nixos/tests/munge: init (#452983)

nixos/tests/all-tests.nix

@@ -959,6 +959,7 @@ in
   mtp = runTest ./mtp.nix;
   multipass = runTest ./multipass.nix;
   mumble = runTest ./mumble.nix;
+  munge = runTest ./munge.nix;
   munin = runTest ./munin.nix;
   # Fails on aarch64-linux at the PDF creation step - need to debug this on an
   # aarch64 machine..

nixos/tests/munge.nix

@@ -0,0 +1,28 @@
+{ lib, ... }:
+{
+  name = "munge";
+  meta.maintainers = with lib.maintainers; [ h7x4 ];
+
+  nodes.machine =
+    { pkgs, ... }:
+    {
+      imports = [ ./common/user-account.nix ];
+
+      services.munge.enable = true;
+    };
+
+  testScript =
+    { nodes }:
+    let
+      aliceUid = toString nodes.machine.users.users.alice.uid;
+    in
+    ''
+      machine.succeed("mkdir -p /etc/munge && echo '${lib.strings.replicate 5 "hunter2"}' > /etc/munge/munge.key && chown munge: /etc/munge/munge.key")
+      machine.systemctl("restart munged.service")
+      machine.wait_for_unit("munged.service")
+
+      machine.succeed("sudo -u bob -- munge -u ${aliceUid} -s 'top secret' -o ./secret.txt")
+      machine.succeed("grep -v 'top secret' ./secret.txt")
+      machine.succeed("sudo -u alice unmunge -i ./secret.txt | grep 'top secret'")
+    '';
+}

pkgs/by-name/mu/munge/package.nix

@@ -6,6 +6,7 @@
   libgcrypt,
   zlib,
   bzip2,
+  nixosTests,
 }:
 
 stdenv.mkDerivation (finalAttrs: {
@@ -62,6 +63,8 @@ stdenv.mkDerivation (finalAttrs: {
     rmdir "$out"/{var{/{lib,log}{/munge,},},etc/munge}
   '';
 
+  passthru.tests.nixos = nixosTests.munge;
+
   meta = with lib; {
     description = ''
       An authentication service for creating and validating credentials