programs/niri: add PAM strategy for swaylock with fprintd

2024-10-06 12:11:01 +02:00 · 2024-10-06 12:11:01 +02:00 · 7b22fd5ca7
commit 7b22fd5ca7
parent c7c8108bc4
1 changed files with 22 additions and 1 deletions
--- a/system/programs/niri/default.nix
+++ b/system/programs/niri/default.nix
@ -1,4 +1,10 @@
-{inputs, ...}: {
+{
+  inputs,
+  lib,
+  pkgs,
+  config,
+  ...
+}: {
  imports = [
    inputs.niri.nixosModules.niri
  ];
@ -6,4 +12,19 @@
  programs.niri = {
    enable = true;
  };
+
+  # copied from https://github.com/linyinfeng/dotfiles/blob/91b0363b093303f57885cbae9da7f8a99bbb4432/nixos/profiles/graphical/niri/default.nix#L17-L29
+  security.pam.services.swaylock.text = lib.mkIf config.services.fprintd.enable ''
+    account required pam_unix.so
+
+    # check passwork before fprintd
+    auth sufficient pam_unix.so try_first_pass likeauth
+    auth sufficient ${pkgs.fprintd}/lib/security/pam_fprintd.so
+    auth required pam_deny.so
+
+    password sufficient pam_unix.so nullok yescrypt
+
+    session required pam_env.so conffile=/etc/pam/environment readenv=0
+    session required pam_unix.so
+  '';
 }