From 7b22fd5ca7a4adb66c9149995e6aaf0f9da055c6 Mon Sep 17 00:00:00 2001
From: Anthony Rodriguez <anthony@nezia.dev>
Date: Sun, 6 Oct 2024 12:11:01 +0200
Subject: [PATCH] programs/niri: add PAM strategy for swaylock with fprintd

---
 system/programs/niri/default.nix | 23 ++++++++++++++++++++++-
 1 file changed, 22 insertions(+), 1 deletion(-)

diff --git a/system/programs/niri/default.nix b/system/programs/niri/default.nix
index 17c8b2a..9dee14e 100644
--- a/system/programs/niri/default.nix
+++ b/system/programs/niri/default.nix
@@ -1,4 +1,10 @@
-{inputs, ...}: {
+{
+  inputs,
+  lib,
+  pkgs,
+  config,
+  ...
+}: {
   imports = [
     inputs.niri.nixosModules.niri
   ];
@@ -6,4 +12,19 @@
   programs.niri = {
     enable = true;
   };
+
+  # copied from https://github.com/linyinfeng/dotfiles/blob/91b0363b093303f57885cbae9da7f8a99bbb4432/nixos/profiles/graphical/niri/default.nix#L17-L29
+  security.pam.services.swaylock.text = lib.mkIf config.services.fprintd.enable ''
+    account required pam_unix.so
+
+    # check passwork before fprintd
+    auth sufficient pam_unix.so try_first_pass likeauth
+    auth sufficient ${pkgs.fprintd}/lib/security/pam_fprintd.so
+    auth required pam_deny.so
+
+    password sufficient pam_unix.so nullok yescrypt
+
+    session required pam_env.so conffile=/etc/pam/environment readenv=0
+    session required pam_unix.so
+  '';
 }