Fix gnome-online-accounts by enabling gnome-keyring and unsetting SSH_AUTH_SOCK

.lycheeignore

@@ -6,3 +6,6 @@ user:password
 
 # reddit often rejects request from GitHub Actions
 www.reddit.com/
+
+# The server is unstable
+ubuntuforums.org

config/rclone.md

@@ -1,7 +1,7 @@
 # Rclone
 
 Rclone enables an OSS vault on several Cloud Storages.\
-And it makes it possible to use [Google Drive on Linux](https://abevoelker.github.io/how-long-since-google-said-a-google-drive-linux-client-is-coming/).
+And it makes it possible to use [Google Drive on Linux](https://abevoelker.github.io/how-long-since-google-said-a-google-drive-linux-client-is-coming/) without gnome-online-accounts.
 
 ## Setup
 

home-manager/desktop.nix

@@ -26,12 +26,4 @@
       };
     };
   };
-
-  # Extracted from encryption.nix to avoid dbus error in GitHub hosted runner
-  #
-  # https://github.com/nix-community/home-manager/blob/release-24.11/modules/services/pass-secret-service.nix
-  # Make it possible to use libsecret which is required in vscode GitHub authentication(--password-store="gnome-libsecret"), without gnome-keyring(GH-814).
-  #
-  # Alternative candidates: https://github.com/grimsteel/pass-secret-service
-  services.pass-secret-service.enable = true;
 }

nixos/desktop/default.nix

@@ -92,17 +92,16 @@
     evince # document viewer
     gnome-calendar
     gnome-music # does not support flac by defaults
-    gnome-online-accounts # See GH-1015
   ];
 
-  # Recommended to be uninstalled by gnupg. I prefer this way, even though disabling gpg-agent ssh integrations.
+  # I need gnome-keyring to use gnome-online-accounts even though recommended to be uninstalled by gnupg. pass-secret families didn't work on goa. See GH-1034 and GH-1036
   # https://wiki.gnupg.org/GnomeKeyring
   #
-  # And enabling this makes $SSH_AUTH_SOCK overriding even through enabled gpg-agent in home-manager
-  # https://github.com/NixOS/nixpkgs/issues/101616
-  #
-  # Using mkforce for https://discourse.nixos.org/t/gpg-smartcard-for-ssh/33689/3
-  services.gnome.gnome-keyring.enable = lib.mkForce false;
+  # Require mkforce if you want to disable. See https://discourse.nixos.org/t/gpg-smartcard-for-ssh/33689/3
+  services.gnome.gnome-keyring.enable = true;
+  # On the otherhand, I should avoid deprecated gnome-keyring for ssh integrations even if it looks working.
+  # gnome-keyring enables pam.sshAgentAuth, and it sets the $SSH_AUTH_SOCK, and following modules skips to override this variable. But just disabling security.pam.sshAgentAuth does not resolve it. It should be done in package build phase.
+  # The workaround might be updated with https://github.com/NixOS/nixpkgs/issues/140824
 
   # Enable touchpad support (enabled default in most desktopManager).
   services.libinput = {

overlays/default.nix

@@ -16,8 +16,23 @@
     };
   })
 
-  # Pacthed packages
+  # Keep minimum patches as possible. Because of they can not use official binary cache. See GH-754
 
+  # Patched and override existing name because of it is not cofigurable
+  (final: prev: {
+    # https://github.com/NixOS/nixpkgs/blob/nixos-24.11/pkgs/by-name/gn/gnome-keyring/package.nix
+    # To disable SSH_AUTH_SOCK by gnome-keyring. This is required because of I should avoid GH-714 but realize GH-1015
+    #
+    # And it should be override the package it self, the module is not configurable for the package. https://github.com/NixOS/nixpkgs/blob/nixos-24.11/nixos/modules/services/desktops/gnome/gnome-keyring.nix
+    gnome-keyring = prev.gnome-keyring.overrideAttrs (
+      finalAttrs: previousAttrs: {
+        # https://github.com/NixOS/nixpkgs/issues/140824#issuecomment-2573660493
+        configureFlags = final.lib.lists.remove "--enable-ssh-agent" previousAttrs.configureFlags;
+      }
+    );
+  })
+
+  # Pacthed packages
   (final: prev: {
     patched = {
       # TODO: Replace to stable since nixos-25.05, stable 24.11 does not include https://github.com/NixOS/nixpkgs/pull/361378