From ef691d5c304187bb99526c2e3478540e5d355f66 Mon Sep 17 00:00:00 2001
From: aszlig <aszlig@redmoonstudios.org>
Date: Thu, 18 Dec 2014 13:39:38 +0100
Subject: [PATCH] nixos/tests/virtualbox: Don't use vboxusers group.

At least when we're running in hardening mode, because it's needed there
only for USB support.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
---
 nixos/tests/virtualbox.nix | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/nixos/tests/virtualbox.nix b/nixos/tests/virtualbox.nix
index e4c3de146e93..71e627134da2 100644
--- a/nixos/tests/virtualbox.nix
+++ b/nixos/tests/virtualbox.nix
@@ -297,14 +297,16 @@ import ./make-test.nix ({ pkgs, ... }: with pkgs.lib; let
 in {
   name = "virtualbox";
 
-  machine = { pkgs, ... }: {
+  machine = { pkgs, lib, config, ... }: {
     imports = let
       mkVMConf = name: val: val.machine // { key = "${name}-config"; };
       vmConfigs = mapAttrsToList mkVMConf vboxVMs;
     in [ ./common/user-account.nix ./common/x11.nix ] ++ vmConfigs;
     virtualisation.memorySize = 768;
     services.virtualboxHost.enable = true;
-    users.extraUsers.alice.extraGroups = [ "vboxusers" ];
+    users.extraUsers.alice.extraGroups = let
+      inherit (config.services.virtualboxHost) enableHardening;
+    in lib.mkIf enableHardening (lib.singleton "vboxusers");
   };
 
   testScript = ''