From 43b3ad8ff8da42adee7507996798eb01fd05b1af Mon Sep 17 00:00:00 2001
From: h7x4 <h7x4@nani.wtf>
Date: Sat, 18 Oct 2025 01:57:29 +0900
Subject: [PATCH] nixos/tests/munge: init

---
 nixos/tests/all-tests.nix         |  1 +
 nixos/tests/munge.nix             | 28 ++++++++++++++++++++++++++++
 pkgs/by-name/mu/munge/package.nix |  3 +++
 3 files changed, 32 insertions(+)
 create mode 100644 nixos/tests/munge.nix

diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix
index 1f1f5ae5e043..0ce035e57a61 100644
--- a/nixos/tests/all-tests.nix
+++ b/nixos/tests/all-tests.nix
@@ -954,6 +954,7 @@ in
   mtp = runTest ./mtp.nix;
   multipass = runTest ./multipass.nix;
   mumble = runTest ./mumble.nix;
+  munge = runTest ./munge.nix;
   munin = runTest ./munin.nix;
   # Fails on aarch64-linux at the PDF creation step - need to debug this on an
   # aarch64 machine..
diff --git a/nixos/tests/munge.nix b/nixos/tests/munge.nix
new file mode 100644
index 000000000000..38c47224b959
--- /dev/null
+++ b/nixos/tests/munge.nix
@@ -0,0 +1,28 @@
+{ lib, ... }:
+{
+  name = "munge";
+  meta.maintainers = with lib.maintainers; [ h7x4 ];
+
+  nodes.machine =
+    { pkgs, ... }:
+    {
+      imports = [ ./common/user-account.nix ];
+
+      services.munge.enable = true;
+    };
+
+  testScript =
+    { nodes }:
+    let
+      aliceUid = toString nodes.machine.users.users.alice.uid;
+    in
+    ''
+      machine.succeed("mkdir -p /etc/munge && echo '${lib.strings.replicate 5 "hunter2"}' > /etc/munge/munge.key && chown munge: /etc/munge/munge.key")
+      machine.systemctl("restart munged.service")
+      machine.wait_for_unit("munged.service")
+
+      machine.succeed("sudo -u bob -- munge -u ${aliceUid} -s 'top secret' -o ./secret.txt")
+      machine.succeed("grep -v 'top secret' ./secret.txt")
+      machine.succeed("sudo -u alice unmunge -i ./secret.txt | grep 'top secret'")
+    '';
+}
diff --git a/pkgs/by-name/mu/munge/package.nix b/pkgs/by-name/mu/munge/package.nix
index f21a9e17add3..ecfd36396afd 100644
--- a/pkgs/by-name/mu/munge/package.nix
+++ b/pkgs/by-name/mu/munge/package.nix
@@ -6,6 +6,7 @@
   libgcrypt,
   zlib,
   bzip2,
+  nixosTests,
 }:
 
 stdenv.mkDerivation (finalAttrs: {
@@ -62,6 +63,8 @@ stdenv.mkDerivation (finalAttrs: {
     rmdir "$out"/{var{/{lib,log}{/munge,},},etc/munge}
   '';
 
+  passthru.tests.nixos = nixosTests.munge;
+
   meta = with lib; {
     description = ''
       An authentication service for creating and validating credentials