Polkit is not working anymore

random · August 29, 2023, 4:39pm

{ config, pkgs, ... }:

{
  imports =
    [
      ./hardware-configuration.nix
      ./unstable.nix
#     ./mount-partitions.nix
    ];
  
  # Kernel 
  #boot.kernelModules = [ "kvm-amd" "amd_iommu=on" ];
  #boot.extraModprobeConfig = "options kvm_amd nested=1";

  # Microcode
  hardware.cpu.amd.updateMicrocode = true;

  # Use the systemd-boot EFI boot loader.
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;
  
  # System Hostname
  networking.hostName = "nix-os";

  # Set your time zone.
  time.timeZone = "Asia/Dhaka";

  # Select internationalisation properties.
  i18n.defaultLocale = "en_US.UTF-8";
  #  i18n.extraLocaleSettings = {
  #    LC_ADDRESS = "en_US.UTF-8";
  #    LC_IDENTIFICATION = "en_US.UTF-8";
  #    LC_MEASUREMENT = "en_US.UTF-8";
  #    LC_MONETARY = "en_US.UTF-8";
  #    LC_NAME = "en_US.UTF-8";
  #    LC_NUMERIC = "en_US.UTF-8";
  #    LC_PAPER = "en_US.UTF-8";
  #    LC_TELEPHONE = "en_US.UTF-8";
  #    LC_TIME = "en_US.UTF-8";
  # };

  # Define a user account.
  users.users.random = {
    isNormalUser = true;
    extraGroups = [ "wheel" "video" "input" "audio" "storage" ];
  };
  
  # Allow Unfree Packages.
  nixpkgs.config.allowUnfree = true;

  # List packages installed in system profile.
  environment.systemPackages = with pkgs; [
    
     # Packages for neovim / astrovim  
     pkgs.lazygit
     pkgs.git
     pkgs.bottom
     pkgs.ripgrep
     pkgs.gdu
     pkgs.python3
     pkgs.nodejs
     pkgs.gnumake
     pkgs.gcc
     pkgs.cinnamon.nemo
     pkgs.cinnamon.nemo-fileroller
     pkgs.w3m
     pkgs.xdg-user-dirs
     pkgs.wpaperd
     pkgs.kitty
     pkgs.rofi
     # pkgs.pavucontrol
     pkgs.btop
     pkgs.mako
     pkgs.libnotify
     pkgs.wl-clipboard
     pkgs.wlroots
     pkgs.slurp
     pkgs.hyprpicker
     pkgs.swaylock-effects
     pkgs.mpv
     pkgs.ffmpeg
     pkgs.grim
     pkgs.discord
     pkgs.trashy
     pkgs.viewnior
     pkgs.lsd
     pkgs.unzip
     pkgs.ventoy
     pkgs.motrix
     pkgs.betterdiscordctl
     pkgs.bashmount
     pkgs.obs-studio
     # pkgs.linux-wifi-hotspot
     pkgs.distrobox
     pkgs.gparted
     pkgs.polkit_gnome
     # Docker packages
     pkgs.docker-compose
   ];
   
  # Fonts for NIX-OS.
   fonts.fonts = with pkgs; [
     noto-fonts
     noto-fonts-cjk
     noto-fonts-emoji
   ];
  
  # Display Manager.
   services.xserver.enable = true;
   services.xserver.displayManager.gdm = {
     enable = true;
    };

  # AutoLogin.
   services.xserver.displayManager = {
     autoLogin.enable = true;
     autoLogin.user = "random";
   };

  # Zram.
  zramSwap.enable = true;
  zramSwap.algorithm = "zstd";

  # Hyprland.
  programs = {
    waybar.enable = true;
      hyprland = {
        enable = true;
        xwayland.enable = true;
      };
    };

  # XDG Portal.
  xdg = {
    portal = {
      enable = true;
      extraPortals = with pkgs; [
        xdg-desktop-portal-hyprland
        xdg-desktop-portal-wlr
        xdg-desktop-portal-gtk
      ];
    };
  };

