{ lib, ... }: let normaloHashedPassword = "$y$j9T$IEWqhKtWg.r.8fVkSEF56.$iKNxdMC6hOAQRp6eBtYvBk4c7BGpONXeZMqc8I/LM46"; common = { services.userborn.enable = true; users.mutableUsers = true; }; in { name = "userborn-mutable-users"; meta.maintainers = with lib.maintainers; [ nikstur ]; nodes.machine = { config, ... }: { imports = [ common ]; users = { mutableUsers = true; users = { normalo = { isNormalUser = true; hashedPassword = normaloHashedPassword; }; }; }; specialisation.new-generation = { inheritParentConfig = false; configuration = { nixpkgs = { inherit (config.nixpkgs) hostPlatform; }; imports = [ common ]; users.users = { new-normalo = { isNormalUser = true; }; }; }; }; }; testScript = '' machine.wait_for_unit("userborn.service") with subtest("normalo user is created"): assert 1000 == int(machine.succeed("id --user normalo")), "normalo user doesn't have UID 1000" assert "${normaloHashedPassword}" in machine.succeed("getent shadow normalo"), "normalo user password is not correct" with subtest("Add new user manually"): machine.succeed("useradd manual-normalo") assert 1001 == int(machine.succeed("id --user manual-normalo")), "manual-normalo user doesn't have UID 1001" with subtest("Delete manual--normalo user manually"): machine.succeed("userdel manual-normalo") machine.succeed("/run/current-system/specialisation/new-generation/bin/switch-to-configuration switch") with subtest("normalo user is disabled"): print(machine.succeed("getent shadow normalo")) assert "!*" in machine.succeed("getent shadow normalo"), "normalo user is not disabled" with subtest("new-normalo user is created after switching to new generation"): print(machine.succeed("getent passwd new-normalo")) assert 1001 == int(machine.succeed("id --user new-normalo")), "new-normalo user doesn't have UID 1001" ''; }