home-environment: optionally empty PATH in activation
This adds the option `home.emptyActivationPath` that, when enabled, will cause the activation script to ignore the calling user's `PATH`. The option is disabled by default to match current behavior but the intent is to change this in the future to reduce risk of accidental dependencies of the environment.
This commit is contained in:
parent
2ff09158f3
commit
28e00b68fd
|
@ -169,6 +169,17 @@ in
|
||||||
description = "The derivation installing the user packages.";
|
description = "The derivation installing the user packages.";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
home.emptyActivationPath = mkOption {
|
||||||
|
internal = true;
|
||||||
|
default = false;
|
||||||
|
type = types.bool;
|
||||||
|
description = ''
|
||||||
|
Whether the activation script should start with an empty
|
||||||
|
<envvar>PATH</envvar> variable. When <literal>false</literal>
|
||||||
|
then the user's <envvar>PATH</envvar> will be used.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
home.activation = mkOption {
|
home.activation = mkOption {
|
||||||
internal = true;
|
internal = true;
|
||||||
default = {};
|
default = {};
|
||||||
|
@ -263,7 +274,8 @@ in
|
||||||
pkgs.gnused
|
pkgs.gnused
|
||||||
pkgs.ncurses # For `tput`.
|
pkgs.ncurses # For `tput`.
|
||||||
pkgs.nix
|
pkgs.nix
|
||||||
];
|
]
|
||||||
|
+ optionalString (!cfg.emptyActivationPath) "\${PATH:+:}$PATH";
|
||||||
|
|
||||||
activationScript = pkgs.writeScript "activation-script" ''
|
activationScript = pkgs.writeScript "activation-script" ''
|
||||||
#!${pkgs.stdenv.shell}
|
#!${pkgs.stdenv.shell}
|
||||||
|
@ -271,7 +283,7 @@ in
|
||||||
set -eu
|
set -eu
|
||||||
set -o pipefail
|
set -o pipefail
|
||||||
|
|
||||||
export PATH="${activationBinPaths}:$PATH"
|
export PATH="${activationBinPaths}"
|
||||||
|
|
||||||
. ${./lib-bash/color-echo.sh}
|
. ${./lib-bash/color-echo.sh}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue