From 055d6ab421ed99a09ed2c1de0196af6a5fa8c1a5 Mon Sep 17 00:00:00 2001 From: John Ogle Date: Fri, 26 Dec 2025 13:20:18 -0800 Subject: [PATCH] Add systemd services to unlock rbw vault on login and resume Adds two systemd user services to automatically unlock the rbw vault: - rbw-unlock-on-login: Runs at graphical session start - rbw-unlock-on-resume: Runs after resuming from suspend This solves the issue of mbsync prompting for password every 5 minutes. Once unlocked, the vault stays unlocked as long as mbsync syncs every 5 minutes (which resets the 1-hour lock timeout). Only prompts at login or after long suspend periods. --- home/roles/desktop/default.nix | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/home/roles/desktop/default.nix b/home/roles/desktop/default.nix index f900ec5..cee93b1 100644 --- a/home/roles/desktop/default.nix +++ b/home/roles/desktop/default.nix @@ -81,6 +81,37 @@ in enable = true; }; + # rbw vault unlock on login and resume from suspend + systemd.user.services.rbw-unlock-on-login = { + Unit = { + Description = "Unlock rbw vault at login"; + After = [ "graphical-session.target" ]; + }; + Service = { + Type = "oneshot"; + ExecStart = "${pkgs.rbw}/bin/rbw unlock"; + Environment = "PATH=${pkgs.rbw}/bin:/run/current-system/sw/bin"; + }; + Install = { + WantedBy = [ "graphical-session.target" ]; + }; + }; + + systemd.user.services.rbw-unlock-on-resume = { + Unit = { + Description = "Unlock rbw vault after resume from suspend"; + After = [ "suspend.target" ]; + }; + Service = { + Type = "oneshot"; + ExecStart = "${pkgs.rbw}/bin/rbw unlock"; + Environment = "PATH=${pkgs.rbw}/bin:/run/current-system/sw/bin"; + }; + Install = { + WantedBy = [ "suspend.target" ]; + }; + }; + # KDE environment variables for proper integration home.sessionVariables = { QT_QPA_PLATFORMTHEME = "kde";