From d8315c897da157a22a54dc67d0edaa0dd5eb44dc Mon Sep 17 00:00:00 2001
From: matt1432 <matt@nelim.org>
Date: Sat, 15 Jul 2023 17:47:37 -0400
Subject: [PATCH] feat: make fprint-grosshack a package and cleanup custom
 package referencing

---
 nixos/cfg/boot.nix                            |  2 +-
 nixos/cfg/security.nix                        | 26 +++++------
 nixos/home/packages.nix                       | 11 ++---
 nixos/overlays/list.nix                       | 12 +++++
 .../overlays/{ => pkgs}/dracula-plymouth.nix  |  0
 nixos/overlays/pkgs/pam-fprint-grosshack.nix  | 46 +++++++++++++++++++
 nixos/overlays/{ => pkgs}/tutanota.nix        |  0
 7 files changed, 75 insertions(+), 22 deletions(-)
 rename nixos/overlays/{ => pkgs}/dracula-plymouth.nix (100%)
 create mode 100644 nixos/overlays/pkgs/pam-fprint-grosshack.nix
 rename nixos/overlays/{ => pkgs}/tutanota.nix (100%)

diff --git a/nixos/cfg/boot.nix b/nixos/cfg/boot.nix
index 75b4af5..df95431 100644
--- a/nixos/cfg/boot.nix
+++ b/nixos/cfg/boot.nix
@@ -39,7 +39,7 @@
       enable = true;
       #themePackages = [ pkgs.catppuccin-plymouth ];
       #theme = "catppuccin-macchiato";
-      themePackages = [ (with import <nixpkgs> {}; callPackage ../overlays/dracula-plymouth.nix {}) ];
+      themePackages = [ pkgs.dracula-plymouth ];
       theme = "dracula";
     };
   };
diff --git a/nixos/cfg/security.nix b/nixos/cfg/security.nix
index 573d945..b4a6384 100644
--- a/nixos/cfg/security.nix
+++ b/nixos/cfg/security.nix
@@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ config, pkgs, lib, ... }:
 
 {
   services.fprintd.enable = true;
@@ -27,18 +27,14 @@
     gtklock = {};
 
     # all the changes in /etc/pam.d/*
-    sddm.text = /* TODO: lib.mkBefore ... */''
+    sddm.text =  lib.mkBefore ''
       auth      [success=1 new_authtok_reqd=1 default=ignore]  	pam_unix.so try_first_pass likeauth nullok
-      auth      sufficient    /nix/store/7hw6i2p2p7zzgjirw6xaj3c50gga488y-fprintd-1.94.2/lib/security/pam_fprintd.so
-      auth      substack      login
-      account   include       login
-      password  substack      login
-      session   include       login
+      auth      sufficient    ${pkgs.fprintd}/lib/security/pam_fprintd.so
     '';
 
     sudo.text = ''
       # Account management.
-      auth    sufficient    /root/lib/pam/pam_fprintd_grosshack.so
+      auth    sufficient    ${pkgs.pam-fprint-grosshack}/lib/security/pam_fprintd_grosshack.so
       auth    sufficient    pam_unix.so try_first_pass nullok
       account required pam_unix.so
 
@@ -58,23 +54,23 @@
       account required pam_unix.so
 
       # Authentication management.
-      auth    sufficient    /root/lib/pam/pam_fprintd_grosshack.so
+      auth    sufficient    ${pkgs.pam-fprint-grosshack}/lib/security/pam_fprintd_grosshack.so
       auth optional pam_unix.so nullok  likeauth
-      auth optional /nix/store/21dqfghfa8b09ssvgja8l5bg7h5d9rzl-gnome-keyring-42.1/lib/security/pam_gnome_keyring.so
+      auth optional ${pkgs.gnome.gnome-keyring}/lib/security/pam_gnome_keyring.so
       auth    sufficient    pam_unix.so try_first_pass nullok
       auth required pam_deny.so
 
       # Password management.
       password sufficient pam_unix.so nullok yescrypt
-      password optional /nix/store/21dqfghfa8b09ssvgja8l5bg7h5d9rzl-gnome-keyring-42.1/lib/security/pam_gnome_keyring.so use_authtok
+      password optional ${pkgs.gnome.gnome-keyring}/lib/security/pam_gnome_keyring.so use_authtok
 
