Revert "Revert "Merge #2692: Use pam_env to properly setup system-wide env""

This reverts commit 491c088731022463978e595956427e72db6306a9.
author: Eelco Dolstra <eelco.dolstra@logicblox.com> 2014-06-10 13:07:10 +0200
committer: Eelco Dolstra <eelco.dolstra@logicblox.com> 2014-06-10 13:07:10 +0200
commit: 8ae659f16c0f2706bd264ba3ee880f265a847438 (patch)
tree: 4deed69afb88d9522207c8d5e9e39daa31bf3130 /nixos/modules/security
parent: 491c088731022463978e595956427e72db6306a9 (diff)
download: nixlib-8ae659f16c0f2706bd264ba3ee880f265a847438.tar
nixlib-8ae659f16c0f2706bd264ba3ee880f265a847438.tar.gz
nixlib-8ae659f16c0f2706bd264ba3ee880f265a847438.tar.bz2
nixlib-8ae659f16c0f2706bd264ba3ee880f265a847438.tar.lz
nixlib-8ae659f16c0f2706bd264ba3ee880f265a847438.tar.xz
nixlib-8ae659f16c0f2706bd264ba3ee880f265a847438.tar.zst
nixlib-8ae659f16c0f2706bd264ba3ee880f265a847438.zip
3 files changed, 6 insertions, 6 deletions
diff --git a/nixos/modules/security/ca.nix b/nixos/modules/security/ca.nix
index f159e359f968..57764dc870f3 100644
--- a/nixos/modules/security/ca.nix
+++ b/nixos/modules/security/ca.nix
@@ -12,9 +12,11 @@ with lib;
         }
       ];
 
-    environment.variables.OPENSSL_X509_CERT_FILE = "/etc/ssl/certs/ca-bundle.crt";
-    environment.variables.CURL_CA_BUNDLE = "/etc/ssl/certs/ca-bundle.crt";
-    environment.variables.GIT_SSL_CAINFO = "/etc/ssl/certs/ca-bundle.crt";
+    environment.systemVariables =
+      { OPENSSL_X509_CERT_FILE = "/etc/ssl/certs/ca-bundle.crt";
+        CURL_CA_BUNDLE         = "/etc/ssl/certs/ca-bundle.crt";
+        GIT_SSL_CAINFO         = "/etc/ssl/certs/ca-bundle.crt";
+      };
 
   };
 
diff --git a/nixos/modules/security/pam.nix b/nixos/modules/security/pam.nix
index 6a5eb4c720f8..02340fd78e8c 100644
--- a/nixos/modules/security/pam.nix
+++ b/nixos/modules/security/pam.nix
@@ -186,6 +186,7 @@ let
               "password optional ${pkgs.samba}/lib/security/pam_smbpass.so nullok use_authtok try_first_pass"}
 
           # Session management.
+          session required pam_env.so envfile=${config.system.build.pamEnvironment}
           session required pam_unix.so
           ${optionalString cfg.setLoginUid
               "session required pam_loginuid.so"}
diff --git a/nixos/modules/security/sudo.nix b/nixos/modules/security/sudo.nix
index cce1e785563b..e8ed545c8cc7 100644
--- a/nixos/modules/security/sudo.nix
+++ b/nixos/modules/security/sudo.nix
@@ -58,9 +58,6 @@ in
         # Don't edit this file. Set the NixOS option ‘security.sudo.configFile’ instead.
 
         # Environment variables to keep for root and %wheel.
-        Defaults:root,%wheel env_keep+=LOCALE_ARCHIVE
-        Defaults:root,%wheel env_keep+=NIX_CONF_DIR
-        Defaults:root,%wheel env_keep+=NIX_PATH
         Defaults:root,%wheel env_keep+=TERMINFO_DIRS
         Defaults:root,%wheel env_keep+=TERMINFO
author	Eelco Dolstra <eelco.dolstra@logicblox.com>	2014-06-10 13:07:10 +0200
committer	Eelco Dolstra <eelco.dolstra@logicblox.com>	2014-06-10 13:07:10 +0200
commit	8ae659f16c0f2706bd264ba3ee880f265a847438 (patch)
tree	4deed69afb88d9522207c8d5e9e39daa31bf3130 /nixos/modules/security
parent	491c088731022463978e595956427e72db6306a9 (diff)
download	nixlib-8ae659f16c0f2706bd264ba3ee880f265a847438.tar nixlib-8ae659f16c0f2706bd264ba3ee880f265a847438.tar.gz nixlib-8ae659f16c0f2706bd264ba3ee880f265a847438.tar.bz2 nixlib-8ae659f16c0f2706bd264ba3ee880f265a847438.tar.lz nixlib-8ae659f16c0f2706bd264ba3ee880f265a847438.tar.xz nixlib-8ae659f16c0f2706bd264ba3ee880f265a847438.tar.zst nixlib-8ae659f16c0f2706bd264ba3ee880f265a847438.zip