fprintd better PAM configuration, better timeout length and hyprlock support

modules/configuration.nix

@@ -144,9 +144,11 @@ in {
 
   # List services that you want to enable:
   services = {
-    fprintd.enable = true;
+    fprintd = {
-    fprintd.tod.enable = true;
+      enable = true;
-    fprintd.tod.driver = pkgs.libfprint-2-tod1-goodix;
+      tod.enable = true;
+      tod.driver = pkgs.libfprint-2-tod1-goodix;
+    };
 
     fwupd.enable = true; #Allows BIOS updates
 
@@ -357,28 +359,31 @@ in {
   security = {
     sudo.wheelNeedsPassword = false;
 
-    pam.services = {
+    pam.services = let
-      login.fprintAuth = false;
+      fprintPam = ''
-      sudo.fprintAuth = false; #Disabled because of security risk: https://nvd.nist.gov/vuln/detail/cve-2024-37408
-      kscreenlocker.fprintAuth = true;
-      polkit-1.fprintAuth = false; #Disabled because of security risk: https://nvd.nist.gov/vuln/detail/cve-2024-37408
-      kde.fprintAuth = false;
-      hyprlock = {};
-
-      sddm = {
-        fprintAuth = false; # prevent NixOS from adding its own pam_fprintd block
-
-        text = lib.mkForce ''
           auth sufficient ${pam-fprint-grosshack-pkg}/lib/security/pam_fprintd_grosshack.so
           auth sufficient pam_unix.so try_first_pass nullok
-          auth sufficient ${pkgs.fprintd}/lib/security/pam_fprintd.so
+          auth sufficient ${pkgs.fprintd}/lib/security/pam_fprintd.so timeout=0
-
           account required pam_unix.so
           password required pam_deny.so
 
           session required pam_unix.so
           session optional ${pkgs.systemd}/lib/security/pam_systemd.so
         '';
+    in {
+      login.fprintAuth = false;
+      sudo.fprintAuth = false; #Disabled because of security risk: https://nvd.nist.gov/vuln/detail/cve-2024-37408
+      kscreenlocker.fprintAuth = true;
+      polkit-1.fprintAuth = false; #Disabled because of security risk: https://nvd.nist.gov/vuln/detail/cve-2024-37408
+      kde.fprintAuth = false;
+      hyprlock = {
+        text = lib.mkForce fprintPam;
+      };
+
+      sddm = {
+        fprintAuth = false; # prevent NixOS from adding its own pam_fprintd block
+
+        text = lib.mkForce fprintPam;
       };
     };
   };