desktop: add oo7-daemon as the org.freedesktop.secrets provider
Without a secret-service implementation on the bus, libsecret clients like flare fail at startup with 'The communication with libsecret failed'. None of the desktop hosts had one wired up. oo7-daemon is the matching pure-Rust implementation (same project as the oo7 crate flare uses internally), without the GNOME plumbing that gnome-keyring would drag in. Register the package's D-Bus service file and systemd user unit, start the daemon at user login, and alias the unit as dbus-org.freedesktop.secrets.service so D-Bus auto-activation also resolves cleanly when the wantedBy start hasn't fired yet. Verified the toplevel build and that the resulting system carries the oo7-daemon user unit, the dbus alias symlink, and the default.target.wants entry.
This commit is contained in:
@@ -19,6 +19,7 @@
|
|||||||
./desktop-networkmanager.nix
|
./desktop-networkmanager.nix
|
||||||
./desktop-age-secrets.nix
|
./desktop-age-secrets.nix
|
||||||
./desktop-lanzaboote-agenix.nix
|
./desktop-lanzaboote-agenix.nix
|
||||||
|
./desktop-oo7-daemon.nix
|
||||||
|
|
||||||
inputs.disko.nixosModules.disko
|
inputs.disko.nixosModules.disko
|
||||||
|
|
||||||
|
|||||||
35
modules/desktop-oo7-daemon.nix
Normal file
35
modules/desktop-oo7-daemon.nix
Normal file
@@ -0,0 +1,35 @@
|
|||||||
|
# oo7-daemon — the pure-Rust implementation of the org.freedesktop.secrets
|
||||||
|
# (libsecret) D-Bus interface, written by the same project that ships the
|
||||||
|
# `oo7` Rust crate that flare uses internally.
|
||||||
|
#
|
||||||
|
# Without a secret-service provider on the bus, flare's `oo7::Keyring::new()`
|
||||||
|
# call fails immediately at startup ("The communication with libsecret
|
||||||
|
# failed"). Most NixOS desktops solve this by enabling
|
||||||
|
# `services.gnome.gnome-keyring.enable`, but that drags GNOME plumbing
|
||||||
|
# we don't otherwise want; oo7-daemon is the lightweight match for niri
|
||||||
|
# desktops.
|
||||||
|
#
|
||||||
|
# The `oo7-server` package ships:
|
||||||
|
# - libexec/oo7-daemon (the binary)
|
||||||
|
# - share/dbus-1/services/org.freedesktop.secrets.service
|
||||||
|
# - share/systemd/user/oo7-daemon.service
|
||||||
|
#
|
||||||
|
# We register both with NixOS and start the daemon at user login so
|
||||||
|
# libsecret clients can find the bus name without depending on D-Bus
|
||||||
|
# auto-activation. We also alias the unit as
|
||||||
|
# `dbus-org.freedesktop.secrets.service` so D-Bus activation falls back
|
||||||
|
# to it cleanly when the daemon has not been started yet (e.g. inside a
|
||||||
|
# fresh `systemd-run --user` scope).
|
||||||
|
|
||||||
|
{ pkgs, ... }:
|
||||||
|
{
|
||||||
|
environment.systemPackages = [ pkgs.oo7-server ];
|
||||||
|
|
||||||
|
services.dbus.packages = [ pkgs.oo7-server ];
|
||||||
|
systemd.packages = [ pkgs.oo7-server ];
|
||||||
|
|
||||||
|
systemd.user.services.oo7-daemon = {
|
||||||
|
wantedBy = [ "default.target" ];
|
||||||
|
aliases = [ "dbus-org.freedesktop.secrets.service" ];
|
||||||
|
};
|
||||||
|
}
|
||||||
Reference in New Issue
Block a user