nixos/system-environment: prepend wrapperDir to PATH (#70430)

This fixes user environment setup for sessions which doesn't successfully go
through a shell init.

Note we don't go through `sessionVariables` as we want the wrappers to have
highest priority. It would also cause wrapperDir to occur twice when in shell
sessions, as shells use `sessionVariables` too while prepending wrapperDir in a
custom snippet.

In particular logging in and out of gnome-shell could result in a broken path
without this fix.

1 files changed, 7 insertions, 0 deletions

diff --git a/nixos/modules/config/system-environment.nix b/nixos/modules/config/system-environment.nix
index 361c3cfc553..4888740ba3d 100644
--- a/nixos/modules/config/system-environment.nix
+++ b/nixos/modules/config/system-environment.nix
@@ -88,6 +88,13 @@ in
           (mapAttrsToList pamVariable
           (zipAttrsWith (n: concatLists)
             [
+              # Make sure security wrappers are prioritized without polluting
+              # shell environments with an extra entry. Sessions which depend on
+              # pam for its environment will otherwise have eg. broken sudo. In
+              # particular Gnome Shell sometimes fails to source a proper
+              # environment from a shell.
+              { PATH = [ config.security.wrapperDir ]; }
+
               (mapAttrs (n: toList) cfg.sessionVariables)
               suffixedVariables
             ]));