Autologin + unlock keyring + Luks passwords

With disk encryption a user needs to enter their LUKS password at boot time. Currently, this is a single password per device (laptop).

For convenience, we can configure Autologin to avoid forcing users to type passwords twice on startup, but unfortunately after automatically logging in the desktop asks for the user's password to unlock the keyring.

Desired State

Every user havs their own LUKS password to be able to start the laptop.
There is no password prompt after Autologin (e.g. /etc/pam.d/gdm-autologin activates pam_keyring.so).

auth optional pam_keyring.so try_first_pass
session optional pam_keyring.so

Resources

NixOS/nixpkgs#282317 (merged GH PR)
How to remove password prompt from keyring in autologin
Gnome-keyring-daemon won't unlock automatically (how to use LUKS)
How to configure a graphical boot screen with LUKS unlock

Edited Oct 19, 2025 by Peter Bittner