public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/system-environment: introduce environment.profileRelativeSessionVariables

Browse Source 
There is a need for having sessionVariables set relative to the Nix Profiles.
Such as in #68383.
This commit is contained in:
Robert Helgesson 2019-08-19 16:05:10 +02:00 committed by worldofpeace
parent f7571a06af
commit 866cc3e792
7 changed files with 73 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
nixos/modules/config/shells-environment.nix
View File

@ -157,6 +157,8 @@ in
# terminal instead of logging out of X11). # terminal instead of logging out of X11).
environment.variables = config.environment.sessionVariables; environment.variables = config.environment.sessionVariables;
environment.profileRelativeEnvVars = config.environment.profileRelativeSessionVariables;
environment.shellAliases = mapAttrs (name: mkDefault) { environment.shellAliases = mapAttrs (name: mkDefault) {
ls = "ls --color=tty"; ls = "ls --color=tty";
ll = "ls -l"; ll = "ls -l";

76
nixos/modules/config/system-environment.nix
View File

@ -8,6 +8,11 @@ let
cfg = config.environment; cfg = config.environment;
pamProfiles =
map
(replaceStrings ["$HOME" "$USER"] ["@{HOME}" "@{PAM_USER}"])
cfg.profiles;
in in
{ {
@ -18,25 +23,76 @@ in
default = {}; default = {};
description = '' description = ''
A set of environment variables used in the global environment. A set of environment variables used in the global environment.
These variables will be set by PAM. These variables will be set by PAM early in the login process.
The value of each variable can be either a string or a list of
strings. The latter is concatenated, interspersed with colon The value of each session variable can be either a string or a
characters. list of strings. The latter is concatenated, interspersed with
colon characters.
Note, due to limitations in the PAM format values may not
contain the <literal>"</literal> character.
Also, these variables are merged into
<xref linkend="opt-environment.variables"/> and it is
therefore not possible to use PAM style variables such as
<code>@{HOME}</code>.
''; '';
type = with types; attrsOf (either str (listOf str)); type = with types; attrsOf (either str (listOf str));
apply = mapAttrs (n: v: if isList v then concatStringsSep ":" v else v); apply = mapAttrs (n: v: if isList v then concatStringsSep ":" v else v);
}; };
environment.profileRelativeSessionVariables = mkOption {
type = types.attrsOf (types.listOf types.str);
example = { PATH = [ "/bin" ]; MANPATH = [ "/man" "/share/man" ]; };
description = ''
Attribute set of environment variable used in the global
environment. These variables will be set by PAM early in the
login process.
Variable substitution is available as described in
<citerefentry>
<refentrytitle>pam_env.conf</refentrytitle>
<manvolnum>5</manvolnum>
</citerefentry>.
Each attribute maps to a list of relative paths. Each relative
path is appended to the each profile of
<option>environment.profiles</option> to form the content of
the corresponding environment variable.
Also, these variables are merged into
<xref linkend="opt-environment.profileRelativeEnvVars"/> and it is
therefore not possible to use PAM style variables such as
<code>@{HOME}</code>.
'';
};
}; };
config = { config = {
system.build.pamEnvironment = pkgs.writeText "pam-environment" system.build.pamEnvironment =
'' let
${concatStringsSep "\n" ( suffixedVariables =
(mapAttrsToList (n: v: ''${n}="${concatStringsSep ":" v}"'') flip mapAttrs cfg.profileRelativeSessionVariables (envVar: suffixes:
(zipAttrsWith (const concatLists) ([ (mapAttrs (n: v: [ v ]) cfg.sessionVariables) ]))))} flip concatMap pamProfiles (profile:
''; map (suffix: "${profile}${suffix}") suffixes
)
);
pamVariable = n: v:
''${n} DEFAULT="${concatStringsSep ":" (toList v)}"'';
pamVariables =
concatStringsSep "\n"
(mapAttrsToList pamVariable
(zipAttrsWith (n: concatLists)
[
(mapAttrs (n: toList) cfg.sessionVariables)
suffixedVariables
]));
in
pkgs.writeText "pam-environment" "${pamVariables}\n";
}; };

2
nixos/modules/programs/environment.nix
View File

@ -30,7 +30,7 @@ in
]; ];
# TODO: move most of these elsewhere # TODO: move most of these elsewhere
environment.profileRelativeEnvVars = environment.profileRelativeSessionVariables =
{ PATH = [ "/bin" ]; { PATH = [ "/bin" ];
INFOPATH = [ "/info" "/share/info" ]; INFOPATH = [ "/info" "/share/info" ];
KDEDIRS = [ "" ]; KDEDIRS = [ "" ];

2
nixos/modules/security/pam.nix
View File

@ -415,7 +415,7 @@ let
# Session management. # Session management.
${optionalString cfg.setEnvironment '' ${optionalString cfg.setEnvironment ''
session required pam_env.so envfile=${config.system.build.pamEnvironment} session required pam_env.so conffile=${config.system.build.pamEnvironment} readenv=0
''} ''}
session required pam_unix.so session required pam_unix.so
${optionalString cfg.setLoginUid ${optionalString cfg.setLoginUid

2
nixos/modules/services/x11/display-managers/gdm.nix
View File

@ -262,7 +262,7 @@ in
password required pam_deny.so password required pam_deny.so
session required pam_succeed_if.so audit quiet_success user = gdm session required pam_succeed_if.so audit quiet_success user = gdm
session required pam_env.so envfile=${config.system.build.pamEnvironment} session required pam_env.so conffile=${config.system.build.pamEnvironment} readenv=0
session optional ${pkgs.systemd}/lib/security/pam_systemd.so session optional ${pkgs.systemd}/lib/security/pam_systemd.so
session optional pam_keyinit.so force revoke session optional pam_keyinit.so force revoke
session optional pam_permit.so session optional pam_permit.so

2
nixos/modules/services/x11/display-managers/lightdm.nix
View File

@ -249,7 +249,7 @@ in
password required pam_deny.so password required pam_deny.so
session required pam_succeed_if.so audit quiet_success user = lightdm session required pam_succeed_if.so audit quiet_success user = lightdm
session required pam_env.so envfile=${config.system.build.pamEnvironment} session required pam_env.so conffile=${config.system.build.pamEnvironment} readenv=0
session optional ${pkgs.systemd}/lib/security/pam_systemd.so session optional ${pkgs.systemd}/lib/security/pam_systemd.so
session optional pam_keyinit.so force revoke session optional pam_keyinit.so force revoke
session optional pam_permit.so session optional pam_permit.so

2
nixos/modules/services/x11/display-managers/sddm.nix
View File

@ -242,7 +242,7 @@ in
password required pam_deny.so password required pam_deny.so
session required pam_succeed_if.so audit quiet_success user = sddm session required pam_succeed_if.so audit quiet_success user = sddm
session required pam_env.so envfile=${config.system.build.pamEnvironment} session required pam_env.so conffile=${config.system.build.pamEnvironment} readenv=0
session optional ${pkgs.systemd}/lib/security/pam_systemd.so session optional ${pkgs.systemd}/lib/security/pam_systemd.so
session optional pam_keyinit.so force revoke session optional pam_keyinit.so force revoke
session optional pam_permit.so session optional pam_permit.so