From d07ea9a2271a1cbdc94bfe86957e6d8e1f7279fd Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Sun, 12 Apr 2026 11:47:42 +0000
Subject: [PATCH] Add gnome-keyring-unlock service and update
 change-free-password to re-key keyring

Agent-Logs-Url: https://github.com/naturallaw777/staging_alpha/sessions/311643b0-e3d5-4ee5-a8f8-da5baa59cab8

Co-authored-by: naturallaw777 <99053422+naturallaw777@users.noreply.github.com>
---
 modules/credentials.nix | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/modules/credentials.nix b/modules/credentials.nix
index fb276eb..7824038 100644
--- a/modules/credentials.nix
+++ b/modules/credentials.nix
@@ -33,6 +33,8 @@ let
     echo "$NEW_PASS" > "$SECRET_FILE"
     chmod 600 "$SECRET_FILE"
     echo "Password for 'free' updated and saved."
+    echo "$NEW_PASS" | ${pkgs.gnome-keyring}/bin/gnome-keyring-daemon --unlock || echo "Warning: GNOME Keyring re-key failed." >&2
+    echo "GNOME Keyring re-keyed with new password."
   '';
 in
 {
@@ -116,4 +118,27 @@ in
     '';
   };
 
+  # ── 2. Unlock GNOME Keyring on graphical session start ─────
+  systemd.services.gnome-keyring-unlock = {
+    description = "Unlock GNOME Keyring with stored free password";
+    after = [ "free-password-setup.service" "display-manager.service" ];
+    wants = [ "free-password-setup.service" ];
+    wantedBy = [ "graphical-session.target" ];
+    serviceConfig = {
+      Type = "oneshot";
+      User = "free";
+      ExecStartPre = "${pkgs.coreutils}/bin/sleep 3";
+    };
+    path = [ pkgs.gnome-keyring pkgs.coreutils ];
+    script = ''
+      SECRET_FILE="/var/lib/secrets/free-password"
+      if [ -f "$SECRET_FILE" ]; then
+        gnome-keyring-daemon --unlock < "$SECRET_FILE"
+        echo "GNOME Keyring unlocked with stored password."
+      else
+        echo "No password file found, skipping keyring unlock."
+      fi
+    '';
+  };
+
 }