nixos/tests: update initrd-secrets test to test secret in /run/keys

Since /run/keys is a ramfs, it is not paged out and a good place to copy
secrets to. Test whether secrets with a path in /run/keys exist after initrd.

1 files changed, 8 insertions, 2 deletions

diff --git a/nixos/tests/initrd-secrets.nix b/nixos/tests/initrd-secrets.nix
index 10dd908502d..113a9cebf78 100644
--- a/nixos/tests/initrd-secrets.nix
+++ b/nixos/tests/initrd-secrets.nix
@@ -13,7 +13,12 @@ let
 
     machine = { ... }: {
       virtualisation.useBootLoader = true;
-      boot.initrd.secrets."/test" = secretInStore;
+      boot.initrd.secrets = {
+        "/test" = secretInStore;
+
+        # This should *not* need to be copied in postMountCommands
+        "/run/keys/test" = secretInStore;
+      };
       boot.initrd.postMountCommands = ''
         cp /test /mnt-root/secret-from-initramfs
       '';
@@ -26,7 +31,8 @@ let
       start_all()
       machine.wait_for_unit("multi-user.target")
       machine.succeed(
-          "cmp ${secretInStore} /secret-from-initramfs"
+          "cmp ${secretInStore} /secret-from-initramfs",
+          "cmp ${secretInStore} /run/keys/test",
       )
     '';
   };