commit 53ff5c672df7cdf9a6fb7a2821f09e699da1bc60 · dunkirk.sh/dots

+2 -3

moonlark/configuration.nix

···

       24
        
           

     

       25
        
           # hpyrland config

     

       26
        
           # ./hyprland

     

       0
        
       
     

       0
        
       
     

       27
        
         ];

     

       28
        
       	

     

       29
        
         nixpkgs = {

     
···

       94
        
             })

     

       95
        
           pkgs.github-desktop

     

       96
        
         ];

     

       97
       -
       

     

       98
       -
         services.fprintd.enable = true;

     

       99
       -
         security.pam.services.hyprlock.fprintAuth = true;

     

       100
        
       

     

       101
        
         services.gnome.gnome-keyring.enable = true;

     

       102

···

       24
        
           

     

       25
        
           # hpyrland config

     

       26
        
           # ./hyprland

     

       27
       +
       

     

       28
       +
           ./pam.nix

     

       29
        
         ];

     

       30
        
       	

     

       31
        
         nixpkgs = {

     
···

       96
        
             })

     

       97
        
           pkgs.github-desktop

     

       98
        
         ];

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       99
        
       

     

       100
        
         services.gnome.gnome-keyring.enable = true;

     

       101

+68

moonlark/pam.nix

···

       1
       +
       {

     

       2
       +
           lib,

     

       3
       +
           config,

     

       4
       +
           pkgs,

     

       5
       +
           ...

     

       6
       +
       }: {

     

       7
       +
           services.fprintd.enable = true;

     

       8
       +
           security.pam.services.hyprlock = lib.mkIf (config.services.fprintd.enable) {

     

       9
       +
               text = ''

     

       10
       +
                   # Account management.

     

       11
       +
                   account required pam_unix.so # unix (order 10900)

     

       12
       +
       

     

       13
       +
                   # Authentication management.

     

       14
       +
                   auth sufficient pam_unix.so try_first_pass likeauth nullok

     

       15
       +
                   auth sufficient ${pkgs.fprintd}/lib/security/pam_fprintd.so

     

       16
       +
                   auth required pam_deny.so # deny

     

       17
       +
       

     

       18
       +
                   # Password management.

     

       19
       +
                   password sufficient pam_unix.so nullok yescrypt # unix

     

       20
       +
                   

     

       21
       +
                   # Session management.

     

       22
       +
                   session required pam_env.so conffile=/etc/pam/environment readenv=0 # env (order 10100)

     

       23
       +
                   session required pam_unix.so # unix (order 10200)

     

       24
       +
               '';

     

       25
       +
           };

     

       26
       +
       

     

       27
       +
           security.pam.services.sudo = lib.mkIf (config.services.fprintd.enable) {

     

       28
       +
               text = ''

     

       29
       +
                   # Account management.

     

       30
       +
                   account required pam_unix.so # unix (order 10900)

     

       31
       +
       

     

       32
       +
                   # Authentication management.

     

       33
       +
                   auth sufficient pam_unix.so try_first_pass likeauth nullok

     

       34
       +
                   auth sufficient ${pkgs.fprintd}/lib/security/pam_fprintd.so

     

       35
       +
                   auth required pam_deny.so # deny

     

       36
       +
       

     

       37
       +
                   # Password management.

     

       38
       +
                   password sufficient pam_unix.so nullok yescrypt # unix

     

       39
       +
                   

     

       40
       +
                   # Session management.

     

       41
       +
                   session required pam_env.so conffile=/etc/pam/environment readenv=0 # env (order 10100)

     

       42
       +
                   session required pam_unix.so # unix (order 10200)

     

       43
       +
               '';

     

       44
       +
           };

     

       45
       +
       

     

       46
       +
           security.pam.services.su = lib.mkIf (config.services.fprintd.enable) {

     

       47
       +
               text = ''

     

       48
       +
                   # Account management.

     

       49
       +
                   account required pam_unix.so # unix (order 10900)

     

       50
       +
       

     

       51
       +
                   # Authentication management.

     

       52
       +
                   auth sufficient pam_rootok.so # rootok (order 10200)

     

       53
       +
                   auth required pam_faillock.so # faillock (order 10400)

     

       54
       +
                   auth sufficient pam_unix.so try_first_pass likeauth nullok

     

       55
       +
                   auth sufficient ${pkgs.fprintd}/lib/security/pam_fprintd.so

     

       56
       +
                   auth required pam_deny.so # deny

     

       57
       +
       

     

       58
       +
                   # Password management.

     

       59
       +
                   password sufficient pam_unix.so nullok yescrypt # unix

     

       60
       +
                   

     

       61
       +
                   # Session management.

     

       62
       +
                   session required pam_env.so conffile=/etc/pam/environment readenv=0 # env (order 10100)

     

       63
       +
                   session required pam_unix.so # unix (order 10200)

     

       64
       +
                   session required pam_unix.so # unix (order 10200)

     

       65
       +
                   session optional pam_xauth.so systemuser=99 xauthpath=${pkgs.xorg.xauth}/bin/xauth # xauth (order 12100)

     

       66
       +
               '';

     

       67
       +
           };

     

       68
       +
       }