Polkit is not working anymore

{ config, pkgs, ... }:

{
  imports =
    [
      ./hardware-configuration.nix
      ./unstable.nix
#     ./mount-partitions.nix
    ];
  
  # Kernel 
  #boot.kernelModules = [ "kvm-amd" "amd_iommu=on" ];
  #boot.extraModprobeConfig = "options kvm_amd nested=1";

  # Microcode
  hardware.cpu.amd.updateMicrocode = true;

  # Use the systemd-boot EFI boot loader.
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;
  
  # System Hostname
  networking.hostName = "nix-os";

  # Set your time zone.
  time.timeZone = "Asia/Dhaka";

  # Select internationalisation properties.
  i18n.defaultLocale = "en_US.UTF-8";
  #  i18n.extraLocaleSettings = {
  #    LC_ADDRESS = "en_US.UTF-8";
  #    LC_IDENTIFICATION = "en_US.UTF-8";
  #    LC_MEASUREMENT = "en_US.UTF-8";
  #    LC_MONETARY = "en_US.UTF-8";
  #    LC_NAME = "en_US.UTF-8";
  #    LC_NUMERIC = "en_US.UTF-8";
  #    LC_PAPER = "en_US.UTF-8";
  #    LC_TELEPHONE = "en_US.UTF-8";
  #    LC_TIME = "en_US.UTF-8";
  # };

  # Define a user account.
  users.users.random = {
    isNormalUser = true;
    extraGroups = [ "wheel" "video" "input" "audio" "storage" ];
  };
  
  # Allow Unfree Packages.
  nixpkgs.config.allowUnfree = true;

  # List packages installed in system profile.
  environment.systemPackages = with pkgs; [
    
     # Packages for neovim / astrovim  
     pkgs.lazygit
     pkgs.git
     pkgs.bottom
     pkgs.ripgrep
     pkgs.gdu
     pkgs.python3
     pkgs.nodejs
     pkgs.gnumake
     pkgs.gcc
     pkgs.cinnamon.nemo
     pkgs.cinnamon.nemo-fileroller
     pkgs.w3m
     pkgs.xdg-user-dirs
     pkgs.wpaperd
     pkgs.kitty
     pkgs.rofi
     # pkgs.pavucontrol
     pkgs.btop
     pkgs.mako
     pkgs.libnotify
     pkgs.wl-clipboard
     pkgs.wlroots
     pkgs.slurp
     pkgs.hyprpicker
     pkgs.swaylock-effects
     pkgs.mpv
     pkgs.ffmpeg
     pkgs.grim
     pkgs.discord
     pkgs.trashy
     pkgs.viewnior
     pkgs.lsd
     pkgs.unzip
     pkgs.ventoy
     pkgs.motrix
     pkgs.betterdiscordctl
     pkgs.bashmount
     pkgs.obs-studio
     # pkgs.linux-wifi-hotspot
     pkgs.distrobox
     pkgs.gparted
     pkgs.polkit_gnome
     # Docker packages
     pkgs.docker-compose
   ];
   
  # Fonts for NIX-OS.
   fonts.fonts = with pkgs; [
     noto-fonts
     noto-fonts-cjk
     noto-fonts-emoji
   ];
  
  # Display Manager.
   services.xserver.enable = true;
   services.xserver.displayManager.gdm = {
     enable = true;
    };

  # AutoLogin.
   services.xserver.displayManager = {
     autoLogin.enable = true;
     autoLogin.user = "random";
   };

  # Zram.
  zramSwap.enable = true;
  zramSwap.algorithm = "zstd";

  # Hyprland.
  programs = {
    waybar.enable = true;
      hyprland = {
        enable = true;
        xwayland.enable = true;
      };
    };

  # XDG Portal.
  xdg = {
    portal = {
      enable = true;
      extraPortals = with pkgs; [
        xdg-desktop-portal-hyprland
        xdg-desktop-portal-wlr
        xdg-desktop-portal-gtk
      ];
    };
  };

