mirror of
https://github.com/LnL7/nix-darwin.git
synced 2025-03-06 00:37:00 +00:00
4bff4bc8ae
This ensures that system activation does not depend on various
details of its process environment, ensuring uniformity across various
invocation contexts and with the `activate-system` daemon. This becomes
more important in a post‐user‐activation world to avoid problematic
dependencies like `$SUDO_USER`, but is a good idea in general.
The `sudoers(5)` defaults on my Sequoia system are:
Defaults env_reset
Defaults env_keep += "BLOCKSIZE"
Defaults env_keep += "COLORFGBG COLORTERM"
Defaults env_keep += "__CF_USER_TEXT_ENCODING"
Defaults env_keep += "CHARSET LANG LANGUAGE LC_ALL LC_COLLATE LC_CTYPE"
Defaults env_keep += "LC_MESSAGES LC_MONETARY LC_NUMERIC LC_TIME"
Defaults env_keep += "LINES COLUMNS"
Defaults env_keep += "LSCOLORS"
Defaults env_keep += "SSH_AUTH_SOCK"
Defaults env_keep += "TZ"
Defaults env_keep += "DISPLAY XAUTHORIZATION XAUTHORITY"
Defaults env_keep += "EDITOR VISUAL"
Defaults env_keep += "HOME MAIL"
Of these preserved environment variables, the ones that are set in
practice when I run `sudo env` that aren’t set in the activation
script here are:
* `$COLORTERM`
* `$DISPLAY`
* `$EDITOR`
* `$MAIL`
* `$SSH_AUTH_SOCK`
* `$TERM`
* `$__CF_USER_TEXT_ENCODING`
Most of these seem either pointless or actively harmful to set for
the purpose of the system activation script.
This will mean that tools run during activation won’t print output
in the user’s preferred language, but that’s probably the right
trade‐off overall, as that is likely to break activation scripts
that parse command output anyway.
|
||
|---|---|---|
| .. | ||
| activate-system | ||
| aerospace | ||
| github-runner | ||
| hercules-ci-agent | ||
| jankyborders | ||
| karabiner-elements | ||
| khd | ||
| kwm | ||
| monitoring | ||
| nextdns | ||
| nix-gc | ||
| nix-optimise | ||
| ofborg | ||
| postgresql | ||
| privoxy | ||
| redis | ||
| sketchybar | ||
| skhd | ||
| spacebar | ||
| synergy | ||
| yabai | ||
| autossh.nix | ||
| buildkite-agents.nix | ||
| cachix-agent.nix | ||
| chunkwm.nix | ||
| dnsmasq.nix | ||
| emacs.nix | ||
| eternal-terminal.nix | ||
| gitlab-runner.nix | ||
| ipfs.nix | ||
| lorri.nix | ||
| mopidy.nix | ||
| netbird.nix | ||
| nix-daemon.nix | ||
| openssh.nix | ||
| spotifyd.nix | ||
| synapse-bt.nix | ||
| tailscale.nix | ||
| trezord.nix | ||
| wg-quick.nix | ||