titaniumtown/nixos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

desktop: add oo7-daemon as the org.freedesktop.secrets provider

Browse Source 
Without a secret-service implementation on the bus, libsecret clients
like flare fail at startup with 'The communication with libsecret
failed'. None of the desktop hosts had one wired up.

oo7-daemon is the matching pure-Rust implementation (same project as
the oo7 crate flare uses internally), without the GNOME plumbing that
gnome-keyring would drag in. Register the package's D-Bus service
file and systemd user unit, start the daemon at user login, and alias
the unit as dbus-org.freedesktop.secrets.service so D-Bus
auto-activation also resolves cleanly when the wantedBy start hasn't
fired yet.

Verified the toplevel build and that the resulting system carries the
oo7-daemon user unit, the dbus alias symlink, and the
default.target.wants entry.
This commit is contained in:
Simon Gardling
2026-04-30 00:22:37 -04:00
parent bcdfd8cdf5
commit 6bbedff561
2 changed files with 36 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
modules/desktop-oo7-daemon.nix Normal file
View File

@@ -0,0 +1,35 @@
# oo7-daemon — the pure-Rust implementation of the org.freedesktop.secrets
# (libsecret) D-Bus interface, written by the same project that ships the
# `oo7` Rust crate that flare uses internally.
#
# Without a secret-service provider on the bus, flare's `oo7::Keyring::new()`
# call fails immediately at startup ("The communication with libsecret
# failed"). Most NixOS desktops solve this by enabling
# `services.gnome.gnome-keyring.enable`, but that drags GNOME plumbing
# we don't otherwise want; oo7-daemon is the lightweight match for niri
# desktops.
#
# The `oo7-server` package ships:
# - libexec/oo7-daemon (the binary)
# - share/dbus-1/services/org.freedesktop.secrets.service
# - share/systemd/user/oo7-daemon.service
#
# We register both with NixOS and start the daemon at user login so
# libsecret clients can find the bus name without depending on D-Bus
# auto-activation. We also alias the unit as
# `dbus-org.freedesktop.secrets.service` so D-Bus activation falls back
# to it cleanly when the daemon has not been started yet (e.g. inside a
# fresh `systemd-run --user` scope).
{ pkgs, ... }:
{
environment.systemPackages = [ pkgs.oo7-server ];
services.dbus.packages = [ pkgs.oo7-server ];
systemd.packages = [ pkgs.oo7-server ];
systemd.user.services.oo7-daemon = {
wantedBy = [ "default.target" ];
aliases = [ "dbus-org.freedesktop.secrets.service" ];
};
}