mirror of
https://github.com/privatevoid-net/nix-super.git
synced 2024-11-30 09:36:15 +02:00
32a0a223d5
SSL certificate search failed to find user profile certificates.
74 lines
2.9 KiB
Bash
74 lines
2.9 KiB
Bash
# Only execute this file once per shell.
|
|
if [ -n "${__ETC_PROFILE_NIX_SOURCED:-}" ]; then return; fi
|
|
__ETC_PROFILE_NIX_SOURCED=1
|
|
|
|
# Set up secure multi-user builds: non-root users build through the
|
|
# Nix daemon.
|
|
if [ "$USER" != root -o ! -w @localstatedir@/nix/db ]; then
|
|
export NIX_REMOTE=daemon
|
|
fi
|
|
|
|
export NIX_USER_PROFILE_DIR="@localstatedir@/nix/profiles/per-user/$USER"
|
|
export NIX_PROFILES="@localstatedir@/nix/profiles/default $HOME/.nix-profile"
|
|
|
|
# Set up the per-user profile.
|
|
mkdir -m 0755 -p $NIX_USER_PROFILE_DIR
|
|
if ! test -O "$NIX_USER_PROFILE_DIR"; then
|
|
echo "WARNING: bad ownership on $NIX_USER_PROFILE_DIR" >&2
|
|
fi
|
|
|
|
if test -w $HOME; then
|
|
if ! test -L $HOME/.nix-profile; then
|
|
if test "$USER" != root; then
|
|
ln -s $NIX_USER_PROFILE_DIR/profile $HOME/.nix-profile
|
|
else
|
|
# Root installs in the system-wide profile by default.
|
|
ln -s @localstatedir@/nix/profiles/default $HOME/.nix-profile
|
|
fi
|
|
fi
|
|
|
|
# Subscribe the root user to the NixOS channel by default.
|
|
if [ "$USER" = root -a ! -e $HOME/.nix-channels ]; then
|
|
echo "https://nixos.org/channels/nixpkgs-unstable nixpkgs" > $HOME/.nix-channels
|
|
fi
|
|
|
|
# Create the per-user garbage collector roots directory.
|
|
NIX_USER_GCROOTS_DIR=@localstatedir@/nix/gcroots/per-user/$USER
|
|
mkdir -m 0755 -p $NIX_USER_GCROOTS_DIR
|
|
if ! test -O "$NIX_USER_GCROOTS_DIR"; then
|
|
echo "WARNING: bad ownership on $NIX_USER_GCROOTS_DIR" >&2
|
|
fi
|
|
|
|
# Set up a default Nix expression from which to install stuff.
|
|
if [ ! -e $HOME/.nix-defexpr -o -L $HOME/.nix-defexpr ]; then
|
|
rm -f $HOME/.nix-defexpr
|
|
mkdir -p $HOME/.nix-defexpr
|
|
if [ "$USER" != root ]; then
|
|
ln -s @localstatedir@/nix/profiles/per-user/root/channels $HOME/.nix-defexpr/channels_root
|
|
fi
|
|
fi
|
|
fi
|
|
|
|
|
|
# Set $NIX_SSL_CERT_FILE so that Nixpkgs applications like curl work.
|
|
if [ ! -z "${NIX_SSL_CERT_FILE:-}" ]; then
|
|
: # Allow users to override the NIX_SSL_CERT_FILE
|
|
elif [ -e /etc/ssl/certs/ca-certificates.crt ]; then # NixOS, Ubuntu, Debian, Gentoo, Arch
|
|
export NIX_SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
|
|
elif [ -e /etc/ssl/ca-bundle.pem ]; then # openSUSE Tumbleweed
|
|
export NIX_SSL_CERT_FILE=/etc/ssl/ca-bundle.pem
|
|
elif [ -e /etc/ssl/certs/ca-bundle.crt ]; then # Old NixOS
|
|
export NIX_SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt
|
|
elif [ -e /etc/pki/tls/certs/ca-bundle.crt ]; then # Fedora, CentOS
|
|
export NIX_SSL_CERT_FILE=/etc/pki/tls/certs/ca-bundle.crt
|
|
else
|
|
# Fall back to what is in the nix profiles, favouring whatever is defined last.
|
|
for i in $NIX_PROFILES; do
|
|
if [ -e $i/etc/ssl/certs/ca-bundle.crt ]; then
|
|
export NIX_SSL_CERT_FILE=$i/etc/ssl/certs/ca-bundle.crt
|
|
fi
|
|
done
|
|
fi
|
|
|
|
export NIX_PATH="nixpkgs=@localstatedir@/nix/profiles/per-user/root/channels/nixpkgs:@localstatedir@/nix/profiles/per-user/root/channels"
|
|
export PATH="$HOME/.nix-profile/bin:@localstatedir@/nix/profiles/default/bin:$PATH"
|