mirror of
https://github.com/NixOS/nixpkgs.git
synced 2025-01-05 12:34:00 +00:00
76 lines
1.9 KiB
Nix
76 lines
1.9 KiB
Nix
{ lib, ... }:
|
|
|
|
let
|
|
normaloHashedPassword = "$y$j9T$IEWqhKtWg.r.8fVkSEF56.$iKNxdMC6hOAQRp6eBtYvBk4c7BGpONXeZMqc8I/LM46";
|
|
|
|
common = {
|
|
services.userborn.enable = true;
|
|
users.mutableUsers = false;
|
|
};
|
|
in
|
|
|
|
{
|
|
|
|
name = "userborn-immutable-users";
|
|
|
|
meta.maintainers = with lib.maintainers; [ nikstur ];
|
|
|
|
nodes.machine =
|
|
{ config, ... }:
|
|
{
|
|
imports = [ common ];
|
|
|
|
users = {
|
|
users = {
|
|
normalo = {
|
|
isNormalUser = true;
|
|
hashedPassword = normaloHashedPassword;
|
|
};
|
|
};
|
|
};
|
|
|
|
specialisation.new-generation = {
|
|
inheritParentConfig = false;
|
|
configuration = {
|
|
nixpkgs = {
|
|
inherit (config.nixpkgs) hostPlatform;
|
|
};
|
|
imports = [ common ];
|
|
|
|
users.users = {
|
|
new-normalo = {
|
|
isNormalUser = true;
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
testScript = ''
|
|
machine.wait_for_unit("userborn.service")
|
|
|
|
with subtest("normalo user is created"):
|
|
assert "${normaloHashedPassword}" in machine.succeed("getent shadow normalo"), "normalo user password is not correct"
|
|
|
|
with subtest("Fail to add new user manually"):
|
|
machine.fail("useradd manual-normalo")
|
|
|
|
with subtest("Fail to add delete user manually"):
|
|
machine.fail("userdel normalo")
|
|
|
|
|
|
machine.succeed("/run/current-system/specialisation/new-generation/bin/switch-to-configuration switch")
|
|
|
|
|
|
with subtest("normalo user is disabled"):
|
|
print(machine.succeed("getent shadow normalo"))
|
|
assert "!*" in machine.succeed("getent shadow normalo"), "normalo user is not disabled"
|
|
|
|
with subtest("new-normalo user is created after switching to new generation"):
|
|
print(machine.succeed("getent passwd new-normalo"))
|
|
|
|
with subtest("Still fail to add new user manually"):
|
|
machine.fail("useradd again-normalo")
|
|
'';
|
|
}
|