`SSH_AUTH_SOCK` is exported in shells only, which systemd does not
inherit from. With this commit, it is also set in systemd such that
systemd-managed applications can access the SSH agent by declaring
dependencies onto 'sshAuthSock.systemd.socketProviderUnit'.
Closes#7971.
Preserve shell-variable paths for programs.zsh.oh-my-zsh.custom while
still escaping values for a double-quoted shell assignment.
This restores runtime expansion for values like $HOME/extra/zsh, which
otherwise became a literal path after the previous escapeShellArg
change.
Allow Lua configs to be split across managed files under XDG_CONFIG_HOME/hypr.
Treat extraLuaFiles attribute names as Lua module names, so dotted names such as lib.helpers write lib/helpers.lua while autoloading with require("lib.helpers").
Add assertions for invalid configType usage, generated hyprland.lua collisions, and duplicate resolved Lua file targets.
The option appended directories to fpath, but fpath is zsh's lookup path for all autoloadable functions, not just completion functions.
Rename the option to functions with mkRenamedOptionModule so existing completions users are migrated through the standard Home Manager deprecation path.
Link: https://github.com/nix-community/home-manager/discussions/8701#discussioncomment-16966141
The zsh value renderer emits strings in double quotes so session variables can still expand references such as $HOME. Embedded quotes, backslashes, and backticks were not escaped, which could corrupt generated zsh code or trigger command substitution.
Escape those double-quote-sensitive characters while preserving dollar expansion for existing session-variable semantics.
Named directory hash values are rendered into zsh code. Interpolating them inside double quotes is not enough for values containing quotes, glob syntax, or other shell metacharacters.
Render both the hash name and target with shell escaping so dirHashes entries are emitted as literal zsh arguments.
Zsh cdpath is an array. Rendering entries by joining on spaces breaks paths containing spaces, glob characters, or other shell syntax.
Use the shared shell array formatter so each configured cdpath entry is emitted as a quoted array element.
Nixpkgs zsh plugin packages often install functions and completions below share/zsh/plugins/<name>, share/zsh/site-functions, or share/zsh/vendor-completions rather than at the package root.
Keep the existing root path and fpath entries, but add those standard subdirectories to fpath when present so plugin-provided functions and completions are discoverable without extra per-plugin configuration.
Link: https://github.com/nix-community/home-manager/discussions/8701#discussioncomment-16966141
Zsh reads .zshenv before system login startup files. On NixOS and macOS those later files can replace or reorder PATH, so home.sessionPath entries loaded from .zshenv may disappear or move behind system paths.
Keep .zshenv coverage for non-login shells, but source Home Manager session variables from .zprofile for login shells so PATH-like values are applied after system login setup.
Fixes#2991
On Darwin, `services.podman` mounts `~/.config/containers` into the Fedora CoreOS VM, but this did not work correctly for two reasons:
* `xdg.configFile` creates symlinks into `/nix/store`, which are broken inside the guest.
* The mount target `~/\.config/containers` is not canonical on Fedora CoreOS, so Podman rejects it.
To fix this, we now:
* materialize the generated Podman config files as real files with `runCommand`
* sync them into `~/.config/containers` during activation, between `linkGeneration` and `podmanMachines`
* use the canonical guest path `/var/home/<user>/.config/containers`
Because adding the config directory to the volume mounts overrides the defaults, we also restore the default Podman volumes as the defaults for the `machines.<machine>.volumes` attribute while still allowing full overrides.
This change does not affect Linux: `xdg.configFile` still produces store symlinks there.
Closes#9327.
The mount user-service set Environment=PATH=/run/wrappers/bin, which is
a NixOS-only directory. On standalone home-manager hosts running other
Linux distros the directory does not exist, and because Environment=PATH=
replaces systemd's inherited PATH, the resulting unit has no usable PATH
at all.
libfuse falls back to a hardcoded /usr/bin/fusermount3 lookup so the
helper still executes, but the eventual mount(2) syscall returns EPERM,
likely because libfuse's internal system()/popen() invocations into
mount.fuse3 fail without /bin/sh and friends on PATH. Empirically, the
EPERM goes away the moment PATH is widened to include standard Linux
locations.
Enumerate /run/wrappers/bin and /run/current-system/sw/bin alongside the
usual /usr/{local/,}{s,}bin and /{s,}bin entries. Path search order is
preserved, so the NixOS wrappers still win where they exist, and
fusermount/fusermount3 is found at /usr/bin on Ubuntu/Debian/Fedora and
similar distros.
The RFC 42 settings option derives the Host/Match line from the
attribute name. That makes it impossible to express headers that carry
Nix string context (e.g. Match exec referring to a store path), and
forces long computed patterns into attribute names where a stable
logical name would be nicer for dag ordering.
Add an explicit `header` option on each block that defaults to the
attribute name (with the existing Host/Match prefix detection), and
have the legacy matchBlocks shim populate it instead of the
__hmSshBlockHeader internal.
This allows the git config to be used by programs that have git
installed natively and where other programs access git but don't have
the nix path available, so cannot access git-lfs.
Syncthing still supports existing Linux installations that keep config.xml under XDG_CONFIG_HOME/syncthing. Resolve the runtime directory from the generated scripts so Home Manager waits on and copies keys into the existing legacy directory when no state-dir config exists.
Fixes#6933
Use the standalone User Themes extension package when enabling GNOME Shell theme support instead of installing the full gnome-shell-extensions package.
Closes#9171
Add programs.ssh.settings as a freeform DAG for OpenSSH client configuration blocks. Render Host and Match blocks directly from the new settings option while preserving ordering support.
Render known ssh_config comma-list directives from Nix lists as single comma-separated lines and known space-list directives as single whitespace-separated lines. This keeps directives like KexAlgorithms, Ciphers, MACs, HostKeyAlgorithms, ProxyJump, SendEnv, GlobalKnownHostsFile, and PermitRemoteOpen from being emitted as duplicate directives where OpenSSH may only use the first value.
Migrate legacy matchBlocks into settings, keep root SSH option redirects pointed at the new option names, and hide the deprecated matchBlocks option from generated docs.
Update SSH tests, docs references, and news coverage for the new option.
Adds Home Manager module for ec, a 3-way terminal native Git merge conflict resolver.
The module supports:
- Git integration by configuring ec as a mergetool.
Add an option to order Walker's user service after elephant.service and add a systemd Requires= dependency when enabled.
The option defaults to services.elephant.enable, so Home Manager-managed Elephant setups work automatically while users can still enable the dependency for an externally managed elephant.service.
