kwallet: unmount bind mount cleanly on session logout

Switch kwalletd6-logon from --scope to a transient service with RemainAfterExit=yes (kwalletd6 forks to background, so the service must stay active after the main process exits). ExecStop runs 'sudo umount -l' to detach the wallet bind mount before gocryptfs unmounts ~/data (Before=gocryptfs-home.service ordering). install.sh adds a per-user sudoers drop-in so the user service can call umount as root without a password. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-11 11:07:01 +02:00
parent 40843b8295
commit 3429ffa48f
2 changed files with 14 additions and 1 deletions
@@ -18,7 +18,12 @@ if [[ -z $(wmctrl -m | grep "KWin") ]]; then
 fi

 #Restart the service
-systemd-run --user --scope --unit=kwalletd6-logon kwalletd6 >${TEMPDIR}/kwalletd6.log 2>&1 &
+WALLETPATH_CFG="${HOME}/.local/share/kwalletd"
+systemd-run --user --unit=kwalletd6-logon \
+    --property=RemainAfterExit=yes \
+    --property=Before=gocryptfs-home.service \
+    --property="ExecStop=/usr/bin/sudo /usr/bin/umount -l ${WALLETPATH_CFG}" \
+    kwalletd6 >${TEMPDIR}/kwalletd6.log 2>&1 &
 sleep 1

 #Check if kwalletd is enabled now