nixos/nextcloud: Remove --preserve-env in sudo

This helps supporting sudo-rs, which currently does not implement the
--preserve-env flag and probably won't so in the foreseeable future [1].

The replacement just sets both environment variables behind the sudo
invocation with env, as sudo-rs also doesn't implement env var lists.

The OC_PASS variable is dropped, as it is seemingly unused and would
leak through this approach through /proc.

[1] trifectatechfoundation/sudo-rs#129

Author: Mynacol

nixos/modules/services/web-apps/nextcloud.nix

@@ -91,10 +91,10 @@ let
     cd ${webroot}
     sudo=exec
     if [[ "$USER" != nextcloud ]]; then
-      sudo='exec /run/wrappers/bin/sudo -u nextcloud --preserve-env=NEXTCLOUD_CONFIG_DIR --preserve-env=OC_PASS'
+      sudo='exec /run/wrappers/bin/sudo -u nextcloud'
     fi
-    export NEXTCLOUD_CONFIG_DIR="${datadir}/config"
-    $sudo \
+    $sudo ${pkgs.coreutils}/bin/env \
+      NEXTCLOUD_CONFIG_DIR="${datadir}/config" \
       ${phpCli} \
       occ "$@"
   '';