From e2c9c12c102e0fb418e4ad7041f5934106547e2a Mon Sep 17 00:00:00 2001 From: Aly Raffauf Date: Sun, 7 Jul 2024 19:46:57 -0400 Subject: [PATCH] nixos/gnome: integrate fprintdFix into gnome module --- nixosModules/desktop/gnome/default.nix | 38 +++++++++++++++++------ nixosModules/desktop/gnome/fprintdFix.nix | 33 -------------------- nixosModules/options.nix | 6 +--- 3 files changed, 30 insertions(+), 47 deletions(-) delete mode 100644 nixosModules/desktop/gnome/fprintdFix.nix diff --git a/nixosModules/desktop/gnome/default.nix b/nixosModules/desktop/gnome/default.nix index 6e879a10..28173dbd 100644 --- a/nixosModules/desktop/gnome/default.nix +++ b/nixosModules/desktop/gnome/default.nix @@ -19,10 +19,6 @@ ${lib.getExe' pkgs.glib "gsettings"} set org.gnome.desktop.interface color-scheme $color_scheme ''; in { - imports = [ - ./fprintdFix.nix - ]; - config = lib.mkIf config.ar.desktop.gnome.enable { environment.systemPackages = with pkgs; [ @@ -54,17 +50,41 @@ in { }) ]; - # Enable keyring support for KDE apps in GNOME. - security.pam.services.gdm = { - enableGnomeKeyring = true; - gnupg.enable = true; - kwallet.enable = true; + security.pam.services = { + login.fprintAuth = false; + + gdm = { + enableGnomeKeyring = true; + gnupg.enable = true; + kwallet.enable = true; + }; + + gdm-fingerprint = lib.mkIf (config.services.fprintd.enable) { + text = '' + auth required pam_shells.so + auth requisite pam_nologin.so + auth requisite pam_faillock.so preauth + auth required ${pkgs.fprintd}/lib/security/pam_fprintd.so + auth optional pam_permit.so + auth required pam_env.so + auth [success=ok default=1] ${pkgs.gnome.gdm}/lib/security/pam_gdm.so + auth optional ${pkgs.gnome.gnome-keyring}/lib/security/pam_gnome_keyring.so + + account include login + + password required pam_deny.so + + session include login + session optional ${pkgs.gnome.gnome-keyring}/lib/security/pam_gnome_keyring.so auto_start + ''; + }; }; # Enable GNOME and GDM. services = { gnome.tracker-miners.enable = true; udev.packages = with pkgs; [gnome.gnome-settings-daemon]; + xserver = { desktopManager.gnome.enable = true; displayManager.gdm.enable = true; diff --git a/nixosModules/desktop/gnome/fprintdFix.nix b/nixosModules/desktop/gnome/fprintdFix.nix deleted file mode 100644 index 7dbf13b7..00000000 --- a/nixosModules/desktop/gnome/fprintdFix.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ - pkgs, - lib, - config, - ... -}: { - config = lib.mkIf config.ar.desktop.gnome.fprintdFix { - # Need to change the order pam loads its modules - # to get proper fingerprint behavior on GDM and the lockscreen. - security.pam.services = { - login.fprintAuth = false; - gdm-fingerprint = lib.mkIf (config.services.fprintd.enable) { - text = '' - auth required pam_shells.so - auth requisite pam_nologin.so - auth requisite pam_faillock.so preauth - auth required ${pkgs.fprintd}/lib/security/pam_fprintd.so - auth optional pam_permit.so - auth required pam_env.so - auth [success=ok default=1] ${pkgs.gnome.gdm}/lib/security/pam_gdm.so - auth optional ${pkgs.gnome.gnome-keyring}/lib/security/pam_gnome_keyring.so - - account include login - - password required pam_deny.so - - session include login - session optional ${pkgs.gnome.gnome-keyring}/lib/security/pam_gnome_keyring.so auto_start - ''; - }; - }; - }; -} diff --git a/nixosModules/options.nix b/nixosModules/options.nix index e0353646..4337c320 100644 --- a/nixosModules/options.nix +++ b/nixosModules/options.nix @@ -15,11 +15,7 @@ desktop = { cinnamon.enable = lib.mkEnableOption "Cinnamon desktop session."; - - gnome = { - enable = lib.mkEnableOption "GNOME desktop session."; - fprintdFix = lib.mkEnableOption "Fingerprint login fix for GDM"; - }; + gnome.enable = lib.mkEnableOption "GNOME desktop session."; greetd = { enable = lib.mkEnableOption "Greetd display manager.";