From 795ace408af4fb45fa4b787b0a10afc606ed307b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Fri, 30 May 2025 11:53:13 +0200
Subject: [PATCH] container-test: disable UsePam for ssh

doesn't work without setuid, which we currently do not support.
---
 checks/admin/default.nix                        | 5 +----
 lib/test/container-test-driver/nixos-module.nix | 3 +++
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/checks/admin/default.nix b/checks/admin/default.nix
index 4e5c04cc2..9d2527e5e 100644
--- a/checks/admin/default.nix
+++ b/checks/admin/default.nix
@@ -40,10 +40,7 @@ clanLib.test.makeTestClan {
         client.environment.etc.private-test-key.source = ./private-test-key;
 
         server = {
-          services.openssh = {
-            enable = true;
-            settings.UsePAM = false;
-          };
+          services.openssh.enable = true;
         };
       };
 
diff --git a/lib/test/container-test-driver/nixos-module.nix b/lib/test/container-test-driver/nixos-module.nix
index c7e1dd32e..a0f8c986c 100644
--- a/lib/test/container-test-driver/nixos-module.nix
+++ b/lib/test/container-test-driver/nixos-module.nix
@@ -10,6 +10,9 @@
   virtualisation.sharedDirectories = lib.mkForce { };
   networking.useDHCP = false;
 
+  # PAM requires setuid and doesn't work in our containers
+  services.openssh.settings.UsePAM = false;
+
   # We use networkd to assign static ip addresses
   networking.useNetworkd = true;
   services.resolved.enable = false;