Hello there
I used to use GDM as my display manager, but I have had some issues with it, which is why I decided to try to switch go greetd, however I cannot for the life of me, figure out how I can make it auto unlock the gnome-keyring using the LUKS password used for disk decryption when logging in automatically. I had it working using GDM by creating a gdm-autologin
file I will include the working configuration for GDM at the end. What I have in my new config so far is the following
{ pkgs, lib, config, ... }:
let
tuigreet = "${pkgs.greetd.tuigreet}/bin/tuigreet";
session = "${pkgs.hyprland}/bin/Hyprland";
username = "wooptidoo";
in
{
options = {
desktop.enable = lib.mkEnableOption "enables libraries needed for desktop";
};
config = lib.mkIf config.desktop.enable {
environment.systemPackages = with pkgs; [
greetd.tuigreet
libsecret
];
services.xserver.enable = true;
# Screensharing and stuff + portal for gnome-keyring
xdg.portal = {
enable = true;
wlr.enable = true;
extraPortals = with pkgs; [
xdg-desktop-portal-gtk
xdg-desktop-portal-hyprland
];
};
# Enable WM and DM
programs.hyprland.enable = true;
services.xserver.desktopManager.gnome.enable = false;
services.xserver.excludePackages = [ pkgs.xterm ];
services.gnome.core-utilities.enable = false;
services.gnome.rygel.enable = false;
services.gnome.gnome-keyring.enable = true;
services.dbus.packages = [ pkgs.gnome.seahorse ];
boot.initrd.systemd.enable = true;
security.pam.services.greetd = {
enableGnomeKeyring = true;
};
services.greetd = {
enable = true;
settings = {
initial_session = {
command = "${session}";
user = "${username}";
};
default_session = {
command = "${tuigreet} --greeting 'Authorization required...' --asterisks --remember --remember-user-session --time --cmd ${session}";
user = "greeter";
};
};
};
};
}
Everything except the automatic unlocking of the gnome-keyring works perfectly. If I don’t set the initial_session
, and log in manually after disk decryption, the keyring is unlocked when entering Hyprland as I would expect.
As stated earlier I had this working with GDM, and I want to only enter my password once on boot, and preferably when decrypting my disk. Here is the config I used for GDM for anyone interested:
{ pkgs, lib, config, ... }:
{
options = {
desktop.enable = lib.mkEnableOption "enables libraries needed for desktop";
};
config = lib.mkIf config.desktop.enable {
environment.systemPackages = with pkgs; [
libsecret
];
services.xserver.enable = true;
xdg.portal = {
enable = true;
wlr.enable = true;
extraPortals = with pkgs; [
xdg-desktop-portal-gtk
xdg-desktop-portal-hyprland
];
};
# Enable WM and DM
programs.hyprland.enable = true;
services.xserver.desktopManager.gnome.enable = false;
services.xserver.excludePackages = [ pkgs.xterm ];
services.gnome.core-utilities.enable = false;
services.gnome.rygel.enable = false;
services.xserver.displayManager.gdm.enable = true;
services.displayManager.autoLogin.enable = true;
services.displayManager.autoLogin.user = "wooptidoo";
services.gnome.gnome-keyring.enable = true;
services.dbus.packages = [ pkgs.gnome.seahorse ];
# Use the decryption passphrase to also unlock the gnome-keyring
boot.initrd.systemd.enable = true;
security.pam.services = {
gdm-autologin.text = ''
auth requisite pam_nologin.so
auth required pam_succeed_if.so uid >= 1000 quiet
auth optional ${pkgs.gnome.gdm}/lib/security/pam_gdm.so
auth optional ${pkgs.gnome.gnome-keyring}/lib/security/pam_gnome_keyring.so
auth required pam_permit.so
account sufficient pam_unix.so
password requisite pam_unix.so nullok yescrypt
session optional pam_keyinit.so revoke
session include login
'';
};
};
}
I hope someone has some experience that can help me forward.
Best regards
Andreas Voss