nixosTests/systemd-initrd-luks-fido2: replace direct bootctl call with switch-to-configuration invocation

2026-06-05 21:03:40 +00:00 · 2026-06-05 18:55:20 +03:00
parent fc890171ad
commit 050b24a35b
1 changed files with 19 additions and 14 deletions
--- a/nixos/tests/systemd-initrd-luks-fido2.nix
+++ b/nixos/tests/systemd-initrd-luks-fido2.nix
@@ -1,6 +1,5 @@
 {
  lib,
-  pkgs,
  hostPkgs,
  ...
 }:
@@ -43,19 +42,25 @@
      };
    };

-  testScript = ''
-    # Create encrypted volume
-    machine.wait_for_unit("multi-user.target")
-    machine.succeed("echo -n supersecret | cryptsetup luksFormat -q --iter-time=1 /dev/vdb -")
-    machine.succeed("PASSWORD=supersecret SYSTEMD_LOG_LEVEL=debug systemd-cryptenroll --fido2-device=auto /dev/vdb |& systemd-cat")
+  testScript =
+    { nodes, ... }:
+    let
+      boot-luks = nodes.machine.specialisation.boot-luks.configuration.system.build.toplevel;
+    in
+    # python
+    ''
+      # Create encrypted volume
+      machine.wait_for_unit("multi-user.target")
+      machine.succeed("echo -n supersecret | cryptsetup luksFormat -q --iter-time=1 /dev/vdb -")
+      machine.succeed("PASSWORD=supersecret SYSTEMD_LOG_LEVEL=debug systemd-cryptenroll --fido2-device=auto /dev/vdb |& systemd-cat")

-    # Boot from the encrypted disk
-    machine.succeed("bootctl set-default nixos-generation-1-specialisation-boot-luks.conf")
-    machine.succeed("sync")
-    machine.crash()
+      # Boot from the encrypted disk
+      machine.succeed("${boot-luks}/bin/switch-to-configuration boot")
+      machine.succeed("sync")
+      machine.crash()

-    # Boot and decrypt the disk
-    machine.wait_for_unit("multi-user.target")
-    assert "/dev/mapper/cryptroot on / type ext4" in machine.succeed("mount")
-  '';
+      # Boot and decrypt the disk
+      machine.wait_for_unit("multi-user.target")
+      assert "/dev/mapper/cryptroot on / type ext4" in machine.succeed("mount")
+    '';
 }