From 28e00b68fdeef8eec655e363029c54b7c7218fc7 Mon Sep 17 00:00:00 2001
From: Robert Helgesson <robert@rycee.net>
Date: Mon, 11 Dec 2017 17:03:34 +0100
Subject: [PATCH] home-environment: optionally empty PATH in activation

This adds the option `home.emptyActivationPath` that, when enabled,
will cause the activation script to ignore the calling user's `PATH`.
The option is disabled by default to match current behavior but the
intent is to change this in the future to reduce risk of accidental
dependencies of the environment.
---
 modules/home-environment.nix | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/modules/home-environment.nix b/modules/home-environment.nix
index 323294a37..8ed7662c9 100644
--- a/modules/home-environment.nix
+++ b/modules/home-environment.nix
@@ -169,6 +169,17 @@ in
       description = "The derivation installing the user packages.";
     };
 
+    home.emptyActivationPath = mkOption {
+      internal = true;
+      default = false;
+      type = types.bool;
+      description = ''
+        Whether the activation script should start with an empty
+        <envvar>PATH</envvar> variable. When <literal>false</literal>
+        then the user's <envvar>PATH</envvar> will be used.
+      '';
+    };
+
     home.activation = mkOption {
       internal = true;
       default = {};
@@ -263,7 +274,8 @@ in
           pkgs.gnused
           pkgs.ncurses          # For `tput`.
           pkgs.nix
-        ];
+        ]
+        + optionalString (!cfg.emptyActivationPath) "\${PATH:+:}$PATH";
 
         activationScript = pkgs.writeScript "activation-script" ''
           #!${pkgs.stdenv.shell}
@@ -271,7 +283,7 @@ in
           set -eu
           set -o pipefail
 
-          export PATH="${activationBinPaths}:$PATH"
+          export PATH="${activationBinPaths}"
 
           . ${./lib-bash/color-echo.sh}