nixpkgs/nixos/modules/config/system-environment.nix

# This module defines a system-wide environment that will be
# initialised by pam_env (that is, not only in shells).
{ config, lib, pkgs, ... }:

with lib;

let

  cfg = config.environment;

in

{

  options = {

    environment.sessionVariables = mkOption {
      default = {};
      description = ''
        A set of environment variables used in the global environment.
        These variables will be set by PAM early in the login process.

        The value of each session variable can be either a string or a
        list of strings. The latter is concatenated, interspersed with
        colon characters.

        Note, due to limitations in the PAM format values may not
        contain the <literal>"</literal> character.

        Also, these variables are merged into
        <xref linkend="opt-environment.variables"/> and it is
        therefore not possible to use PAM style variables such as
        <code>@{HOME}</code>.
      '';
      type = with types; attrsOf (either str (listOf str));
      apply = mapAttrs (n: v: if isList v then concatStringsSep ":" v else v);
    };

    environment.profileRelativeSessionVariables = mkOption {
      type = types.attrsOf (types.listOf types.str);
      example = { PATH = [ "/bin" ]; MANPATH = [ "/man" "/share/man" ]; };
      description = ''
        Attribute set of environment variable used in the global
        environment. These variables will be set by PAM early in the
        login process.

        Variable substitution is available as described in
        <citerefentry>
          <refentrytitle>pam_env.conf</refentrytitle>
          <manvolnum>5</manvolnum>
        </citerefentry>.

        Each attribute maps to a list of relative paths. Each relative
        path is appended to the each profile of
        <option>environment.profiles</option> to form the content of
        the corresponding environment variable.

        Also, these variables are merged into
        <xref linkend="opt-environment.profileRelativeEnvVars"/> and it is
        therefore not possible to use PAM style variables such as
        <code>@{HOME}</code>.
      '';
    };

  };

  config = {

    system.build.pamEnvironment =
      let
        suffixedVariables =
          flip mapAttrs cfg.profileRelativeSessionVariables (envVar: suffixes:
            flip concatMap cfg.profiles (profile:
              map (suffix: "${profile}${suffix}") suffixes
            )
          );

        # We're trying to use the same syntax for PAM variables and env variables.
        # That means we need to map the env variables that people might use to their
        # equivalent PAM variable.
        replaceEnvVars = replaceStrings ["$HOME" "$USER"] ["@{HOME}" "@{PAM_USER}"];

        pamVariable = n: v:
          ''${n}   DEFAULT="${concatStringsSep ":" (map replaceEnvVars (toList v))}"'';

        pamVariables =
          concatStringsSep "\n"
          (mapAttrsToList pamVariable
          (zipAttrsWith (n: concatLists)
            [
              (mapAttrs (n: toList) cfg.sessionVariables)
              suffixedVariables
            ]));
      in
        pkgs.writeText "pam-environment" "${pamVariables}\n";

  };

}
Revert "Revert "Merge #2692: Use pam_env to properly setup system-wide env"" This reverts commit 491c088731022463978e595956427e72db6306a9. 2014-06-10 13:07:10 +02:00			`# This module defines a system-wide environment that will be`
			`# initialised by pam_env (that is, not only in shells).`
			`{ config, lib, pkgs, ... }:`

			`with lib;`

			`let`

			`cfg = config.environment;`

			`in`

			`{`

			`options = {`

Rename environment.systemVariables -> environment.sessionVariables This makes it clearer that they're part of PAM sessions. 2014-06-13 17:56:46 +02:00			`environment.sessionVariables = mkOption {`
Revert "Revert "Merge #2692: Use pam_env to properly setup system-wide env"" This reverts commit 491c088731022463978e595956427e72db6306a9. 2014-06-10 13:07:10 +02:00			`default = {};`
			`description = ''`
			`A set of environment variables used in the global environment.`
nixos/system-environment: introduce environment.profileRelativeSessionVariables There is a need for having sessionVariables set relative to the Nix Profiles. Such as in #68383. 2019-08-19 16:05:10 +02:00			`These variables will be set by PAM early in the login process.`

			`The value of each session variable can be either a string or a`
			`list of strings. The latter is concatenated, interspersed with`
			`colon characters.`

			`Note, due to limitations in the PAM format values may not`
			`contain the <literal>"</literal> character.`