       # Session management.
       session required pam_env.so conffile=/etc/pam/environment readenv=0
       session required pam_unix.so
       session required pam_loginuid.so
-      session required /nix/store/4m8ab1p9y6ig31wniimlvsl23i9sazvp-linux-pam-1.5.2/lib/security/pam_lastlog.so silent
-      session optional /nix/store/8pbr7x6wh765mg43zs0p70gsaavmbbh7-systemd-253.3/lib/security/pam_systemd.so
-      session optional /nix/store/21dqfghfa8b09ssvgja8l5bg7h5d9rzl-gnome-keyring-42.1/lib/security/pam_gnome_keyring.so auto_start
+      session required ${pkgs.pam}/lib/security/pam_lastlog.so silent
+      session optional ${pkgs.systemd}/lib/security/pam_systemd.so
+      session optional ${pkgs.gnome.gnome-keyring}/lib/security/pam_gnome_keyring.so auto_start
     '';
 
     polkit-1.text = ''
@@ -82,7 +78,7 @@
       account required pam_unix.so
 
       # Authentication management.
-      auth    sufficient    /root/lib/pam/pam_fprintd_grosshack.so
+      auth    sufficient    ${pkgs.pam-fprint-grosshack}/lib/security/pam_fprintd_grosshack.so
       auth    sufficient    pam_unix.so try_first_pass nullok
       auth required pam_deny.so
 
diff --git a/nixos/home/packages.nix b/nixos/home/packages.nix
index 7ebee7a..3a45918 100644
--- a/nixos/home/packages.nix
+++ b/nixos/home/packages.nix
@@ -6,9 +6,10 @@
   };
 
   programs = {
-    btop = {
-      enable = true;
-    };
+
+    btop.enable = true;
+
+    jq.enable = true;
 
     ripgrep = {
       enable = true;
@@ -68,7 +69,7 @@
       exec env SUDO_ASKPASS=${pkgs.plasma5Packages.ksshaskpass}/bin/${pkgs.plasma5Packages.ksshaskpass.pname} sudo -k -EA "${gparted}/bin/${gparted.pname}" "$@"
     '')
 
-    (with import <nixpkgs> {}; callPackage ../overlays/tutanota.nix {})
+    tutanota
     swayosd
     blueberry
     libayatana-appindicator
@@ -109,8 +110,6 @@
     mosh
     rsync
     killall
-    jq # enable using home-manager?
-    ripgrep-all
     hyprpaper
     networkmanagerapplet
     nextcloud-client
diff --git a/nixos/overlays/list.nix b/nixos/overlays/list.nix
index fc89769..903f0cd 100644
--- a/nixos/overlays/list.nix
+++ b/nixos/overlays/list.nix
@@ -4,5 +4,17 @@
   nixpkgs.overlays = [
     (import ./swayosd.nix)
     (import ./blueberry.nix)
+
+    (final: prev: {
+      tutanota = final.callPackage ./pkgs/tutanota.nix {};
+    })
+
+    (final: prev: {
+      pam-fprint-grosshack = final.callPackage ./pkgs/pam-fprint-grosshack.nix {};
+    })
+
+    (final: prev: {
+      dracula-plymouth = final.callPackage ./pkgs/dracula-plymouth.nix {};
+    })
   ];
 }
diff --git a/nixos/overlays/dracula-plymouth.nix b/nixos/overlays/pkgs/dracula-plymouth.nix
similarity index 100%
rename from nixos/overlays/dracula-plymouth.nix
rename to nixos/overlays/pkgs/dracula-plymouth.nix
diff --git a/nixos/overlays/pkgs/pam-fprint-grosshack.nix b/nixos/overlays/pkgs/pam-fprint-grosshack.nix
new file mode 100644
index 0000000..e256c4f
--- /dev/null
+++ b/nixos/overlays/pkgs/pam-fprint-grosshack.nix
@@ -0,0 +1,46 @@
+{ lib
+, stdenv
+, meson
+, ninja
+, pkg-config
+, glib
+, libfprint
+, polkit
+, dbus
+, systemd
+, pam
+, libpam-wrapper
+, fetchFromGitLab
+}:
+
+stdenv.mkDerivation rec {
+  pname = "pam-fprint-grosshack";
+  version = "v0.3.0";
+
+  src = fetchFromGitLab {
+    owner = "mishakmak";
+    repo = pname;
+    rev = version;
+    sha256 = "sha256-obczZbf/oH4xGaVvp3y3ZyDdYhZnxlCWvL0irgEYIi0=";
+  };
+
+  nativeBuildInputs = [
+    meson
+    ninja
+    pkg-config
+    glib
+    libfprint
+    polkit
+    dbus
+    systemd
+    pam
+    libpam-wrapper
+  ];
+  
+  mesonFlags = [
+    "-Dpam_modules_dir=${placeholder "out"}/lib/security"
+    "-Dsysconfdir=${placeholder "out"}/etc"
+    "-Ddbus_service_dir=${placeholder "out"}/share/dbus-1/system-services"
+    "-Dsystemd_system_unit_dir=${placeholder "out"}/lib/systemd/system"
+  ];
+}
diff --git a/nixos/overlays/tutanota.nix b/nixos/overlays/pkgs/tutanota.nix
similarity index 100%
rename from nixos/overlays/tutanota.nix
rename to nixos/overlays/pkgs/tutanota.nix