Hi there, how can I automatically unlock kwallet at start up?
It kept asking for password at start up and I would like it to automatically unlock.
Thank you.
I use something like that in my configuration.nix
security = {
# If enabled, pam_wallet will attempt to automatically unlock the user’s default KDE wallet upon login.
# If the user has no wallet named “kdewallet”, or the login password does not match their wallet password,
# KDE will prompt separately after login.
pam = {
services = {
${userSettings.username} = {
kwallet = {
enable = true;
package = pkgs.kdePackages.kwallet-pam;
};
};
};
};
};
error:
… while evaluating the attribute ‘config.system.build.toplevel’
at /nix/var/nix/profiles/per-user/root/channels/nixos/lib/modules.nix:1:12284:
… while calling the ‘seq’ builtin
at /nix/var/nix/profiles/per-user/root/channels/nixos/lib/modules.nix:1:12293:
(stack trace truncated; use ‘–show-trace’ to show the full, detailed trace)error: undefined variable 'userSettings' at /etc/nixos/configuration.nix:94:7: 93| security.pam.services = { 94| ${userSettings.username} = { | ^ 95| kwallet = {
I’m sorry I just pasted a chunk of my config. In this place you have to put your user name.
I mean instead ${userSettings.username} print "your_user_name"
Read more here.
P.S. For more understanding read this article from ArchWiki but keep in mind it’s ArchLinux not NixOs.
On my system I get
journalctl --user-unit=plasma-kwallet-pam.service
> systemd[2870]: Started Unlock kwallet from pam credentials.
> pam_kwallet_init[3169]: 2025/05/27 22:13:05 socat[3169] W address is opened in read-write mode but only supports read-only
is there some more configuration needed?
1 Like
An easy way is to just set the password for the kwallet to nothing. Like literally. You go into the password setting prompt and do not type in anything. Then set, it will not prompt it anymore.
What is the security risk when doing so?
Why is the user password set but not accepted?
I got this:
💀 journalctl --user-unit=plasma-kwallet-pam.service
sep 08 21:41:32 nixos systemd[1363]: Started Unlock kwallet from pam credentials.
sep 08 21:41:32 nixos pam_kwallet_init[1589]: 2025/09/08 21:41:32 socat[1589] W address is opened in read-write mode but only supports read-only
-- Boot 15d4e2bbf4954a92b2eb6d7c7a1c2adb --
sep 08 21:56:30 nixos systemd[1356]: Started Unlock kwallet from pam credentials.
sep 08 21:56:30 nixos pam_kwallet_init[1560]: 2025/09/08 21:56:30 socat[1560] W address is opened in read-write mode but only supports read-only
-- Boot 2b4c7bcd47e04485bb6c1e9add16ccb3 --
sep 08 22:24:23 nixos systemd[1413]: Started Unlock kwallet from pam credentials.
sep 08 22:24:23 nixos pam_kwallet_init[1640]: 2025/09/08 22:24:23 socat[1640] W address is opened in read-write mode but only supports read-only
-- Boot 4bf382196cfd4265a0bc76379aec1353 --
sep 08 23:00:59 nixos systemd[1357]: Started Unlock kwallet from pam credentials.
sep 08 23:00:59 nixos pam_kwallet_init[1574]: 2025/09/08 23:00:59 socat[1574] W address is opened in read-write mode but only supports read-only
-- Boot fb5c9785bb3e4a47b993e9a0af668485 --
sep 08 23:11:45 woody systemd[2777]: Started Unlock kwallet from pam credentials.
sep 08 23:11:45 woody pam_kwallet_init[3099]: 2025/09/08 23:11:45 socat[3099] W address is opened in read-write mode but only supports read-only
-- Boot 8972b9bc2b814419ab1c145cb1ec8982 --
sep 09 12:08:09 woody systemd[4933]: Started Unlock kwallet from pam credentials.
sep 09 12:08:09 woody pam_kwallet_init[5162]: 2025/09/09 12:08:09 socat[5162] W address is opened in read-write mode but only supports read-only
I’ve been running hyprland since sept 9 lol. Hopefully How to automatically unlock kwallet at start up? - #2 by dmitry.b will fix it.
EDIT: it did not change anything