  # Swaylock
  security.pam.services.swaylock.text = ''
    auth include login
  '';
  
  # Dconf
  programs.dconf.enable = true;
  
  # Dbus
  services.dbus.enable = true;

  # services Accounts
  services.accounts-daemon.enable = true;

  # Gnome Polkit
  systemd = {
  user.services.polkit-gnome-authentication-agent-1 = {
    description = "polkit-gnome-authentication-agent-1";
    wantedBy = [ "graphical-session.target" ];
    wants = [ "graphical-session.target" ];
    after = [ "graphical-session.target" ];
    serviceConfig = {
        Type = "simple";
        ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1";
        Restart = "on-failure";
        RestartSec = 1;
        TimeoutStopSec = 10;
      };
    };
  }; 
  # Enable sound with pipewire.
  services.pipewire = {
    enable = true;
    pulse.enable = true;
    # wireplumber.enable = true;
  };
  
  # Neovim.
  programs.neovim = {
    enable = true;
    defaultEditor = true;
  };
  
  # ZSH with oh-my-zsh
  users.users.random = {
    shell = pkgs.zsh;
  };

  programs.zsh = {
    enable = true;
    ohMyZsh.enable = true;
    ohMyZsh.theme = "random";
    
    # Zsh Config.
    histSize = 10000;
    histFile = "$HOME/.zsh_history";

    # Plugins
    syntaxHighlighting.enable = true;
    autosuggestions.strategy = ["history" "completion" "match_prev_cmd"];
    autosuggestions.highlightStyle = "fg=cyan";
    syntaxHighlighting.highlighters = ["main" "brackets" "pattern" "cursor" "regexp" "root" "line"];
    autosuggestions.enable = true;
   
    # Build in oh-my-zsh plugins 
    ohMyZsh.plugins = ["sudo" ];
    
    # Alias
    shellAliases = {

      # LSD 
      ls = "lsd";
      ll = "lsd -l";
      
      # Useful Nix OS commands
      edit = "sudo -E nvim /etc/nixos/configuration.nix";
      edit-unstable = "sudo -E nvim /etc/nixos/unstable.nix";
      update = "sudo nix-channel --update && sudo nixos-rebuild switch && home-manager switch";

      # Trashy
      trash = "trash";
      list = "trash list";
      restore = "trash restore";
      restore-all = "trash restore --all";
      remove-all = "trash empty --all";

      # BashMount 
      bm = "bashmount"; 
    };
  };

  # Vmware
  virtualisation.vmware.host = {
    enable = true;
  };

  # Docker
  users.extraGroups.docker.members = [ "random" ];
  virtualisation.docker = {
    enable = true;
  };
  
  # Mullvad-VPN.
  services.mullvad-vpn = {
    enable = true;
    package = pkgs.mullvad-vpn;
  };

  # TeamViewer
  services.teamviewer.enable = true;

  # Firewall.
  networking.firewall.enable = true;

  # Network configuration with NEXTDNS/DNS
  networking.networkmanager.enable = true;   
  services.resolved.enable = true;
  networking.networkmanager.dns = "systemd-resolved";
  networking.firewall.checkReversePath = "loose";
  services.resolved.extraConfig = ''

    DNSOverTLS=yes
  '';
  
  # Trim For SSD, fstrim.
  services.fstrim = {
    enable = true;
    interval = "weekly";
  };

  # Fwupd # Firmware updater
  services.fwupd = {
    enable = true;
  };

  # Cpu Optimization.
  services.auto-cpufreq.enable = true;
  
  # security
  services.gnome.gnome-keyring.enable = true;
  # programs.gnupg.agent = {
  #   enable = true;
  #   enableSSHSupport = true;
  # };

  # Auto system update.
  system.autoUpgrade = {
    enable = true;
    dates = "weekly";
    operation = "switch";
  };
  
  # Optimize NIX Store.
  # nix.optimise = {
  #   automatic = true;
  # };

  # Automatic Garbage Collection.
  nix.gc = {
   automatic = true;
   dates = "weekly";
   options = "--delete-older-than 7d";
  };
  
  # NixOS system details.
  system.stateVersion = "23.05";
}

EDIT - i’ve deleted dns part because i was using nextdns, can’t sent you that IDs.

