Decrypt and mount second HDD without sudo

jwvdveen · February 24, 2025, 6:24am

This is enabled bij default when using services.xserver.desktopManager.xfce.enable = true;

Nebucatnetzer · February 24, 2025, 7:42am

Not that I know and I don’t have the full Gnome desktop installed only parts of it.
My WM is Qtile.

Edit I can try if it works with Thunar when I’m back home.

Nebucatnetzer · February 24, 2025, 11:57am

Worked with Thunar as well.
I found services.udisks2.enable in my config.
Maybe that is what allows unlocking the drives?

jwvdveen · February 24, 2025, 1:32pm

I thougt so, but it is already enabled by default.

Nebucatnetzer · February 24, 2025, 8:05pm

Ah shit sorry for the duplicate

jwvdveen · February 24, 2025, 9:19pm

Nevermind, thanks for helping anyway

Perhaps you can share your configuration.nix? If I can create a similar working setup, then I can look for possible differences with my desired setup.

Nebucatnetzer · February 25, 2025, 6:08am

Sure but it won’t be that easy to look through.
My config lives here: GitHub - Nebucatnetzer/nixos

Maybe the relevant part lives here: nixos/modules/profiles/desktop/default.nix at master · Nebucatnetzer/nixos · GitHub

Or here: nixos/modules/services/tiling-wm-base/default.nix at master · Nebucatnetzer/nixos · GitHub

Or somewhere else🤪.

jwvdveen · March 7, 2025, 8:40am

Well, I’ve finally figured it out

Yesterday I started looking at the configuration of @Nebucatnetzer and applied it to a VM NixOS with a similar setup as my laptop. Nothing worked. Then I tried to do the same in my Kali Linux VM, and supprisingly it worked by only adding the polkit rules.

So whats the difference? Well, evenrything between the '' <polkit rule> '' is added to the polkit configuration, including the comment # <comment>. However, when searching for polkit rules, a comment has to be formatted lik this: /* <comment */. After changing that, I did not have to enter my account password anymore when unlocking the second disk, only the passphrase.

So, instead of doing this:

security.polkit.extraConfig = ''
    # Allow udisks2 to mount devices without authentication
    # for users in the "wheel" group.
    ...SNIP...
  '';

You have to do this:

security.polkit.extraConfig = ''
    /* Allow udisks2 to mount devices without authentication  for users in the "wheel" group. */
    ...SNIP...
'';

Or you can do this:

# Allow udisks2 to mount devices without authentication
# for users in the "wheel" group.
security.polkit.extraConfig = ''
    ...SNIP...
'';

Thanks all for helping me out!