From bfc60eeb2caecec17aa41d8a9935697555a059a6 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 30 Apr 2026 16:32:36 +0000
Subject: [PATCH] Fix GNOME Keyring permission issue: move tmpfiles rules to
 user level

Agent-Logs-Url: https://github.com/naturallaw777/staging_alpha/sessions/3ed85d6b-ada9-48e1-941f-1150e1491157

Co-authored-by: naturallaw777 <99053422+naturallaw777@users.noreply.github.com>
---
 configuration.nix | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/configuration.nix b/configuration.nix
index 5b76bd0..3f5328b 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -70,13 +70,11 @@
   security.pam.services.gdm-password.enableGnomeKeyring = true;
   security.pam.services.gdm-autologin.enableGnomeKeyring = true;
 
-  # Declaratively guarantee the GNOME Keyring default pointer exists.
-  # The 'f' directive creates the file only when it is absent, so legacy
-  # machines that already have a valid pointer are never overwritten.
-  # The content 'login' tells pam_gnome_keyring which keyring to unlock on login.
-  systemd.tmpfiles.rules = [
-    "d /home/free/.local/share/keyrings 0700 free users -"
-    "f /home/free/.local/share/keyrings/default 0600 free users - login\n"
+  # Declaratively guarantee the GNOME Keyring default pointer exists for the free user.
+  # Running this at the user level prevents root from corrupting ~/.local permissions on fresh installs.
+  systemd.user.tmpfiles.rules = [
+    "d %h/.local/share/keyrings 0700 - - - -"
+    "f %h/.local/share/keyrings/default 0600 - - - login\n"
   ];
 
   # ── Audio ──────────────────────────────────────────────────