Can you enable the polkit module that @Lord-Valen mentioned?

tried both now, without it with it, and without systemd server just polkit module, non of them are worked, still getting that error and can’t launch gparted.

I am having the same issue as op. I am on the unstable channel and also running home-manager.
I currently have:

  • polkit_gnome in my system packages
  • security.polkit.enabled = true
  • security.polkit.debug = true (to see if any logs came up with journalctl, none came up)
  • the same systemd script as op from the wiki
  • security.polkit.adminIdentities set as me and wheel (default is already the wheel group, setting this did nothing)
    I can also send my configuration.nix file and home.nix file if you guys think that can help, however, I copied the polkit setup from a chris titus livestream, and his worked fine after a reboot, making me think it might be a problem with a more recent update.
1 Like

if you figure out how to fix that, then tell me okay?

Sorry I ended up being quite busy with my school semester starting. Going to set a a reminder to test this on my laptop tonight. I see you are running Hyprland, which is what my laptop uses as well. @Devy246, are you also using Hyprland, or a different window manager?

Neither the polkit module or the polkit_gnome package have received any recent updates, so I don’t know what may have caused it, but it could be related to Hyprland if the issue is only present when using it.

have you tested that and fixed?

Sorry I haven’t replied either, school started for me aswell. @quasigod yes, I am running Hyprland. I have found a “fix” to the issue, it’s more of a workaround but it works.
I decided to switch to lxqt-policykit-agent instead of polkit_gnome because I was getting random errors about missing gnome accessibility packages when running it, also lxqt-policykit is the only qt polkit that respects my gtk theme I set through home manager.
I got rid of the systemd script as I don’t think it could even work through wayland. I added the line “exec-once = /nix/store/bdkhfi122a6fx3p1ds4zc7xanjr53jb3-lxqt-policykit-1.3.0/bin/lxqt-policykit-agent”
to my hyprland.conf file. I found the path by running “fd lxqt-policykit-agent /nix/store” (requires fd package).
Polkit now starts when running gui apps, however, with gparted, after I enter my password into polkit I get the error:
"Authorization required, but no authorization protocol specified

(gpartedbin:1891) Gtk-WARNING **: cannot open display: :1
"
after which gparted crashes. As a workaround, using sudo -E gparted starts gparted with no problems. I would still like to find a fix for qparted to not crash when launched without sudo -E

I recently learned this which I think is your problem: Wayland desktops don’t start graphical-session.target when run. Instead of what you’re currently doing, you should exec-once = systemctl --user start graphical-session.target to avoid having the same problem with other units.

On my system, executing the polkit before running gparted works correctly. I realized that the problem is the polkit not starting, as @Lord-Valen said. I will have to research what service can be used to start the polkit.

I just solved this problem myself, so if you still need help or anyone else finds this thread, here is a very simple solution which worked for me in 23.11

  1. Activate the polkit module:
security.polkit.enable = true;
  1. add lxde.lxsession (LXDEs session manager) to your user/system packages.
  2. execute lxsession when starting the compositor/window manager. For hyprland, in hyprland.conf:
exec-once: lxsession

No reboot needed, just a nixos-rebuild switch and then relogin (or starting lxsession in a terminal for testing)

2 Likes

Instead of hardcoding the hash or grepping it from ls output as in the wiki, this seems to work for me:

gio launch /run/current-system/sw/etc/xdg/autostart/polkit-kde-authentication-agent-1.desktop

1 Like