From d416563f3abd7ec75a52014ddf715ff7443b7303 Mon Sep 17 00:00:00 2001
From: "RingOfStorms (Joshua Bell)" <ringofstorms@gmail.com>
Date: Tue, 6 Jan 2026 13:51:55 -0600
Subject: [PATCH] update keyd more

---
 flakes/de_plasma/de_plasma.nix | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/flakes/de_plasma/de_plasma.nix b/flakes/de_plasma/de_plasma.nix
index 63b4bf0c..f5874a63 100644
--- a/flakes/de_plasma/de_plasma.nix
+++ b/flakes/de_plasma/de_plasma.nix
@@ -169,6 +169,11 @@ in
         };
       };
 
+      # `keyd` drops privileges via `setgid(2)`, but the upstream unit
+      # uses `RestrictSUIDSGID=yes`, which blocks that and causes:
+      # "setgid: Operation not permitted".
+      systemd.services.keyd.serviceConfig.RestrictSUIDSGID = mkIf (!cfg.disableKeyd) false;
+
       # Home Manager modules (plasma-manager + our HM layer)
       home-manager.sharedModules = [
         plasma-manager.homeModules.plasma-manager