diff options
author | Robert Helgesson <robert@rycee.net> | 2019-08-19 16:05:10 +0200 |
---|---|---|
committer | worldofpeace <worldofpeace@protonmail.ch> | 2019-09-18 11:09:43 -0400 |
commit | 866cc3e7923633095dce48493303c52238e16637 (patch) | |
tree | ff2d58bebd8c44abdf3b55e098cfbae93613f9c4 | |
parent | f7571a06af9f14a908dfa433153d59dc1909e675 (diff) | |
download | nixpkgs-866cc3e7923633095dce48493303c52238e16637.tar nixpkgs-866cc3e7923633095dce48493303c52238e16637.tar.gz nixpkgs-866cc3e7923633095dce48493303c52238e16637.tar.bz2 nixpkgs-866cc3e7923633095dce48493303c52238e16637.tar.lz nixpkgs-866cc3e7923633095dce48493303c52238e16637.tar.xz nixpkgs-866cc3e7923633095dce48493303c52238e16637.tar.zst nixpkgs-866cc3e7923633095dce48493303c52238e16637.zip |
nixos/system-environment: introduce environment.profileRelativeSessionVariables
There is a need for having sessionVariables set relative to the Nix Profiles. Such as in #68383.
-rw-r--r-- | nixos/modules/config/shells-environment.nix | 2 | ||||
-rw-r--r-- | nixos/modules/config/system-environment.nix | 76 | ||||
-rw-r--r-- | nixos/modules/programs/environment.nix | 2 | ||||
-rw-r--r-- | nixos/modules/security/pam.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/x11/display-managers/gdm.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/x11/display-managers/lightdm.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/x11/display-managers/sddm.nix | 2 |
7 files changed, 73 insertions, 15 deletions
diff --git a/nixos/modules/config/shells-environment.nix b/nixos/modules/config/shells-environment.nix index 9dfc1add829..d939cbb393e 100644 --- a/nixos/modules/config/shells-environment.nix +++ b/nixos/modules/config/shells-environment.nix @@ -157,6 +157,8 @@ in # terminal instead of logging out of X11). environment.variables = config.environment.sessionVariables; + environment.profileRelativeEnvVars = config.environment.profileRelativeSessionVariables; + environment.shellAliases = mapAttrs (name: mkDefault) { ls = "ls --color=tty"; ll = "ls -l"; diff --git a/nixos/modules/config/system-environment.nix b/nixos/modules/config/system-environment.nix index 6011e354ece..792d1dbb38f 100644 --- a/nixos/modules/config/system-environment.nix +++ b/nixos/modules/config/system-environment.nix @@ -8,6 +8,11 @@ let cfg = config.environment; + pamProfiles = + map + (replaceStrings ["$HOME" "$USER"] ["@{HOME}" "@{PAM_USER}"]) + cfg.profiles; + in { @@ -18,25 +23,76 @@ in default = {}; description = '' A set of environment variables used in the global environment. - These variables will be set by PAM. - The value of each variable can be either a string or a list of - strings. The latter is concatenated, interspersed with colon - characters. + These variables will be set by PAM early in the login process. + + The value of each session variable can be either a string or a + list of strings. The latter is concatenated, interspersed with + colon characters. + + Note, due to limitations in the PAM format values may not + contain the <literal>"</literal> character. + + Also, these variables are merged into + <xref linkend="opt-environment.variables"/> and it is + therefore not possible to use PAM style variables such as + <code>@{HOME}</code>. ''; type = with types; attrsOf (either str (listOf str)); apply = mapAttrs (n: v: if isList v then concatStringsSep ":" v else v); }; + environment.profileRelativeSessionVariables = mkOption { + type = types.attrsOf (types.listOf types.str); + example = { PATH = [ "/bin" ]; MANPATH = [ "/man" "/share/man" ]; }; + description = '' + Attribute set of environment variable used in the global + environment. These variables will be set by PAM early in the + login process. + + Variable substitution is available as described in + <citerefentry> + <refentrytitle>pam_env.conf</refentrytitle> + <manvolnum>5</manvolnum> + </citerefentry>. + + Each attribute maps to a list of relative paths. Each relative + path is appended to the each profile of + <option>environment.profiles</option> to form the content of + the corresponding environment variable. + + Also, these