pyrox.dev
1{ lib, ... }:
2
3let
4 normaloHashedPassword = "$y$j9T$IEWqhKtWg.r.8fVkSEF56.$iKNxdMC6hOAQRp6eBtYvBk4c7BGpONXeZMqc8I/LM46";
5
6 common = {
7 services.userborn.enable = true;
8 users.mutableUsers = true;
9 };
10in
11
12{
13
14 name = "userborn-mutable-users";
15
16 meta.maintainers = with lib.maintainers; [ nikstur ];
17
18 nodes.machine =
19 { config, ... }:
20 {
21 imports = [ common ];
22
23 users = {
24 mutableUsers = true;
25 users = {
26 normalo = {
27 isNormalUser = true;
28 hashedPassword = normaloHashedPassword;
29 };
30 };
31 };
32
33 specialisation.new-generation = {
34 inheritParentConfig = false;
35 configuration = {
36 nixpkgs = {
37 inherit (config.nixpkgs) hostPlatform;
38 };
39 imports = [ common ];
40
41 users.users = {
42 new-normalo = {
43 isNormalUser = true;
44 };
45 };
46 };
47 };
48 };
49
50 testScript = ''
51 machine.wait_for_unit("userborn.service")
52
53 with subtest("normalo user is created"):
54 assert 1000 == int(machine.succeed("id --user normalo")), "normalo user doesn't have UID 1000"
55 assert "${normaloHashedPassword}" in machine.succeed("getent shadow normalo"), "normalo user password is not correct"
56
57 with subtest("Add new user manually"):
58 machine.succeed("useradd manual-normalo")
59 assert 1001 == int(machine.succeed("id --user manual-normalo")), "manual-normalo user doesn't have UID 1001"
60
61 with subtest("Delete manual--normalo user manually"):
62 machine.succeed("userdel manual-normalo")
63
64
65 machine.succeed("/run/current-system/specialisation/new-generation/bin/switch-to-configuration switch")
66
67
68 with subtest("normalo user is disabled"):
69 print(machine.succeed("getent shadow normalo"))
70 assert "!*" in machine.succeed("getent shadow normalo"), "normalo user is not disabled"
71
72 with subtest("new-normalo user is created after switching to new generation"):
73 print(machine.succeed("getent passwd new-normalo"))
74 assert 1001 == int(machine.succeed("id --user new-normalo")), "new-normalo user doesn't have UID 1001"
75 '';
76}