How to unlock GNOME keyring automatically in NixOS

gnome-keyringgnome3nixos

I am using GNOME 3 on NixOS 16.09, and I cannot figure out how to make the "Login" keyring unlock automatically on login.

I suspect this could be fixed with the security.pam.services option, but I am not an expert, and the documentation is not very verbose or clear:

This option defines the PAM services. A service typically corresponds to a program that uses PAM, e.g. login or passwd. Each attribute of this set defines a PAM service, with the attribute name defining the name of the service.

Type: list or attribute set of submodules

Default: [ ]

A related but less important issue is that if I create a new user account under NixOS and log in with GNOME, no keyring is automatically created. The first time I enter a password somewhere and accept to save it in a keyring, I get a dialogue asking for a password to create a new default keyring:

Choose password for new keyring

An application wants to create new keyring called 'Default keyring'. Choose
the password you want to use for it.

Note that it wants to create a keyring called "Default keyring", and not "Login", like Ubuntu does.

If I type in my login password, the keyring is created, but on the next login it is not unlocked automatically, and I am asked for a password the first time I try to use it.

Here is an analogous question about KDE Wallet, which so far has no accepted answer.

There is a relevant issue reported for Nixpkgs.

Best Answer

This issue is fixed in 19.03. If the login manager is GDM, then set the configuration option

{ # ...
  security.pam.services.gdm.enableGnomeKeyring = true;
}

It has been suggested that if no login manager is used, then the following option needs to be set:

{ # ...
  services.gnome3.gnome-keyring.enable = true;
}
Related Question