✨ Split up config files to multiple and added imports. Fixed default values for systemConfigs

2025-04-15 12:48:27 +02:00
parent 9611b8bb8d
commit 16c4a8f46b
23 changed files with 149 additions and 163 deletions
--- a/hosts/thinkpad/security.nix
+++ b/hosts/thinkpad/security.nix
@ -0,0 +1,45 @@
+{ pkgs, ... }:
+
+{
+  security = {
+    pam = {
+      services = {
+        gdm-fingerprint.text = ''
+          auth       required                    pam_shells.so
+          auth       requisite                   pam_nologin.so
+          auth       requisite                   pam_faillock.so      preauth
+          auth       required                    ${pkgs.fprintd}/lib/security/pam_fprintd.so
+          auth       optional                    pam_permit.so
+          auth       required                    pam_env.so
+          auth       [success=ok default=1]      ${pkgs.gdm}/lib/security/pam_gdm.so
+          auth       optional                    ${pkgs.gnome-keyring}/lib/security/pam_gnome_keyring.so
+
+          account    include                     login
+
+          password   required                    pam_deny.so
+
+          session    include                     login
+          session    optional                    ${pkgs.gnome-keyring}/lib/security/pam_gnome_keyring.so auto_start
+        '';
+        login.fprintAuth = false;
+      };
+    };
+  };
+
+  # Start the driver at boot
+  systemd.services.fprintd = {
+    wantedBy = [ "multi-user.target" ];
+    serviceConfig.Type = "simple";
+  };
+
+  # Install the driver
+  services.fprintd = {
+    enable = true;
+    tod.driver = pkgs.libfprint-2-tod1-goodix-550a; # Goodix 550a driver (from Lenovo)
+  };
+
+  # however for focaltech 2808:a658, use fprintd with overidden package (without tod)
+  # services.fprintd.package = pkgs.fprintd.override {
+  #   libfprint = pkgs.libfprint-focaltech-2808-a658;
+  # };
+}