  # Swaylock
  security.pam.services.swaylock.text = ''
    auth include login
  '';
  
  # Dconf
  programs.dconf.enable = true;
  
  # Dbus
  services.dbus.enable = true;

  # services Accounts
  services.accounts-daemon.enable = true;

  # Gnome Polkit
  systemd = {
  user.services.polkit-gnome-authentication-agent-1 = {
    description = "polkit-gnome-authentication-agent-1";
    wantedBy = [ "graphical-session.target" ];
    wants = [ "graphical-session.target" ];
    after = [ "graphical-session.target" ];
    serviceConfig = {
        Type = "simple";
        ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1";
        Restart = "on-failure";
        RestartSec = 1;
        TimeoutStopSec = 10;
      };
    };
  }; 
  # Enable sound with pipewire.
  services.pipewire = {
    enable = true;
    pulse.enable = true;
    # wireplumber.enable = true;
  };
  
  # Neovim.
  programs.neovim = {
    enable = true;
    defaultEditor = true;
  };
  
  # ZSH with oh-my-zsh
  users.users.random = {
    shell = pkgs.zsh;
  };

  programs.zsh = {
    enable = true;
    ohMyZsh.enable = true;
    ohMyZsh.theme = "random";
    
    # Zsh Config.
    histSize = 10000;
    histFile = "$HOME/.zsh_history";

    # Plugins
    syntaxHighlighting.enable = true;
    autosuggestions.strategy = ["history" "completion" "match_prev_cmd"];
    autosuggestions.highlightStyle = "fg=cyan";
    syntaxHighlighting.highlighters = ["main" "brackets" "pattern" "cursor" "regexp" "root" "line"];
    autosuggestions.enable = true;
   
    # Build in oh-my-zsh plugins 
    ohMyZsh.plugins = ["sudo" ];
    
    # Alias
    shellAliases = {

      # LSD 
      ls = "lsd";
      ll = "lsd -l";
      
      # Useful Nix OS commands
      edit = "sudo -E nvim /etc/nixos/configuration.nix";
      edit-unstable = "sudo -E nvim /etc/nixos/unstable.nix";
      update = "sudo nix-channel --update && sudo nixos-rebuild switch && home-manager switch";

      # Trashy
      trash = "trash";
      list = "trash list";
      restore = "trash restore";
      restore-all = "trash restore --all";
      remove-all = "trash empty --all";

      # BashMount 
      bm = "bashmount"; 
    };
  };

  # Vmware
  virtualisation.vmware.host = {
    enable = true;
  };

  # Docker
  users.extraGroups.docker.members = [ "random" ];
  virtualisation.docker = {
    enable = true;
  };
  
  # Mullvad-VPN.
  services.mullvad-vpn = {
    enable = true;
    package = pkgs.mullvad-vpn;
  };

  # TeamViewer
  services.teamviewer.enable = true;

  # Firewall.
  networking.firewall.enable = true;

  # Network configuration with NEXTDNS/DNS
  networking.networkmanager.enable = true;   
  services.resolved.enable = true;
  networking.networkmanager.dns = "systemd-resolved";
  networking.firewall.checkReversePath = "loose";
  services.resolved.extraConfig = ''

    DNSOverTLS=yes
  '';
  
  # Trim For SSD, fstrim.
  services.fstrim = {
    enable = true;
    interval = "weekly";
  };

  # Fwupd # Firmware updater
  services.fwupd = {
    enable = true;
  };

  # Cpu Optimization.
  services.auto-cpufreq.enable = true;
  
  # security
  services.gnome.gnome-keyring.enable = true;
  # programs.gnupg.agent = {
  #   enable = true;
  #   enableSSHSupport = true;
  # };

  # Auto system update.
  system.autoUpgrade = {
    enable = true;
    dates = "weekly";
    operation = "switch";
  };
  
  # Optimize NIX Store.
  # nix.optimise = {
  #   automatic = true;
  # };

  # Automatic Garbage Collection.
  nix.gc = {
   automatic = true;
   dates = "weekly";
   options = "--delete-older-than 7d";
  };
  
  # NixOS system details.
  system.stateVersion = "23.05";
}

EDIT - i’ve deleted dns part because i was using nextdns, can’t sent you that IDs.

quasigod · August 29, 2023, 6:00pm

Can you enable the polkit module that @Lord-Valen mentioned?

random · August 30, 2023, 2:31am

tried both now, without it with it, and without systemd server just polkit module, non of them are worked, still getting that error and can’t launch gparted.

