diff options
Diffstat (limited to 'nixpkgs/nixos/modules/config/system-environment.nix')
-rw-r--r-- | nixpkgs/nixos/modules/config/system-environment.nix | 70 |
1 files changed, 34 insertions, 36 deletions
diff --git a/nixpkgs/nixos/modules/config/system-environment.nix b/nixpkgs/nixos/modules/config/system-environment.nix index 4888740ba3d5..d2a66b8d932d 100644 --- a/nixpkgs/nixos/modules/config/system-environment.nix +++ b/nixpkgs/nixos/modules/config/system-environment.nix @@ -65,42 +65,40 @@ in }; config = { - - system.build.pamEnvironment = - let - suffixedVariables = - flip mapAttrs cfg.profileRelativeSessionVariables (envVar: suffixes: - flip concatMap cfg.profiles (profile: - map (suffix: "${profile}${suffix}") suffixes - ) - ); - - # We're trying to use the same syntax for PAM variables and env variables. - # That means we need to map the env variables that people might use to their - # equivalent PAM variable. - replaceEnvVars = replaceStrings ["$HOME" "$USER"] ["@{HOME}" "@{PAM_USER}"]; - - pamVariable = n: v: - ''${n} DEFAULT="${concatStringsSep ":" (map replaceEnvVars (toList v))}"''; - - pamVariables = - concatStringsSep "\n" - (mapAttrsToList pamVariable - (zipAttrsWith (n: concatLists) - [ - # Make sure security wrappers are prioritized without polluting - # shell environments with an extra entry. Sessions which depend on - # pam for its environment will otherwise have eg. broken sudo. In - # particular Gnome Shell sometimes fails to source a proper - # environment from a shell. - { PATH = [ config.security.wrapperDir ]; } - - (mapAttrs (n: toList) cfg.sessionVariables) - suffixedVariables - ])); - in - pkgs.writeText "pam-environment" "${pamVariables}\n"; - + environment.etc."pam/environment".text = let + suffixedVariables = + flip mapAttrs cfg.profileRelativeSessionVariables (envVar: suffixes: + flip concatMap cfg.profiles (profile: + map (suffix: "${profile}${suffix}") suffixes + ) + ); + + # We're trying to use the same syntax for PAM variables and env variables. + # That means we need to map the env variables that people might use to their + # equivalent PAM variable. + replaceEnvVars = replaceStrings ["$HOME" "$USER"] ["@{HOME}" "@{PAM_USER}"]; + + pamVariable = n: v: + ''${n} DEFAULT="${concatStringsSep ":" (map replaceEnvVars (toList v))}"''; + + pamVariables = + concatStringsSep "\n" + (mapAttrsToList pamVariable + (zipAttrsWith (n: concatLists) + [ + # Make sure security wrappers are prioritized without polluting + # shell environments with an extra entry. Sessions which depend on + # pam for its environment will otherwise have eg. broken sudo. In + # particular Gnome Shell sometimes fails to source a proper + # environment from a shell. + { PATH = [ config.security.wrapperDir ]; } + + (mapAttrs (n: toList) cfg.sessionVariables) + suffixedVariables + ])); + in '' + ${pamVariables} + ''; }; } |