From c8e723b1ec0585a4f62fab0bf02a82d955c28f9f Mon Sep 17 00:00:00 2001
From: Aly Raffauf <aly@raffauflabs.com>
Date: Sun, 11 Aug 2024 23:53:14 -0400
Subject: [PATCH] nixos/desktop: add pam config for gtklock

---
 nixosModules/desktop/waylandComp.nix | 43 ++++++++++++++--------------
 1 file changed, 21 insertions(+), 22 deletions(-)

diff --git a/nixosModules/desktop/waylandComp.nix b/nixosModules/desktop/waylandComp.nix
index a3f329d9..7945b3fe 100644
--- a/nixosModules/desktop/waylandComp.nix
+++ b/nixosModules/desktop/waylandComp.nix
@@ -5,9 +5,7 @@
   ...
 }: {
   config = lib.mkIf (config.ar.desktop.hyprland.enable || config.ar.desktop.sway.enable) {
-    programs = {
-      gnupg.agent.pinentryPackage = lib.mkForce pkgs.pinentry-gnome3;
-    };
+    programs.gnupg.agent.pinentryPackage = lib.mkForce pkgs.pinentry-gnome3;
 
     services = {
       dbus.packages = [pkgs.gcr];
@@ -15,29 +13,30 @@
       udev.packages = [pkgs.swayosd];
     };
 
-    security.pam.services = {
-      swaylock = {
-        text = ''
-          # Account management.
-          account required pam_unix.so # unix (order 10900)
+    security.pam.services = let
+      pamConfig = ''
+        # Account management.
+        account required pam_unix.so # unix (order 10900)
 
-          # Authentication management.
-          auth sufficient pam_unix.so likeauth try_first_pass likeauth nullok # unix (order 11500)
-          ${
-            lib.strings.optionalString config.services.fprintd.enable
-            "auth sufficient ${pkgs.fprintd}/lib/security/pam_fprintd.so # fprintd (order 11300)"
-          }
+        # Authentication management.
+        auth sufficient pam_unix.so likeauth try_first_pass likeauth nullok # unix (order 11500)
+        ${
+          lib.strings.optionalString config.services.fprintd.enable
+          "auth sufficient ${pkgs.fprintd}/lib/security/pam_fprintd.so # fprintd (order 11300)"
+        }
 
-          auth required pam_deny.so # deny (order 12300)
+        auth required pam_deny.so # deny (order 12300)
 
-          # Password management.
-          password sufficient pam_unix.so nullok yescrypt # unix (order 10200)
+        # Password management.
+        password sufficient pam_unix.so nullok yescrypt # unix (order 10200)
 
-          # Session management.
-          session required pam_env.so conffile=/etc/pam/environment readenv=0 # env (order 10100)
-          session required pam_unix.so # unix (order 10200)
-        '';
-      };
+        # Session management.
+        session required pam_env.so conffile=/etc/pam/environment readenv=0 # env (order 10100)
+        session required pam_unix.so # unix (order 10200)
+      '';
+    in {
+      gtklock = {text = pamConfig;};
+      swaylock = {text = pamConfig;};
     };
   };
 }