Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Request: support NixOS's environment.sessionVariables #1210

Open
z0al opened this issue Dec 3, 2024 · 4 comments
Open

Request: support NixOS's environment.sessionVariables #1210

z0al opened this issue Dec 3, 2024 · 4 comments

Comments

@z0al
Copy link
Contributor

z0al commented Dec 3, 2024
edited
Loading

It would be cool to support environment.sessionVariables

From docs:

A set of environment variables used in the global environment. These variables will be set by PAM early in the login process.

The value of each session variable can be either a string or a list of strings. The latter is concatenated, interspersed with colon characters.

Note, due to limitations in the PAM format values may not contain the " character.

Also, these variables are merged into environment.variables and it is therefore not possible to use PAM style variables such as @{HOME}.
@Enzime
Copy link
Collaborator

Enzime commented Dec 4, 2024

Looks like it should be possible as pam_env is available on macOS:

https://keith.github.io/xcode-man-pages/pam_env.8.html

@z0al
Copy link
Contributor Author

z0al commented Dec 5, 2024
edited
Loading

NixOS seems to add the following (among other things) to /etc/pam.d/login

 session    required       pam_env.so conffile=/etc/pam/environment readenv=1

And then populate the env vars to /etc/pam/environment e.g.

VAR_NAME    DEFAULT="DEFAULT_VALUE"

My concern is that pam config in NixOS are fully declartive and NixOS has full control. But on darwin, the /etc/pam.d/login is already populated with the following:

# login: auth account password session
auth       optional       pam_krb5.so use_kcminit
auth       optional       pam_ntlm.so try_first_pass
auth       optional       pam_mount.so try_first_pass
auth       required       pam_opendirectory.so try_first_pass
account    required       pam_nologin.so
account    required       pam_opendirectory.so
password   required       pam_opendirectory.so
session    required       pam_launchd.so
session    required       pam_uwtmp.so
session    optional       pam_mount.so

I don't know anything about pam so I don't know what to do with the rest of the config.

P.S. I'm also not sure if it's just my machine or if that is the default macos pam config.

@z0al
Copy link
Contributor Author

z0al commented Dec 5, 2024
edited
Loading

By the way, I tried adding the necessary lines☝🏻 manually on my machine and it doesn't work 🤷🏻

Searching the internet, I learned about launchctl setenv VAR VALUE which could be an alternative except for the fact there is no way to run that early enough during login (launchd certainly can't run before apps, especially the ones that the system restores) + it doesn't support variables expansion like $HOME AFAIK

@Enzime
Copy link
Collaborator

Enzime commented Dec 6, 2024
edited
Loading

I believe that's the default file from macOS, I would try adding the session required pam_env.so ... line to be the first session line out of all the other session lines and then making sure you restart to see if the environment variable got set

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Enzime @z0al