pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / config / system-environment.nix
at 25.11-pre 3.6 kB view raw
1# This module defines a system-wide environment that will be 2# initialised by pam_env (that is, not only in shells). 3{ 4 config, 5 lib, 6 options, 7 pkgs, 8 ... 9}: 10let 11 12 cfg = config.environment; 13 14in 15 16{ 17 18 options = { 19 20 environment.sessionVariables = lib.mkOption { 21 default = { }; 22 description = '' 23 A set of environment variables used in the global environment. 24 These variables will be set by PAM early in the login process. 25 26 The value of each session variable can be either a string or a 27 list of strings. The latter is concatenated, interspersed with 28 colon characters. 29 30 Setting a variable to `null` does nothing. You can override a 31 variable set by another module to `null` to unset it. 32 33 Note, due to limitations in the PAM format values may not 34 contain the `"` character. 35 36 Also, these variables are merged into 37 [](#opt-environment.variables) and it is 38 therefore not possible to use PAM style variables such as 39 `@{HOME}`. 40 ''; 41 inherit (options.environment.variables) type apply; 42 }; 43 44 environment.profileRelativeSessionVariables = lib.mkOption { 45 type = lib.types.attrsOf (lib.types.listOf lib.types.str); 46 example = { 47 PATH = [ "/bin" ]; 48 MANPATH = [ 49 "/man" 50 "/share/man" 51 ]; 52 }; 53 description = '' 54 Attribute set of environment variable used in the global 55 environment. These variables will be set by PAM early in the 56 login process. 57 58 Variable substitution is available as described in 59 {manpage}`pam_env.conf(5)`. 60 61 Each attribute maps to a list of relative paths. Each relative 62 path is appended to the each profile of 63 {option}`environment.profiles` to form the content of 64 the corresponding environment variable. 65 66 Also, these variables are merged into 67 [](#opt-environment.profileRelativeEnvVars) and it is 68 therefore not possible to use PAM style variables such as 69 `@{HOME}`. 70 ''; 71 }; 72 73 }; 74 75 config = { 76 environment.etc."pam/environment".text = 77 let 78 suffixedVariables = lib.flip lib.mapAttrs cfg.profileRelativeSessionVariables ( 79 envVar: suffixes: 80 lib.flip lib.concatMap cfg.profiles (profile: map (suffix: "${profile}${suffix}") suffixes) 81 ); 82 83 # We're trying to use the same syntax for PAM variables and env variables. 84 # That means we need to map the env variables that people might use to their 85 # equivalent PAM variable. 86 replaceEnvVars = lib.replaceStrings [ "$HOME" "$USER" ] [ "@{HOME}" "@{PAM_USER}" ]; 87 88 pamVariable = 89 n: v: ''${n} DEFAULT="${lib.concatStringsSep ":" (map replaceEnvVars (lib.toList v))}"''; 90 91 pamVariables = lib.concatStringsSep "\n" ( 92 lib.mapAttrsToList pamVariable ( 93 lib.zipAttrsWith (n: lib.concatLists) [ 94 # Make sure security wrappers are prioritized without polluting 95 # shell environments with an extra entry. Sessions which depend on 96 # pam for its environment will otherwise have eg. broken sudo. In 97 # particular Gnome Shell sometimes fails to source a proper 98 # environment from a shell. 99 { PATH = [ config.security.wrapperDir ]; } 100 101 (lib.mapAttrs (n: lib.toList) cfg.sessionVariables) 102 suffixedVariables 103 ] 104 ) 105 ); 106 in 107 '' 108 ${pamVariables} 109 ''; 110 }; 111 112}