diff options
author | Vladimír Čunát <vcunat@gmail.com> | 2014-06-03 16:07:47 +0200 |
---|---|---|
committer | Vladimír Čunát <vcunat@gmail.com> | 2014-06-10 11:42:59 +0200 |
commit | 18a0cdd86416a8cbc263cfa8cb96c460a53f7b5c (patch) | |
tree | b29b201f19d9b2cc3941d42405fe39b1937f635e /nixos/modules/security | |
parent | 927c41e2585cf4b8d7fc1e64f8f9927af710cf94 (diff) | |
download | nixpkgs-18a0cdd86416a8cbc263cfa8cb96c460a53f7b5c.tar nixpkgs-18a0cdd86416a8cbc263cfa8cb96c460a53f7b5c.tar.gz nixpkgs-18a0cdd86416a8cbc263cfa8cb96c460a53f7b5c.tar.bz2 nixpkgs-18a0cdd86416a8cbc263cfa8cb96c460a53f7b5c.tar.lz nixpkgs-18a0cdd86416a8cbc263cfa8cb96c460a53f7b5c.tar.xz nixpkgs-18a0cdd86416a8cbc263cfa8cb96c460a53f7b5c.tar.zst nixpkgs-18a0cdd86416a8cbc263cfa8cb96c460a53f7b5c.zip |
Merge #2692: Use pam_env to properly setup system-wide env
Diffstat (limited to 'nixos/modules/security')
-rw-r--r-- | nixos/modules/security/ca.nix | 8 | ||||
-rw-r--r-- | nixos/modules/security/pam.nix | 1 | ||||
-rw-r--r-- | nixos/modules/security/sudo.nix | 3 |
3 files changed, 6 insertions, 6 deletions
diff --git a/nixos/modules/security/ca.nix b/nixos/modules/security/ca.nix index f159e359f96..57764dc870f 100644 --- a/nixos/modules/security/ca.nix +++ b/nixos/modules/security/ca.nix @@ -12,9 +12,11 @@ with lib; } ]; - environment.variables.OPENSSL_X509_CERT_FILE = "/etc/ssl/certs/ca-bundle.crt"; - environment.variables.CURL_CA_BUNDLE = "/etc/ssl/certs/ca-bundle.crt"; - environment.variables.GIT_SSL_CAINFO = "/etc/ssl/certs/ca-bundle.crt"; + environment.systemVariables = + { OPENSSL_X509_CERT_FILE = "/etc/ssl/certs/ca-bundle.crt"; + CURL_CA_BUNDLE = "/etc/ssl/certs/ca-bundle.crt"; + GIT_SSL_CAINFO = "/etc/ssl/certs/ca-bundle.crt"; + }; }; diff --git a/nixos/modules/security/pam.nix b/nixos/modules/security/pam.nix index 6a5eb4c720f..02340fd78e8 100644 --- a/nixos/modules/security/pam.nix +++ b/nixos/modules/security/pam.nix @@ -186,6 +186,7 @@ let "password optional ${pkgs.samba}/lib/security/pam_smbpass.so nullok use_authtok try_first_pass"} # Session management. + session required pam_env.so envfile=${config.system.build.pamEnvironment} session required pam_unix.so ${optionalString cfg.setLoginUid "session required pam_loginuid.so"} diff --git a/nixos/modules/security/sudo.nix b/nixos/modules/security/sudo.nix index cce1e785563..e8ed545c8cc 100644 --- a/nixos/modules/security/sudo.nix +++ b/nixos/modules/security/sudo.nix @@ -58,9 +58,6 @@ in # Don't edit this file. Set the NixOS option ‘security.sudo.configFile’ instead. # Environment variables to keep for root and %wheel. - Defaults:root,%wheel env_keep+=LOCALE_ARCHIVE - Defaults:root,%wheel env_keep+=NIX_CONF_DIR - Defaults:root,%wheel env_keep+=NIX_PATH Defaults:root,%wheel env_keep+=TERMINFO_DIRS Defaults:root,%wheel env_keep+=TERMINFO |