I was using Fedora previously where GNOME Keyring would be automatically unlocked if the LUKS passphrase is same as user’s login password. This is not happening with NixOS. I have following setting applied in configuration.nix
services.gnome.gnome-keyring.enable = true;
security.pam.services.gdm.enableGnomeKeyring = true;
Any way I can achieve this in NixOS?
Thanks.
This does not currently work out of the box, see Encrypted root with single password prompt - #11 by dawidd6
Thanks. I wish it would be merged soon. I hate typing my password thrice. Once for BIOS, another for LUKS and one more for GNOME.
I can see that the PR mentioned in the above thread have been merged:
What would I need to add to my configuration in order to get it to work?
AIUI you need to set security.pam.services.login.enableGnomeKeyring. To skip the user login, use services.xserver.displayManager.gdm.autoLogin.
Hmm, doesn’t seem to work:
This is what I added since it said that some of the “paths” had changed:
services.displayManager.autoLogin = {
enable = true;
user = "myuser";
};
services.gnome.gnome-keyring.enable = true;
security.pam.services.login.enableGnomeKeyring = true;
For context: dotfiles/configuration.nix at 1d564385d4f142057d40eed023f843effc650953 · morten-b/dotfiles · GitHub
@morten-b any luck getting this to work? This post has a config, but it goes to tty for me - has all the login info, but I have to type Hyprland to get it go start and it doesn’t seem to unlock my keyring.
Its been unstable, sometimes i logs in as expexted, sometimes it goes to the tty, then opening the login screen. Don’t now why, so ended up just disable autologin.
Good to hear it’s not just me. It’d be nice if this was in a wiki or if there was another confirmation/example of a working config.
I just found another config listed here: nixos/gdm: autologin unlocks keyring when possible by dawidd6 · Pull Request #282317 · NixOS/nixpkgs · GitHub
And updated the package names for NixOS 25.05, as follows:
{ config, lib, pkgs, ... }:
{
# Auto login will attempt to unlock gnome keyring using LUKS passphrase.
# See https://github.com/NixOS/nixpkgs/pull/282317
boot.initrd.systemd.enable = lib.mkForce true;
security.pam.services.gdm-autologin.text = lib.mkForce ''
auth requisite pam_nologin.so
auth required pam_succeed_if.so uid >= 1000 quiet
${lib.optionalString config.security.pam.services.login.enableGnomeKeyring ''
auth [success=ok default=1] ${pkgs.gdm}/lib/security/pam_gdm.so
auth optional ${pkgs.gnome-keyring}/lib/security/pam_gnome_keyring.so
''}
auth required pam_permit.so
account sufficient pam_unix.so
password requisite pam_unix.so nullok yescrypt
session optional pam_keyinit.so revoke
session include login
'';
}
But it’s going to a tty login where I have to enter my username, password, and launch Hyprland manually. If I add getty.autologinUser = "guttermonk"; it fills out the username and password, but I still have to launch Hyprland manually. If anyone has a working config for 25.05, please share. 