faukah/nichts
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

security: switch to gnome-keyring instead of kwallet.

Browse source 
gnome-keyring seems to be more reliable in the long term
I only have to force disable gcr, which it ships with it.
This commit is contained in:
Bloxx12 2025-07-25 16:55:16 +02:00
commit d3d08aa4af
1 changed files with 22 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

39
modules/system/os/security/security.mod.nix
View file

@ -1,4 +1,7 @@
{ pkgs, ... }:
{ lib, pkgs, ... }:
let
inherit (lib.modules) mkForce;
in
{
security = {
# Enable Soteria, a GTK-based Polkit authentication agent.
@ -9,23 +12,25 @@
packages = [ pkgs.apparmor-profiles ];
};
pam.services = {
login.kwallet = {
enable = true;
# package = pkgs.kdePackages.kwallet-pam;
};
niri = {
allowNullPassword = true;
kwallet = {
enable = true;
package = pkgs.kdePackages.kwallet-pam;
};
};
pam.services.login.enableGnomeKeyring = true;
wrappers.gnome-keyring-daemon = {
owner = "root";
group = "root";
capabilities = "cap_ipc_lock=ep";
source = "${pkgs.gnome-keyring}/bin/gnome-keyring-daemon";
};
};
environment.systemPackages = with pkgs.kdePackages; [
kwallet # provides helper service
kwallet-pam # provides helper service
kwalletmanager # provides KCMs and stuff
services = {
dbus.packages = [
pkgs.gnome-keyring
];
gnome.gcr-ssh-agent.enable = mkForce false;
};
xdg.portal.extraPortals = [
pkgs.gnome-keyring
];
environment.systemPackages = [
pkgs.gnome-keyring
];
}