From eddc0390baa6b27c2bb15666bfe167f2cb060f86 Mon Sep 17 00:00:00 2001
From: Danilo Reyes <danilo.reyes.251@proton.me>
Date: Sat, 1 Nov 2025 23:57:06 -0600
Subject: [PATCH] Add system user and group for webref in NixOS tests. Update
 database accessibility check to use webref user for improved security
 testing.

---
 nixos/tests.nix | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/nixos/tests.nix b/nixos/tests.nix
index 47ba3af..02ac384 100644
--- a/nixos/tests.nix
+++ b/nixos/tests.nix
@@ -158,6 +158,13 @@
           }];
         };
         
+        # Create system user for testing
+        users.users.webref = {
+          isSystemUser = true;
+          group = "webref";
+        };
+        users.groups.webref = {};
+        
         environment.systemPackages = with pkgs; [
           python3
           nmap
@@ -169,7 +176,7 @@
       start_all()
       machine.wait_for_unit("postgresql.service")
       
-      # Verify database is accessible locally
+      # Verify database is accessible with webref user
       machine.succeed("sudo -u webref psql webref -c 'SELECT 1;'")
       
       machine.succeed("echo '✅ Security test passed'")