nixos-configs/devices/wim/modules/security.nix

{
  lib,
  pkgs,
  self,
  ...
}: let
  inherit (lib) mkDefault mkBefore;
  inherit (self.packages.${pkgs.system}) pam-fprint-grosshack;

  pam_fprintd_grosshackSo = "${pam-fprint-grosshack}/lib/security/pam_fprintd_grosshack.so";

  # https://wiki.archlinux.org/title/Fprint#Login_configuration
  grosshackConf = ''
    # pam-fprint-grosshack
    auth  sufficient  ${pam_fprintd_grosshackSo} timeout=99
    auth  sufficient  pam_unix.so try_first_pass nullok
  '';
in {
  services.fprintd = {
    enable = true;
    package = pkgs.open-fprintd;
  };

  # https://www.reddit.com/r/NixOS/comments/z7i83r/fingertip_tip_start_fprintd_at_boot_for_a_quick/
  systemd.services.fprintd = {
    wantedBy = ["multi-user.target"];
    serviceConfig.Type = "simple";
  };

  services.logind.lidSwitch = "lock";

  security.sudo.extraConfig = ''
    Defaults        timestamp_timeout=600
  '';

  # https://stackoverflow.com/a/47041843
  security.pam.services = {
    sudo.text = mkDefault (mkBefore grosshackConf);
    login.text = mkDefault (mkBefore grosshackConf);
    polkit-1.text = mkDefault (mkBefore grosshackConf);
    ags.text = mkDefault (mkBefore grosshackConf);
  };
}
feat: split up config 2023-06-19 01:36:50 -04:00			`{`
refactor(fprintd): add grosshack conf at top of pam conf 2024-02-07 15:32:27 -05:00			`lib,`
refactor: move customPkgs to self.packages 2024-06-08 22:21:04 -04:00			`pkgs,`
			`self,`
feat: add nix code formatter 2023-11-22 15:33:16 -05:00			`...`
feat: separate custom pkgs from nixpkgs 2023-12-01 16:53:51 -05:00			`}: let`
refactor(fprintd): add grosshack conf at top of pam conf 2024-02-07 15:32:27 -05:00			`inherit (lib) mkDefault mkBefore;`
refactor: move customPkgs to self.packages 2024-06-08 22:21:04 -04:00			`inherit (self.packages.${pkgs.system}) pam-fprint-grosshack;`
refactor(fprintd): add grosshack conf at top of pam conf 2024-02-07 15:32:27 -05:00
			`pam_fprintd_grosshackSo = "${pam-fprint-grosshack}/lib/security/pam_fprintd_grosshack.so";`