Devy246 · August 31, 2023, 12:33am

I am having the same issue as op. I am on the unstable channel and also running home-manager.
I currently have:

polkit_gnome in my system packages
security.polkit.enabled = true
security.polkit.debug = true (to see if any logs came up with journalctl, none came up)
the same systemd script as op from the wiki
security.polkit.adminIdentities set as me and wheel (default is already the wheel group, setting this did nothing)
I can also send my configuration.nix file and home.nix file if you guys think that can help, however, I copied the polkit setup from a chris titus livestream, and his worked fine after a reboot, making me think it might be a problem with a more recent update.

random · September 2, 2023, 4:34pm

if you figure out how to fix that, then tell me okay?

quasigod · September 7, 2023, 3:43pm

Sorry I ended up being quite busy with my school semester starting. Going to set a a reminder to test this on my laptop tonight. I see you are running Hyprland, which is what my laptop uses as well. @Devy246, are you also using Hyprland, or a different window manager?

Neither the polkit module or the polkit_gnome package have received any recent updates, so I don’t know what may have caused it, but it could be related to Hyprland if the issue is only present when using it.

random · September 9, 2023, 4:33pm

have you tested that and fixed?

Devy246 · September 9, 2023, 5:31pm

Sorry I haven’t replied either, school started for me aswell. @quasigod yes, I am running Hyprland. I have found a “fix” to the issue, it’s more of a workaround but it works.
I decided to switch to lxqt-policykit-agent instead of polkit_gnome because I was getting random errors about missing gnome accessibility packages when running it, also lxqt-policykit is the only qt polkit that respects my gtk theme I set through home manager.
I got rid of the systemd script as I don’t think it could even work through wayland. I added the line “exec-once = /nix/store/bdkhfi122a6fx3p1ds4zc7xanjr53jb3-lxqt-policykit-1.3.0/bin/lxqt-policykit-agent”
to my hyprland.conf file. I found the path by running “fd lxqt-policykit-agent /nix/store” (requires fd package).
Polkit now starts when running gui apps, however, with gparted, after I enter my password into polkit I get the error:
"Authorization required, but no authorization protocol specified

(gpartedbin:1891) Gtk-WARNING **: cannot open display: :1
"
after which gparted crashes. As a workaround, using sudo -E gparted starts gparted with no problems. I would still like to find a fix for qparted to not crash when launched without sudo -E

Lord-Valen · September 9, 2023, 6:59pm

I recently learned this which I think is your problem: Wayland desktops don’t start graphical-session.target when run. Instead of what you’re currently doing, you should exec-once = systemctl --user start graphical-session.target to avoid having the same problem with other units.

quasigod · September 12, 2023, 12:09am

On my system, executing the polkit before running gparted works correctly. I realized that the problem is the polkit not starting, as @Lord-Valen said. I will have to research what service can be used to start the polkit.

xanadul · February 4, 2024, 2:52pm

I just solved this problem myself, so if you still need help or anyone else finds this thread, here is a very simple solution which worked for me in 23.11

Activate the polkit module:

security.polkit.enable = true;

add lxde.lxsession (LXDEs session manager) to your user/system packages.
execute lxsession when starting the compositor/window manager. For hyprland, in hyprland.conf:

exec-once: lxsession

No reboot needed, just a nixos-rebuild switch and then relogin (or starting lxsession in a terminal for testing)

sliedes · July 5, 2024, 1:41am

Instead of hardcoding the hash or grepping it from ls output as in the wiki, this seems to work for me:

gio launch /run/current-system/sw/etc/xdg/autostart/polkit-kde-authentication-agent-1.desktop