.machine = {
16 systemd.sysusers.enable = true;
17 users.mutableUsers = false;
18
19 # Read this password file at runtime from outside the Nix store.
20 environment.etc."rootpw.secret".text = rootPassword;
21 # Override the empty root password set by the test instrumentation.
22 users.users.root.hashedPasswordFile = lib.mkForce "/etc/rootpw.secret";
23
24 users.users.sysuser = {
25 isSystemUser = true;
26 group = "wheel";
27 home = "/sysuser";
28 initialHashedPassword = sysuserPassword;
29 };
30
31 specialisation.new-generation.configuration = {
32 users.users.new-sysuser = {
33 isSystemUser = true;
34 group = "wheel";
35 home = "/new-sysuser";
36 initialPassword = newSysuserPassword;
37 };
38 };
39 };
40
41 testScript = ''
42 with subtest("root user has correct password"):
43 print(machine.succeed("getent passwd root"))
44 assert "${rootPassword}" in machine.succeed("getent shadow root"), "root user password is not correct"
45
46 with subtest("sysuser user is created"):
47 print(machine.succeed("getent passwd sysuser"))
48 assert machine.succeed("stat -c '%U' /sysuser") == "sysuser\n"
49 assert "${sysuserPassword}" in machine.succeed("getent shadow sysuser"), "sysuser user password is not correct"
50
51 with subtest("Fail to add new user manually"):
52 machine.fail("useradd manual-sysuser")
53
54
55 machine.succeed("/run/current-system/specialisation/new-generation/bin/switch-to-configuration switch")
56
57
58 with subtest("new-sysuser user is created after switching to new generation"):
59 print(machine.succeed("getent passwd new-sysuser"))
60 assert machine.succeed("stat -c '%U' /new-sysuser") == "new-sysuser\n"
61 '';
62}