5a303093dc
'nix-daemon' now creates subdirectories for users when they first connect. Fixes #509 (CVE-2019-17365). Should also fix #3127.
55 lines
2.3 KiB
Bash
55 lines
2.3 KiB
Bash
# Only execute this file once per shell.
|
|
if [ -n "${__ETC_PROFILE_NIX_SOURCED:-}" ]; then return; fi
|
|
__ETC_PROFILE_NIX_SOURCED=1
|
|
|
|
export NIX_USER_PROFILE_DIR="@localstatedir@/nix/profiles/per-user/$USER"
|
|
export NIX_PROFILES="@localstatedir@/nix/profiles/default $HOME/.nix-profile"
|
|
|
|
if test -w $HOME; then
|
|
if ! test -L $HOME/.nix-profile; then
|
|
if test "$USER" != root; then
|
|
ln -s $NIX_USER_PROFILE_DIR/profile $HOME/.nix-profile
|
|
else
|
|
# Root installs in the system-wide profile by default.
|
|
ln -s @localstatedir@/nix/profiles/default $HOME/.nix-profile
|
|
fi
|
|
fi
|
|
|
|
# Subscribe the root user to the NixOS channel by default.
|
|
if [ "$USER" = root -a ! -e $HOME/.nix-channels ]; then
|
|
echo "https://nixos.org/channels/nixpkgs-unstable nixpkgs" > $HOME/.nix-channels
|
|
fi
|
|
|
|
# Set up a default Nix expression from which to install stuff.
|
|
if [ ! -e $HOME/.nix-defexpr -o -L $HOME/.nix-defexpr ]; then
|
|
rm -f $HOME/.nix-defexpr
|
|
mkdir -p $HOME/.nix-defexpr
|
|
if [ "$USER" != root ]; then
|
|
ln -s @localstatedir@/nix/profiles/per-user/root/channels $HOME/.nix-defexpr/channels_root
|
|
fi
|
|
fi
|
|
fi
|
|
|
|
|
|
# Set $NIX_SSL_CERT_FILE so that Nixpkgs applications like curl work.
|
|
if [ ! -z "${NIX_SSL_CERT_FILE:-}" ]; then
|
|
: # Allow users to override the NIX_SSL_CERT_FILE
|
|
elif [ -e /etc/ssl/certs/ca-certificates.crt ]; then # NixOS, Ubuntu, Debian, Gentoo, Arch
|
|
export NIX_SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
|
|
elif [ -e /etc/ssl/ca-bundle.pem ]; then # openSUSE Tumbleweed
|
|
export NIX_SSL_CERT_FILE=/etc/ssl/ca-bundle.pem
|
|
elif [ -e /etc/ssl/certs/ca-bundle.crt ]; then # Old NixOS
|
|
export NIX_SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt
|
|
elif [ -e /etc/pki/tls/certs/ca-bundle.crt ]; then # Fedora, CentOS
|
|
export NIX_SSL_CERT_FILE=/etc/pki/tls/certs/ca-bundle.crt
|
|
else
|
|
# Fall back to what is in the nix profiles, favouring whatever is defined last.
|
|
for i in $NIX_PROFILES; do
|
|
if [ -e $i/etc/ssl/certs/ca-bundle.crt ]; then
|
|
export NIX_SSL_CERT_FILE=$i/etc/ssl/certs/ca-bundle.crt
|
|
fi
|
|
done
|
|
fi
|
|
|
|
export NIX_PATH="nixpkgs=@localstatedir@/nix/profiles/per-user/root/channels/nixpkgs:@localstatedir@/nix/profiles/per-user/root/channels"
|
|
export PATH="$HOME/.nix-profile/bin:@localstatedir@/nix/profiles/default/bin:$PATH"
|