nixos/desktop: add pam config for gtklock

2024-11-25 03:11:54 -05:00 · 2024-08-11 23:53:14 -04:00 · 2024-08-11 23:53:14 -04:00 · c8e723b1ec
parent 7bb74d3da9
commit c8e723b1ec
1 changed files with 21 additions and 22 deletions
--- a/nixosModules/desktop/waylandComp.nix
+++ b/nixosModules/desktop/waylandComp.nix
@ -5,9 +5,7 @@
  ...
 }: {
  config = lib.mkIf (config.ar.desktop.hyprland.enable || config.ar.desktop.sway.enable) {
-    programs = {
-      gnupg.agent.pinentryPackage = lib.mkForce pkgs.pinentry-gnome3;
-    };
+    programs.gnupg.agent.pinentryPackage = lib.mkForce pkgs.pinentry-gnome3;

    services = {
      dbus.packages = [pkgs.gcr];
@ -15,29 +13,30 @@
      udev.packages = [pkgs.swayosd];
    };

-    security.pam.services = {
-      swaylock = {
-        text = ''
-          # Account management.
-          account required pam_unix.so # unix (order 10900)
+    security.pam.services = let
+      pamConfig = ''
+        # Account management.
+        account required pam_unix.so # unix (order 10900)

-          # Authentication management.
-          auth sufficient pam_unix.so likeauth try_first_pass likeauth nullok # unix (order 11500)
-          ${
-            lib.strings.optionalString config.services.fprintd.enable
-            "auth sufficient ${pkgs.fprintd}/lib/security/pam_fprintd.so # fprintd (order 11300)"
-          }
+        # Authentication management.
+        auth sufficient pam_unix.so likeauth try_first_pass likeauth nullok # unix (order 11500)
+        ${
+          lib.strings.optionalString config.services.fprintd.enable
+          "auth sufficient ${pkgs.fprintd}/lib/security/pam_fprintd.so # fprintd (order 11300)"
+        }

-          auth required pam_deny.so # deny (order 12300)
+        auth required pam_deny.so # deny (order 12300)

-          # Password management.
-          password sufficient pam_unix.so nullok yescrypt # unix (order 10200)
+        # Password management.
+        password sufficient pam_unix.so nullok yescrypt # unix (order 10200)

-          # Session management.
-          session required pam_env.so conffile=/etc/pam/environment readenv=0 # env (order 10100)
-          session required pam_unix.so # unix (order 10200)
-        '';
-      };
+        # Session management.
+        session required pam_env.so conffile=/etc/pam/environment readenv=0 # env (order 10100)
+        session required pam_unix.so # unix (order 10200)
+      '';
+    in {
+      gtklock = {text = pamConfig;};
+      swaylock = {text = pamConfig;};
    };
  };
 }