Auto-Unlock kwallet with greetd login-manager

Hi there,
I am currently trying to migrate from sddm to greetd (either regreet or qtgreed).

I have set

  services.xserevr.desktopManager.plasma5.enable = true;
  programs.regreet.enable = true;
  services.xserver.displayManager.sddm.enable = false;

in my system config. Enabling plasma5 also does set security.pam.services.login.enableKwallet = true;
When running the session via sddm unlocking works fine.

According to the archlinux wiki at some point the PAM environment needed a force_run which is needed by kwallet pam if not running in a graphical session (so e.G if XDG_SESSION_TYPE is not set)

On my session XDG_SESSION_TYPE is set to wayland, and the error message “%s: not a graphical session, skipping. Use force_run parameter to ignore this.” does not appear so i assume that i dont need that force_run any longer.

Tho i am getting the following warning when an application acces the kwallet.

Jun 16 19:54:35 pointalpha org.kde.kwalletd5[6944]: Application ' "Nextcloud" ' using kwallet without parent window!

It seems for me that this is the first application accessing kwallet (locked) and the warning does come from here.

So it seems for me that the unlocking failed or wasnt even tried.
The user service for PAM kwallet itself does print the following which is the same output when running on sddm

- Boot edc3caccb5aa40e89a9b5e027638a2c2 --
Jun 16 19:54:33 pointalpha systemd[4384]: Started Unlock kwallet from pam credentials.

This is the journal of the system grabbed for PAM/kwallet

❯ journalctl -b | egrep -i "kwallet|pam"
Jun 16 19:53:15 localhost systemd[1]: systemd 253.3 running in system mode (-PAM -AUDIT -SELINUX -APPARMOR +IMA +SMACK +SECCOMP -GCRYPT -GNUTLS +OPENSSL +ACL +BLKID -CURL -ELFUTILS +FIDO2 -IDN2 -IDN -IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK -PCRE2 -PWQUALITY +P11KIT -QRENCODE +TPM2 -BZIP2 -LZ4 -XZ -ZLIB -ZSTD -BPF_FRAMEWORK -XKBCOMMON +UTMP -SYSVINIT default-hierarchy=unified)
Jun 16 19:53:19 localhost initrd-nixos-activation-start[817]: removing obsolete symlink ‘/etc/pam.d/sddm’...
Jun 16 19:53:19 localhost initrd-nixos-activation-start[817]: removing obsolete symlink ‘/etc/pam.d/sddm-autologin’...
Jun 16 19:53:19 localhost initrd-nixos-activation-start[817]: removing obsolete symlink ‘/etc/pam.d/sddm-greeter’...
Jun 16 19:53:20 pointalpha systemd[1]: systemd 253.3 running in system mode (+PAM +AUDIT -SELINUX +APPARMOR +IMA +SMACK +SECCOMP +GCRYPT -GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN +IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 -PWQUALITY +P11KIT -QRENCODE +TPM2 +BZIP2 +LZ4 +XZ +ZLIB +ZSTD +BPF_FRAMEWORK -XKBCOMMON +UTMP -SYSVINIT default-hierarchy=unified)
Jun 16 19:53:27 pointalpha greetd[2414]: pam_unix(greetd:session): session opened for user greeter(uid=990) by (uid=0)
Jun 16 19:53:27 pointalpha (systemd)[2472]: pam_unix(systemd-user:session): session opened for user greeter(uid=990) by (uid=0)
Jun 16 19:53:30 pointalpha wireplumber[3496]: [0:00:15.807100655] [3496]  INFO IPAManager ipa_manager.cpp:143 libcamera is not installed. Adding '/nix/store/src/ipa' to the IPA search path
Jun 16 19:54:30 pointalpha greetd[2414]: pam_unix(greetd:session): session closed for user greeter
Jun 16 19:54:30 pointalpha greetd[4350]: pam_unix(greetd:session): session opened for user shawn(uid=1000) by (uid=0)
Jun 16 19:54:30 pointalpha (systemd)[4384]: pam_unix(systemd-user:session): session opened for user shawn(uid=1000) by (uid=0)
Jun 16 19:54:33 pointalpha systemd[4384]: Started Unlock kwallet from pam credentials.
Jun 16 19:54:34 pointalpha wireplumber[6148]: [0:01:18.770689552] [6148]  INFO IPAManager ipa_manager.cpp:143 libcamera is not installed. Adding '/nix/store/src/ipa' to the IPA search path
Jun 16 19:54:35 pointalpha dbus-daemon[4623]: [session uid=1000 pid=4623] Activating service name='org.kde.kwalletd5' requested by ':1.11' (uid=1000 pid=4986 comm="/nix/store/aay7f1s5j0dyhpkb6x0f5cc356wvkwng-nextcl" label="kernel")
Jun 16 19:54:35 pointalpha dbus-daemon[4623]: [session uid=1000 pid=4623] Successfully activated service 'org.kde.kwalletd5'
Jun 16 19:54:35 pointalpha org.kde.kwalletd5[6944]: Application ' "Nextcloud" ' using kwallet without parent window!
Jun 16 19:54:40 pointalpha (sd-pam)[2473]: pam_unix(systemd-user:session): session closed for user greeter
Jun 16 19:55:03 pointalpha Discord[6282]: [6282:0616/195503.212028:ERROR:object_proxy.cc(623)] Failed to call method: org.kde.KWallet.open: object_path= /modules/kwalletd5: org.freedesktop.DBus.Error.NoReply: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.
Jun 16 19:55:03 pointalpha Discord[6282]: [6282:0616/195503.212052:ERROR:kwallet_dbus.cc(147)] Error contacting kwalletd5 (open)

I am not having any clue where to continue investigation.
The discord message seems to be suspiscous but kwallet itself does work after unlocking.

So does someone have any hint or have a setup working with kwallet an a greetd based login?

For completeness here is my system config:

The host is pointalpha.

Thank you in advance for every input :slight_smile: