From 866cc3e7923633095dce48493303c52238e16637 Mon Sep 17 00:00:00 2001 From: Robert Helgesson Date: Mon, 19 Aug 2019 16:05:10 +0200 Subject: nixos/system-environment: introduce environment.profileRelativeSessionVariables There is a need for having sessionVariables set relative to the Nix Profiles. Such as in #68383. --- nixos/modules/config/system-environment.nix | 76 +++++++++++++++++++++++++---- 1 file changed, 66 insertions(+), 10 deletions(-) (limited to 'nixos/modules/config/system-environment.nix') diff --git a/nixos/modules/config/system-environment.nix b/nixos/modules/config/system-environment.nix index 6011e354ece4..792d1dbb38f6 100644 --- a/nixos/modules/config/system-environment.nix +++ b/nixos/modules/config/system-environment.nix @@ -8,6 +8,11 @@ let cfg = config.environment; + pamProfiles = + map + (replaceStrings ["$HOME" "$USER"] ["@{HOME}" "@{PAM_USER}"]) + cfg.profiles; + in { @@ -18,25 +23,76 @@ in default = {}; description = '' A set of environment variables used in the global environment. - These variables will be set by PAM. - The value of each variable can be either a string or a list of - strings. The latter is concatenated, interspersed with colon - characters. + These variables will be set by PAM early in the login process. + + The value of each session variable can be either a string or a + list of strings. The latter is concatenated, interspersed with + colon characters. + + Note, due to limitations in the PAM format values may not + contain the " character. + + Also, these variables are merged into + and it is + therefore not possible to use PAM style variables such as + @{HOME}. ''; type = with types; attrsOf (either str (listOf str)); apply = mapAttrs (n: v: if isList v then concatStringsSep ":" v else v); }; + environment.profileRelativeSessionVariables = mkOption { + type = types.attrsOf (types.listOf types.str); + example = { PATH = [ "/bin" ]; MANPATH = [ "/man" "/share/man" ]; }; + description = '' + Attribute set of environment variable used in the global + environment. These variables will be set by PAM early in the + login process. + + Variable substitution is available as described in + + pam_env.conf + 5 + . + + Each attribute maps to a list of relative paths. Each relative + path is appended to the each profile of + to form the content of + the corresponding environment variable. + + Also, these variables are merged into + and it is + therefore not possible to use PAM style variables such as + @{HOME}. + ''; + }; + }; config = { - system.build.pamEnvironment = pkgs.writeText "pam-environment" - '' - ${concatStringsSep "\n" ( - (mapAttrsToList (n: v: ''${n}="${concatStringsSep ":" v}"'') - (zipAttrsWith (const concatLists) ([ (mapAttrs (n: v: [ v ]) cfg.sessionVariables) ]))))} - ''; + system.build.pamEnvironment = + let + suffixedVariables = + flip mapAttrs cfg.profileRelativeSessionVariables (envVar: suffixes: + flip concatMap pamProfiles (profile: + map (suffix: "${profile}${suffix}") suffixes + ) + ); + + pamVariable = n: v: + ''${n} DEFAULT="${concatStringsSep ":" (toList v)}"''; + + pamVariables = + concatStringsSep "\n" + (mapAttrsToList pamVariable + (zipAttrsWith (n: concatLists) + [ + (mapAttrs (n: toList) cfg.sessionVariables) + suffixedVariables + ])); + in + pkgs.writeText "pam-environment" "${pamVariables}\n"; }; -- cgit 1.4.1