tests/nix-daemon-unprivileged: Add test for non-root nix daemon

2026-06-05 21:03:40 +00:00 · 2026-02-19 16:03:06 -05:00
parent bd49e43206
commit 795c26dca5
2 changed files with 39 additions and 0 deletions
--- a/nixos/tests/all-tests.nix
+++ b/nixos/tests/all-tests.nix
@@ -1099,6 +1099,7 @@ in
  nix-channel = pkgs.callPackage ../modules/config/nix-channel/test.nix { };
  nix-config = runTest ./nix-config.nix;
  nix-daemon-firewall = runTest ./nix-daemon-firewall.nix;
+  nix-daemon-unprivileged = runTest ./nix-daemon-unprivileged.nix;
  nix-ld = runTest ./nix-ld.nix;
  nix-misc = handleTest ./nix/misc.nix { };
  nix-required-mounts = runTest ./nix-required-mounts;
--- a/nixos/tests/nix-daemon-unprivileged.nix
+++ b/nixos/tests/nix-daemon-unprivileged.nix
@@ -0,0 +1,38 @@
+{ lib, pkgs, ... }:
+{
+  name = "nix-daemon-unprivileged";
+  meta.maintainers = with lib.maintainers; [ artemist ];
+
+  nodes.machine = {
+    users.groups.nix-daemon = { };
+    users.users.nix-daemon = {
+      isSystemUser = true;
+      group = "nix-daemon";
+    };
+
+    nix = {
+      package = pkgs.nixVersions.git;
+      daemonUser = "nix-daemon";
+      daemonGroup = "nix-daemon";
+      settings.experimental-features = [
+        "local-overlay-store"
+        "auto-allocate-uids"
+      ];
+    };
+
+    # Easiest way to get a file onto the machine
+    environment.etc."test.nix".text = ''
+      derivation {
+        name = "test";
+        builder = "/bin/sh";
+        args = [ "-c" "echo succeeded > $out" ];
+        system = "${pkgs.stdenv.hostPlatform.system}";
+      }
+    '';
+  };
+  testScript = ''
+    start_all()
+    machine.wait_for_unit("sockets.target")
+    machine.succeed("NIX_REMOTE=daemon nix-build /etc/test.nix")
+  '';
+}