Bloxx12
d3d08aa4af
gnome-keyring seems to be more reliable in the long term I only have to force disable gcr, which it ships with it.
36 lines
791 B
Nix
36 lines
791 B
Nix
{ lib, pkgs, ... }:
|
|
let
|
|
inherit (lib.modules) mkForce;
|
|
in
|
|
{
|
|
security = {
|
|
# Enable Soteria, a GTK-based Polkit authentication agent.
|
|
soteria.enable = true;
|
|
apparmor = {
|
|
enable = true;
|
|
killUnconfinedConfinables = true;
|
|
packages = [ pkgs.apparmor-profiles ];
|
|
};
|
|
|
|
pam.services.login.enableGnomeKeyring = true;
|
|
|
|
wrappers.gnome-keyring-daemon = {
|
|
owner = "root";
|
|
group = "root";
|
|
capabilities = "cap_ipc_lock=ep";
|
|
source = "${pkgs.gnome-keyring}/bin/gnome-keyring-daemon";
|
|
};
|
|
};
|
|
services = {
|
|
dbus.packages = [
|
|
pkgs.gnome-keyring
|
|
];
|
|
gnome.gcr-ssh-agent.enable = mkForce false;
|
|
};
|
|
xdg.portal.extraPortals = [
|
|
pkgs.gnome-keyring
|
|
];
|
|
environment.systemPackages = [
|
|
pkgs.gnome-keyring
|
|
];
|
|
}
|