From f3a114e088658786cfd5de5b2aa3e7cba9e96c64 Mon Sep 17 00:00:00 2001
From: Will Dietz <w@wdtz.org>
Date: Tue, 14 Aug 2018 22:10:15 -0500
Subject: [PATCH] NIX_PATH: don't prepend $HOME-based value in session
 variable, set later

environment.sessionVariables cannot refer to the values of env vars,
and as a result this has caused problems in a variety of scenarios.

One use for these is that they're injected into /etc/profile,
elewhere these are used to populate an 'envfile' for pam
(`pam 5 pam_env.conf`) which mentions use of HOME being
potentially problematic.

Anyway if the goal is to make things easier for users,
simply do the NIX_PATH modification as extraInit.

This fixes the annoying problems generated by the current approach
(#40165 and others) while hopefully serving the original goal.

One way to check if things are borked is to try:

$ sudo env | grep NIX_PATH

Which (before this change) prints NIX_PATH variable with
an unexpanded $HOME in the value.

-------

This does mean the following won't contain user channels for 'will':
$ sudo -u will nix-instantiate --eval -E builtins.nixPath

However AFAICT currently they won't be present either,
due to unescaped $HOME.  Unsure if similar situation for other users
of sessionVariables (not sudo) work with current situation
(if they exist they will regress after this change AFAIK).
---
 nixos/modules/services/misc/nix-daemon.nix | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/nixos/modules/services/misc/nix-daemon.nix b/nixos/modules/services/misc/nix-daemon.nix
index c0eb882c58f..9a8ca6f43bf 100644
--- a/nixos/modules/services/misc/nix-daemon.nix
+++ b/nixos/modules/services/misc/nix-daemon.nix
@@ -345,7 +345,6 @@ in
         type = types.listOf types.str;
         default =
           [
-            "$HOME/.nix-defexpr/channels"
             "nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos"
             "nixos-config=/etc/nixos/configuration.nix"
             "/nix/var/nix/profiles/per-user/root/channels"
@@ -436,7 +435,7 @@ in
 
     # Set up the environment variables for running Nix.
     environment.sessionVariables = cfg.envVars //
-      { NIX_PATH = concatStringsSep ":" cfg.nixPath;
+      { NIX_PATH = cfg.nixPath;
       };
 
     environment.extraInit = optionalString (!isNix20)
@@ -446,6 +445,8 @@ in
         if [ "$USER" != root -o ! -w /nix/var/nix/db ]; then
             export NIX_REMOTE=daemon
         fi
+      '' + ''
+        export NIX_PATH="$HOME/.nix-defexpr/channels''${NIX_PATH:+:$NIX_PATH}"
       '';
 
     nix.nrBuildUsers = mkDefault (lib.max 32 cfg.maxJobs);