			`Also, these variables are merged into`
			`<xref linkend="opt-environment.variables"/> and it is`
			`therefore not possible to use PAM style variables such as`
			`<code>@{HOME}</code>.`
Revert "Revert "Merge #2692: Use pam_env to properly setup system-wide env"" This reverts commit 491c088731022463978e595956427e72db6306a9. 2014-06-10 13:07:10 +02:00			`'';`
types: loeOf -> listOf 2016-11-04 13:33:59 +09:00			`type = with types; attrsOf (either str (listOf str));`
Revert "Revert "Merge #2692: Use pam_env to properly setup system-wide env"" This reverts commit 491c088731022463978e595956427e72db6306a9. 2014-06-10 13:07:10 +02:00			`apply = mapAttrs (n: v: if isList v then concatStringsSep ":" v else v);`
			`};`

nixos/system-environment: introduce environment.profileRelativeSessionVariables There is a need for having sessionVariables set relative to the Nix Profiles. Such as in #68383. 2019-08-19 16:05:10 +02:00			`environment.profileRelativeSessionVariables = mkOption {`
			`type = types.attrsOf (types.listOf types.str);`
			`example = { PATH = [ "/bin" ]; MANPATH = [ "/man" "/share/man" ]; };`
			`description = ''`
			`Attribute set of environment variable used in the global`
			`environment. These variables will be set by PAM early in the`
			`login process.`

			`Variable substitution is available as described in`
			`<citerefentry>`
			`<refentrytitle>pam_env.conf</refentrytitle>`
			`<manvolnum>5</manvolnum>`
			`</citerefentry>.`

			`Each attribute maps to a list of relative paths. Each relative`
			`path is appended to the each profile of`
			`<option>environment.profiles</option> to form the content of`
			`the corresponding environment variable.`

			`Also, these variables are merged into`
			`<xref linkend="opt-environment.profileRelativeEnvVars"/> and it is`
			`therefore not possible to use PAM style variables such as`
			`<code>@{HOME}</code>.`
			`'';`
			`};`

Revert "Revert "Merge #2692: Use pam_env to properly setup system-wide env"" This reverts commit 491c088731022463978e595956427e72db6306a9. 2014-06-10 13:07:10 +02:00			`};`

			`config = {`

nixos/system-environment: introduce environment.profileRelativeSessionVariables There is a need for having sessionVariables set relative to the Nix Profiles. Such as in #68383. 2019-08-19 16:05:10 +02:00			`system.build.pamEnvironment =`
			`let`
			`suffixedVariables =`
			`flip mapAttrs cfg.profileRelativeSessionVariables (envVar: suffixes:`
nixos/system-environment: replace env vars in values of variables too We were only replacing them in the profiles. We also need to do this in the values of variables, including both the session-relative variables and the non-session-relative variables. 2019-09-30 20:41:20 +01:00			`flip concatMap cfg.profiles (profile:`
nixos/system-environment: introduce environment.profileRelativeSessionVariables There is a need for having sessionVariables set relative to the Nix Profiles. Such as in #68383. 2019-08-19 16:05:10 +02:00			`map (suffix: "${profile}${suffix}") suffixes`
			`)`
			`);`

nixos/system-environment: replace env vars in values of variables too We were only replacing them in the profiles. We also need to do this in the values of variables, including both the session-relative variables and the non-session-relative variables. 2019-09-30 20:41:20 +01:00			`# We're trying to use the same syntax for PAM variables and env variables.`
			`# That means we need to map the env variables that people might use to their`
			`# equivalent PAM variable.`
nixos/system-environment: use pam syntax for home variable 2019-10-05 09:43:47 -04:00			`replaceEnvVars = replaceStrings ["$HOME" "$USER"] ["@{HOME}" "@{PAM_USER}"];`
nixos/system-environment: replace env vars in values of variables too We were only replacing them in the profiles. We also need to do this in the values of variables, including both the session-relative variables and the non-session-relative variables. 2019-09-30 20:41:20 +01:00
nixos/system-environment: introduce environment.profileRelativeSessionVariables There is a need for having sessionVariables set relative to the Nix Profiles. Such as in #68383. 2019-08-19 16:05:10 +02:00			`pamVariable = n: v:`
nixos/system-environment: replace env vars in values of variables too We were only replacing them in the profiles. We also need to do this in the values of variables, including both the session-relative variables and the non-session-relative variables. 2019-09-30 20:41:20 +01:00			`''${n} DEFAULT="${concatStringsSep ":" (map replaceEnvVars (toList v))}"'';`
nixos/system-environment: introduce environment.profileRelativeSessionVariables There is a need for having sessionVariables set relative to the Nix Profiles. Such as in #68383. 2019-08-19 16:05:10 +02:00
			`pamVariables =`
			`concatStringsSep "\n"`
			`(mapAttrsToList pamVariable`
			`(zipAttrsWith (n: concatLists)`
			`[`
			`(mapAttrs (n: toList) cfg.sessionVariables)`
			`suffixedVariables`
			`]));`
			`in`
			`pkgs.writeText "pam-environment" "${pamVariables}\n";`
Revert "Revert "Merge #2692: Use pam_env to properly setup system-wide env"" This reverts commit 491c088731022463978e595956427e72db6306a9. 2014-06-10 13:07:10 +02:00
			`};`

			`}`