variables are merged into + <xref linkend="opt-environment.profileRelativeEnvVars"/> and it is + therefore not possible to use PAM style variables such as + <code>@{HOME}</code>. + ''; + }; + }; config = { - system.build.pamEnvironment = pkgs.writeText "pam-environment" - '' - ${concatStringsSep "\n" ( - (mapAttrsToList (n: v: ''${n}="${concatStringsSep ":" v}"'') - (zipAttrsWith (const concatLists) ([ (mapAttrs (n: v: [ v ]) cfg.sessionVariables) ]))))} - ''; + system.build.pamEnvironment = + let + suffixedVariables = + flip mapAttrs cfg.profileRelativeSessionVariables (envVar: suffixes: + flip concatMap pamProfiles (profile: + map (suffix: "${profile}${suffix}") suffixes + ) + ); + + pamVariable = n: v: + ''${n} DEFAULT="${concatStringsSep ":" (toList v)}"''; + + pamVariables = + concatStringsSep "\n" + (mapAttrsToList pamVariable + (zipAttrsWith (n: concatLists) + [ + (mapAttrs (n: toList) cfg.sessionVariables) + suffixedVariables + ])); + in + pkgs.writeText "pam-environment" "${pamVariables}\n"; }; diff --git a/nixos/modules/programs/environment.nix b/nixos/modules/programs/environment.nix index 66eb8348266..5a11c7cdabc 100644 --- a/nixos/modules/programs/environment.nix +++ b/nixos/modules/programs/environment.nix @@ -30,7 +30,7 @@ in ]; # TODO: move most of these elsewhere - environment.profileRelativeEnvVars = + environment.profileRelativeSessionVariables = { PATH = [ "/bin" ]; INFOPATH = [ "/info" "/share/info" ]; KDEDIRS = [ "" ]; diff --git a/nixos/modules/security/pam.nix b/nixos/modules/security/pam.nix index 9c7ddc2f4ee..3cf09611fba 100644 --- a/nixos/modules/security/pam.nix +++ b/nixos/modules/security/pam.nix @@ -415,7 +415,7 @@ let # Session management. ${optionalString cfg.setEnvironment '' - session required pam_env.so envfile=${config.system.build.pamEnvironment} + session required pam_env.so conffile=${config.system.build.pamEnvironment} readenv=0 ''} session required pam_unix.so ${optionalString cfg.setLoginUid diff --git a/nixos/modules/services/x11/display-managers/gdm.nix b/nixos/modules/services/x11/display-managers/gdm.nix index 3f1669d0851..a58febb3341 100644 --- a/nixos/modules/services/x11/display-managers/gdm.nix +++ b/nixos/modules/services/x11/display-managers/gdm.nix @@ -262,7 +262,7 @@ in password required pam_deny.so session required pam_succeed_if.so audit quiet_success user = gdm - session required pam_env.so envfile=${config.system.build.pamEnvironment} + session required pam_env.so conffile=${config.system.build.pamEnvironment} readenv=0 session optional ${pkgs.systemd}/lib/security/pam_systemd.so session optional pam_keyinit.so force revoke session optional pam_permit.so diff --git a/nixos/modules/services/x11/display-managers/lightdm.nix b/nixos/modules/services/x11/display-managers/lightdm.nix index c26a5b61535..f105cb496e6 100644 --- a/nixos/modules/services/x11/display-managers/lightdm.nix +++ b/nixos/modules/services/x11/display-managers/lightdm.nix @@ -249,7 +249,7 @@ in password required pam_deny.so session required pam_succeed_if.so audit quiet_success user = lightdm - session required pam_env.so envfile=${config.system.build.pamEnvironment} + session required pam_env.so conffile=${config.system.build.pamEnvironment} readenv=0 session optional ${pkgs.systemd}/lib/security/pam_systemd.so session optional pam_keyinit.so force revoke session optional pam_permit.so diff --git a/nixos/modules/services/x11/display-managers/sddm.nix b/nixos/modules/services/x11/display-managers/sddm.nix index c6cb281c2cc..1a6df194084 100644 --- a/nixos/modules/services/x11/display-managers/sddm.nix +++ b/nixos/modules/services/x11/display-managers/sddm.nix @@ -242,7 +242,7 @@ in password required pam_deny.so session required pam_succeed_if.so audit quiet_success user = sddm - session required pam_env.so envfile=${config.system.build.pamEnvironment} + session required pam_env.so conffile=${config.system.build.pamEnvironment} readenv=0 session optional ${pkgs.systemd}/lib/security/pam_systemd.so session optional pam_keyinit.so force revoke session optional pam_permit.so |