			`# https://wiki.archlinux.org/title/Fprint#Login_configuration`
			`grosshackConf = ''`
			`# pam-fprint-grosshack`
refactor: move customPkgs to self.packages 2024-06-08 22:21:04 -04:00			`auth sufficient ${pam_fprintd_grosshackSo} timeout=99`
			`auth sufficient pam_unix.so try_first_pass nullok`
refactor(fprintd): add grosshack conf at top of pam conf 2024-02-07 15:32:27 -05:00			`'';`
feat: separate custom pkgs from nixpkgs 2023-12-01 16:53:51 -05:00			`in {`
chore: update flake.lock Flake Inputs: • Updated input 'discord-overlay': 'github:matt1432/discord-nightly-overlay/1e367d5' (2024-08-05) → 'github:matt1432/discord-nightly-overlay/b9f8aa6' (2024-08-06) • Updated input 'gtk-theme-src': 'github:dracula/gtk/100310f' (2024-07-29) → 'github:dracula/gtk/f339612' (2024-08-06) • Updated input 'home-manager': 'github:nix-community/home-manager/afc892d' (2024-08-02) → 'github:nix-community/home-manager/a6c7439' (2024-08-06) • Updated input 'hyprland': 'git+https://github.com/hyprwm/Hyprland?ref=refs/heads/main&rev=2b52057&submodules=1' (2024-08-04) → 'git+https://github.com/hyprwm/Hyprland?ref=refs/heads/main&rev=b0a70f6&submodules=1' (2024-08-06) • Updated input 'jovian': 'github:Jovian-Experiments/Jovian-NixOS/bcfe9dc' (2024-08-03) → 'github:Jovian-Experiments/Jovian-NixOS/99099d7' (2024-08-06) • Updated input 'nixd': 'github:nix-community/nixd/d938026' (2024-08-02) → 'github:nix-community/nixd/af1255e' (2024-08-06) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/d049530' (2024-08-02) → 'github:NixOS/nixpkgs/cb9a96f' (2024-08-04) • Updated input 'nixpkgs-wayland': 'github:nix-community/nixpkgs-wayland/c2ccf4e' (2024-08-05) → 'github:nix-community/nixpkgs-wayland/2c512b8' (2024-08-06) • Updated input 'pcsd': 'github:matt1432/nixos-pcsd/bd2cfa7' (2024-08-02) → 'github:matt1432/nixos-pcsd/f7870c6' (2024-08-06) • Updated input 'sops-nix': 'github:Mic92/sops-nix/eb34eb5' (2024-07-27) → 'github:Mic92/sops-nix/8ae4779' (2024-08-05) • Updated input 'ts-for-gir-src': 'github:gjsify/ts-for-gir/70838c7' (2024-07-26) → 'github:gjsify/ts-for-gir/0141c0e' (2024-08-05) Docker Images: • rssbridge/rss-bridge latest: sha256:e13b87cd36a828237d9e284e66ca6fb55e1d9819d6c925e35a689e6b529aeb39 → sha256:5b080be160ac5e5c5a0d450f9e431a472b2ee9e95353d905628ed804efd96783 • ghcr.io/linuxserver/bazarr latest: sha256:e70de8a714ac57395d45052392001ec433b8f48aa1c204f13dae312cbcbe43af → sha256:4222fa316c51c2d0257384e5562541059698c220abbb00170eb93c3ddfa52d18 • ghcr.io/linuxserver/calibre-web latest: sha256:14c3eafe5aec2344581e27991adc6545c9928f54020b50affe1678b8b5f22021 → sha256:ff7e870dec503f5bd02c5a528ba1f96617900cb4853ef05176bfbc278b5d263d • craumix/jmusicbot latest: sha256:0afa4efbd43a718fba9108cdab8865f80bb1690f690920e732303d081507868d → sha256:ba0d7e7e4b1dba86981687e3c8ada6b7a7170c6b4884c12a16c6ee046e2df763 2024-08-06 22:23:42 -04:00			`services.fprintd = {`
			`enable = true;`
			`package = pkgs.open-fprintd;`
			`};`
feat: split up config 2023-06-19 01:36:50 -04:00
misc changes 2023-06-20 15:24:07 -04:00			`# https://www.reddit.com/r/NixOS/comments/z7i83r/fingertip_tip_start_fprintd_at_boot_for_a_quick/`
feat: split up config 2023-06-19 01:36:50 -04:00			`systemd.services.fprintd = {`
feat: add nix code formatter 2023-11-22 15:33:16 -05:00			`wantedBy = ["multi-user.target"];`
feat: split up config 2023-06-19 01:36:50 -04:00			`serviceConfig.Type = "simple";`
			`};`

			`services.logind.lidSwitch = "lock";`

			`security.sudo.extraConfig = ''`
feat: make sudo timeout longer 2023-08-09 22:09:48 -04:00			`Defaults timestamp_timeout=600`
feat: split up config 2023-06-19 01:36:50 -04:00			`'';`

refactor(fprintd): add grosshack conf at top of pam conf 2024-02-07 15:32:27 -05:00			`# https://stackoverflow.com/a/47041843`
feat: split up config 2023-06-19 01:36:50 -04:00			`security.pam.services = {`
fix(borg): update secrets to fix ssh key 2024-02-08 15:51:28 -05:00			`sudo.text = mkDefault (mkBefore grosshackConf);`
			`login.text = mkDefault (mkBefore grosshackConf);`
			`polkit-1.text = mkDefault (mkBefore grosshackConf);`
feat(ags): replace hyprlock with ags 2024-04-19 17:01:09 -04:00			`ags.text = mkDefault (mkBefore grosshackConf);`
feat: split up config 2023-06-19 01:36:50 -04:00			`};`
			`}`