From 1a86afa3af7d734705c906be0f7ee9df38183d60 Mon Sep 17 00:00:00 2001
From: Aly Raffauf <aly@raffauflabs.com>
Date: Sun, 26 May 2024 14:09:10 -0400
Subject: [PATCH] swaylock: enable fingerprint login with password fallback

---
 nixosModules/desktop/waylandComp.nix | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/nixosModules/desktop/waylandComp.nix b/nixosModules/desktop/waylandComp.nix
index 75620e59..356f3eae 100644
--- a/nixosModules/desktop/waylandComp.nix
+++ b/nixosModules/desktop/waylandComp.nix
@@ -20,7 +20,25 @@
     };
 
     security.pam.services = {
-      swaylock = {};
+      swaylock = {
+        text = ''
+          # Account management.
+          account required pam_unix.so # unix (order 10900)
+
+          # Authentication management.
+          auth sufficient pam_unix.so likeauth try_first_pass likeauth nullok # unix (order 11500)
+          ${if config.services.fprintd.enable then "auth sufficient ${pkgs.fprintd}/lib/security/pam_fprintd.so # fprintd (order 11300)" else ""}
+          
+          auth required pam_deny.so # deny (order 12300)
+
+          # Password management.
+          password sufficient pam_unix.so nullok yescrypt # unix (order 10200)
+
+          # Session management.
+          session required pam_env.so conffile=/etc/pam/environment readenv=0 # env (order 10100)
+          session required pam_unix.so # unix (order 10200)
+        '';
+      };
     };
 
     programs = {