Merge pull request #315874 from JohnRTitor/gnome-keyring-module

nixos/gnome-keyring: rewrite module and fix unlocking on GDM session login
author: Thomas Gerbet <thomas@gerbet.me> 2024-06-21 21:07:43 +0200
committer: GitHub <noreply@github.com> 2024-06-21 21:07:43 +0200
commit: 6d04aa54bad7fd3a2b9bcb67c3e5cf33144ae7eb (patch)
tree: 4c7b947f45bef4a95db51cf781c602a0bf8f55a0 /nixos
parent: bd074c86c90acb19478d3c3d6e81ecdb97046a34 (diff)
parent: 6bb516d45f2cbb56a817adf4c7f0ee680e3cf9e9 (diff)
1 files changed, 31 insertions, 26 deletions
diff --git a/nixos/modules/services/desktops/gnome/gnome-keyring.nix b/nixos/modules/services/desktops/gnome/gnome-keyring.nix
index 79bce0ade2fc5..02b198fd81cb9 100644
--- a/nixos/modules/services/desktops/gnome/gnome-keyring.nix
+++ b/nixos/modules/services/desktops/gnome/gnome-keyring.nix
@@ -1,45 +1,52 @@
 # GNOME Keyring daemon.
 
-{ config, pkgs, lib, ... }:
-
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+let
+  cfg = config.services.gnome.gnome-keyring;
+in
 {
 
   meta = {
     maintainers = lib.teams.gnome.members;
   };
 
-  ###### interface
-
   options = {
-
     services.gnome.gnome-keyring = {
-
-      enable = lib.mkOption {
-        type = lib.types.bool;
-        default = false;
-        description = ''
-          Whether to enable GNOME Keyring daemon, a service designed to
-          take care of the user's security credentials,
-          such as user names and passwords.
-        '';
-      };
-
+      enable = lib.mkEnableOption ''
+        GNOME Keyring daemon, a service designed to
+        take care of the user's security credentials,
+        such as user names and passwords
+      '';
     };
-
   };
 
-
-  ###### implementation
-
-  config = lib.mkIf config.services.gnome.gnome-keyring.enable {
-
+  config = lib.mkIf cfg.enable {
     environment.systemPackages = [ pkgs.gnome.gnome-keyring ];
 
-    services.dbus.packages = [ pkgs.gnome.gnome-keyring pkgs.gcr ];
+    services.dbus.packages = [
+      pkgs.gnome.gnome-keyring
+      pkgs.gcr
+    ];
 
     xdg.portal.extraPortals = [ pkgs.gnome.gnome-keyring ];
 
-    security.pam.services.login.enableGnomeKeyring = true;
+    security.pam.services = lib.mkMerge [
+      {
+        login.enableGnomeKeyring = true;
+      }
+      (lib.mkIf config.services.xserver.displayManager.gdm.enable {
+        gdm-password.enableGnomeKeyring = true;
+        gdm-autologin.enableGnomeKeyring = true;
+      })
+      (lib.mkIf (config.services.xserver.displayManager.gdm.enable && config.services.fprintd.enable) {
+        gdm-fingerprint.enableGnomeKeyring = true;
+      })
+    ];
 
     security.wrappers.gnome-keyring-daemon = {
       owner = "root";
@@ -47,7 +54,5 @@
       capabilities = "cap_ipc_lock=ep";
       source = "${pkgs.gnome.gnome-keyring}/bin/gnome-keyring-daemon";
     };
-
   };
-
 }
author	Thomas Gerbet <thomas@gerbet.me>	2024-06-21 21:07:43 +0200
committer	GitHub <noreply@github.com>	2024-06-21 21:07:43 +0200
commit	6d04aa54bad7fd3a2b9bcb67c3e5cf33144ae7eb (patch)
tree	4c7b947f45bef4a95db51cf781c602a0bf8f55a0 /nixos
parent	bd074c86c90acb19478d3c3d6e81ecdb97046a34 (diff)
parent	6bb516d45f2cbb56a817adf4c7f0ee680e3cf9e9 (diff)