From af072cfb5514daf30ff0a98e0224991e712540d1 Mon Sep 17 00:00:00 2001 From: Mynacol Date: Sat, 22 Jun 2024 15:56:27 +0200 Subject: [PATCH] nixos/nextcloud: Remove --preserve-env in sudo This helps supporting sudo-rs, which currently does not implement the --preserve-env flag and probably won't so in the foreseeable future [1]. The replacement just sets both environment variables behind the sudo invocation with env, as sudo-rs also doesn't implement env var lists. The OC_PASS variable is dropped, as it is seemingly unused and would leak through this approach through /proc. [1] https://github.com/memorysafety/sudo-rs/issues/129 --- nixos/modules/services/web-apps/nextcloud.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nixos/modules/services/web-apps/nextcloud.nix b/nixos/modules/services/web-apps/nextcloud.nix index bfb3e73e6510..c8c4fe4b4d61 100644 --- a/nixos/modules/services/web-apps/nextcloud.nix +++ b/nixos/modules/services/web-apps/nextcloud.nix @@ -91,10 +91,10 @@ let cd ${webroot} sudo=exec if [[ "$USER" != nextcloud ]]; then - sudo='exec /run/wrappers/bin/sudo -u nextcloud --preserve-env=NEXTCLOUD_CONFIG_DIR --preserve-env=OC_PASS' + sudo='exec /run/wrappers/bin/sudo -u nextcloud' fi - export NEXTCLOUD_CONFIG_DIR="${datadir}/config" - $sudo \ + $sudo ${pkgs.coreutils}/bin/env \ + NEXTCLOUD_CONFIG_DIR="${datadir}/config" \ ${phpCli} \ occ "$@" '';