3 files changed, 6 insertions, 3 deletions

diff --git a/nixos/modules/programs/environment.nix b/nixos/modules/programs/environment.nix
index e0379a2c02af..dce757ceb623 100644
--- a/nixos/modules/programs/environment.nix
+++ b/nixos/modules/programs/environment.nix
@@ -28,6 +28,7 @@ in
           [ "/nix/var/nix/profiles/per-user/root/channels/nixos"
             "nixpkgs=/etc/nixos/nixpkgs"
             "nixos-config=/etc/nixos/configuration.nix"
+            "/nix/var/nix/profiles/per-user/root/channels"
           ];
       };
 
diff --git a/nixos/modules/programs/shadow.nix b/nixos/modules/programs/shadow.nix
index 895ecb122cb6..566398d839fd 100644
--- a/nixos/modules/programs/shadow.nix
+++ b/nixos/modules/programs/shadow.nix
@@ -100,8 +100,10 @@ in
         chgpasswd = { rootOK = true; };
       };
 
-    security.setuidPrograms = [ "passwd" "chfn" "su" "sg" "newgrp"
-      "newuidmap" "newgidmap"  # new in shadow 4.2.x
+    security.setuidPrograms = [ "su" "chfn" ]
+      ++ lib.optionals config.users.mutableUsers
+      [ "passwd" "sg" "newgrp"
+        "newuidmap" "newgidmap" # new in shadow 4.2.x
       ];
 
   };
diff --git a/nixos/modules/programs/shell.nix b/nixos/modules/programs/shell.nix
index 80d40a7c708c..d8845fd8f446 100644
--- a/nixos/modules/programs/shell.nix
+++ b/nixos/modules/programs/shell.nix
@@ -53,7 +53,7 @@ in
           # Set up a default Nix expression from which to install stuff.
           if [ ! -e $HOME/.nix-defexpr -o -L $HOME/.nix-defexpr ]; then
               rm -f $HOME/.nix-defexpr
-              mkdir $HOME/.nix-defexpr
+              mkdir -p $HOME/.nix-defexpr
               if [ "$USER" != root ]; then
                   ln -s /nix/var/nix/profiles/per-user/root/channels $HOME/.nix-defexpr/channels_root
               fi