system/programs/hyprland: add pam behavior for fingerprint machines

2024-12-13 23:03:28 +01:00 · 2024-12-13 23:03:28 +01:00 · a0e7e87d77
commit a0e7e87d77
parent 057adf1d27
1 changed files with 17 additions and 0 deletions
--- a/system/programs/hyprland.nix
+++ b/system/programs/hyprland.nix
@ -1,5 +1,7 @@
 {
  inputs,
+  config,
+  lib,
  pkgs,
  ...
 }: {
@ -8,4 +10,19 @@
    package = inputs.hyprland.packages.${pkgs.system}.hyprland;
    portalPackage = inputs.hyprland.packages.${pkgs.system}.xdg-desktop-portal-hyprland;
  };
+
+  # copied from https://github.com/linyinfeng/dotfiles/blob/91b0363b093303f57885cbae9da7f8a99bbb4432/nixos/profiles/graphical/niri/default.nix#L17-L29
+  security.pam.services.hyprlock.text = lib.mkIf config.services.fprintd.enable ''
+    account required pam_unix.so
+
+    # check passwork before fprintd
+    auth sufficient pam_unix.so try_first_pass likeauth
+    auth sufficient ${pkgs.fprintd}/lib/security/pam_fprintd.so
+    auth required pam_deny.so
+
+    password sufficient pam_unix.so nullok yescrypt
+
+    session required pam_env.so conffile=/etc/pam/environment readenv=0
+    session required pam_unix.so
+  '';
 }