diff --git a/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml
index 5d09d3a93aa..aaa85138dfa 100644
--- a/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml
+++ b/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml
@@ -392,6 +392,18 @@
as coreboot’s fork is no longer available.
+
+
+ The udisks2 service, available at
+ services.udisks2.enable, is now disabled by
+ default. It will automatically be enabled through services and
+ desktop environments as needed. This also means that polkit
+ will now actually be disabled by default. The default for
+ security.polkit.enable was already flipped
+ in the previous release, but udisks2 being enabled by default
+ re-enabled it.
+
+
Add udev rules for the Teensy family of microcontrollers.
diff --git a/nixos/doc/manual/release-notes/rl-2211.section.md b/nixos/doc/manual/release-notes/rl-2211.section.md
index f37d7d827bd..e1253d46190 100644
--- a/nixos/doc/manual/release-notes/rl-2211.section.md
+++ b/nixos/doc/manual/release-notes/rl-2211.section.md
@@ -145,6 +145,9 @@ Use `configure.packages` instead.
- memtest86+ was updated from 5.00-coreboot-002 to 6.00-beta2. It is now the upstream version from https://www.memtest.org/, as coreboot's fork is no longer available.
+- The udisks2 service, available at `services.udisks2.enable`, is now disabled by default. It will automatically be enabled through services and desktop environments as needed.
+ This also means that polkit will now actually be disabled by default. The default for `security.polkit.enable` was already flipped in the previous release, but udisks2 being enabled by default re-enabled it.
+
- Add udev rules for the Teensy family of microcontrollers.
- The `pass-secret-service` package now includes systemd units from upstream, so adding it to the NixOS `services.dbus.packages` option will make it start automatically as a systemd user service when an application tries to talk to the libsecret D-Bus API.
diff --git a/nixos/modules/services/desktops/gvfs.nix b/nixos/modules/services/desktops/gvfs.nix
index 4aa6412aaa5..84cd2963872 100644
--- a/nixos/modules/services/desktops/gvfs.nix
+++ b/nixos/modules/services/desktops/gvfs.nix
@@ -56,6 +56,8 @@ in
services.udev.packages = [ pkgs.libmtp.out ];
+ services.udisks2.enable = true;
+
# Needed for unwrapped applications
environment.sessionVariables.GIO_EXTRA_MODULES = [ "${cfg.package}/lib/gio/modules" ];
diff --git a/nixos/modules/services/hardware/udisks2.nix b/nixos/modules/services/hardware/udisks2.nix
index f9b5afceac3..988e975d7e6 100644
--- a/nixos/modules/services/hardware/udisks2.nix
+++ b/nixos/modules/services/hardware/udisks2.nix
@@ -19,14 +19,7 @@ in
services.udisks2 = {
- enable = mkOption {
- type = types.bool;
- default = true;
- description = lib.mdDoc ''
- Whether to enable Udisks, a DBus service that allows
- applications to query and manipulate storage devices.
- '';
- };
+ enable = mkEnableOption "udisks2, a DBus service that allows applications to query and manipulate storage devices.";
settings = mkOption rec {
type = types.attrsOf settingsFormat.type;
diff --git a/nixos/modules/virtualisation/container-config.nix b/nixos/modules/virtualisation/container-config.nix
index 0966ef84827..94f28ea80d0 100644
--- a/nixos/modules/virtualisation/container-config.nix
+++ b/nixos/modules/virtualisation/container-config.nix
@@ -8,7 +8,6 @@ with lib;
# Disable some features that are not useful in a container.
nix.optimise.automatic = mkDefault false; # the store is host managed
- services.udisks2.enable = mkDefault false;
powerManagement.enable = mkDefault false;
documentation.nixos.enable = mkDefault false;