| blob | 4d65b52a0d336de8282c77006b7ad72f34d5be7b |
1 { lib, ... }:
3 let
4 rootPassword = "$y$j9T$p6OI0WN7.rSfZBOijjRdR.$xUOA2MTcB48ac.9Oc5fz8cxwLv1mMqabnn333iOzSA6";
5 sysuserPassword = "$y$j9T$3aiOV/8CADAK22OK2QT3/0$67OKd50Z4qTaZ8c/eRWHLIM.o3ujtC1.n9ysmJfv639";
6 newSysuserPassword = "mellow";
7 in
9 {
11 name = "activation-sysusers-immutable";
13 meta.maintainers = with lib.maintainers; [ nikstur ];
15 nodes.machine = {
16 systemd.sysusers.enable = true;
17 users.mutableUsers = false;
20 # Read this password file at runtime from outside the Nix store.
21 environment.etc."rootpw.secret".text = rootPassword;
22 # Override the empty root password set by the test instrumentation.
23 users.users.root.hashedPasswordFile = lib.mkForce "/etc/rootpw.secret";
25 users.users.sysuser = {
26 isSystemUser = true;
27 group = "wheel";
28 home = "/sysuser";
29 initialHashedPassword = sysuserPassword;
30 };
32 specialisation.new-generation.configuration = {
33 users.users.new-sysuser = {
34 isSystemUser = true;
35 group = "wheel";
36 home = "/new-sysuser";
37 initialPassword = newSysuserPassword;
38 };
39 };
40 };
42 testScript = ''
43 with subtest("root user has correct password"):
44 print(machine.succeed("getent passwd root"))
45 assert "${rootPassword}" in machine.succeed("getent shadow root"), "root user password is not correct"
47 with subtest("sysuser user is created"):
48 print(machine.succeed("getent passwd sysuser"))
49 assert machine.succeed("stat -c '%U' /sysuser") == "sysuser\n"
50 assert "${sysuserPassword}" in machine.succeed("getent shadow sysuser"), "sysuser user password is not correct"
52 with subtest("Fail to add new user manually"):
53 machine.fail("useradd manual-sysuser")
56 machine.succeed("/run/current-system/specialisation/new-generation/bin/switch-to-configuration switch")
59 with subtest("new-sysuser user is created after switching to new generation"):
60 print(machine.succeed("getent passwd new-sysuser"))
61 assert machine.succeed("stat -c '%U' /new-sysuser") == "new-sysuser\n"
62 '';
63 }