nixos-configs/configurations/wim/modules/security.nix
matt1432 6ca0d7248b
All checks were successful
Discord / discord commits (push) Has been skipped
refactor: rename some flake attr directories
2024-12-16 15:51:41 -05:00

39 lines
1 KiB
Nix

{
lib,
pkgs,
self,
...
}: let
inherit (lib) mkDefault mkBefore;
inherit (self.packages.${pkgs.system}) pam-fprint-grosshack;
pam_fprintd_grosshackSo = "${pam-fprint-grosshack}/lib/security/pam_fprintd_grosshack.so";
# https://wiki.archlinux.org/title/Fprint#Login_configuration
grosshackConf = ''
# pam-fprint-grosshack
auth sufficient ${pam_fprintd_grosshackSo} timeout=99
auth sufficient pam_unix.so try_first_pass nullok
'';
in {
services.fprintd.enable = true;
# https://www.reddit.com/r/NixOS/comments/z7i83r/fingertip_tip_start_fprintd_at_boot_for_a_quick/
systemd.services.fprintd = {
wantedBy = ["multi-user.target"];
serviceConfig.Type = "simple";
};
services.logind.lidSwitch = "lock";
security.sudo.extraConfig = ''
Defaults timestamp_timeout=600
'';
# https://stackoverflow.com/a/47041843
security.pam.services = {
sudo.text = mkDefault (mkBefore grosshackConf);
login.text = mkDefault (mkBefore grosshackConf);
polkit-1.text = mkDefault (mkBefore grosshackConf);
};
}