From 9584a006736afea1eccbe9eb3a7fbf42eea1a512 Mon Sep 17 00:00:00 2001
From: Cookiez <jaden-puerkenauer@web.de>
Date: Fri, 12 Jun 2026 11:07:49 +0200
Subject: [PATCH] fprintd better PAM configuration, better timeout length and
 hyprlock support

---
 modules/configuration.nix | 39 ++++++++++++++++++++++-----------------
 1 file changed, 22 insertions(+), 17 deletions(-)

diff --git a/modules/configuration.nix b/modules/configuration.nix
index 4ff68b2..d73895d 100644
--- a/modules/configuration.nix
+++ b/modules/configuration.nix
@@ -144,9 +144,11 @@ in {
 
   # List services that you want to enable:
   services = {
-    fprintd.enable = true;
-    fprintd.tod.enable = true;
-    fprintd.tod.driver = pkgs.libfprint-2-tod1-goodix;
+    fprintd = {
+      enable = true;
+      tod.enable = true;
+      tod.driver = pkgs.libfprint-2-tod1-goodix;
+    };
 
     fwupd.enable = true; #Allows BIOS updates
 
@@ -357,28 +359,31 @@ in {
   security = {
     sudo.wheelNeedsPassword = false;
 
-    pam.services = {
-      login.fprintAuth = false;
-      sudo.fprintAuth = false; #Disabled because of security risk: https://nvd.nist.gov/vuln/detail/cve-2024-37408
-      kscreenlocker.fprintAuth = true;
-      polkit-1.fprintAuth = false; #Disabled because of security risk: https://nvd.nist.gov/vuln/detail/cve-2024-37408
-      kde.fprintAuth = false;
-      hyprlock = {};
-
-      sddm = {
-        fprintAuth = false; # prevent NixOS from adding its own pam_fprintd block
-
-        text = lib.mkForce ''
+    pam.services = let
+      fprintPam = ''
           auth sufficient ${pam-fprint-grosshack-pkg}/lib/security/pam_fprintd_grosshack.so
           auth sufficient pam_unix.so try_first_pass nullok
-          auth sufficient ${pkgs.fprintd}/lib/security/pam_fprintd.so
-
+          auth sufficient ${pkgs.fprintd}/lib/security/pam_fprintd.so timeout=0
           account required pam_unix.so
           password required pam_deny.so
 
           session required pam_unix.so
           session optional ${pkgs.systemd}/lib/security/pam_systemd.so
         '';
+    in {
+      login.fprintAuth = false;
+      sudo.fprintAuth = false; #Disabled because of security risk: https://nvd.nist.gov/vuln/detail/cve-2024-37408
+      kscreenlocker.fprintAuth = true;
+      polkit-1.fprintAuth = false; #Disabled because of security risk: https://nvd.nist.gov/vuln/detail/cve-2024-37408
+      kde.fprintAuth = false;
+      hyprlock = {
+        text = lib.mkForce fprintPam;
+      };
+
+      sddm = {
+        fprintAuth = false; # prevent NixOS from adding its own pam_fprintd block
+
+        text = lib.mkForce fprintPam;
       };
     };
   };