From 059b424d872257b9221517d06faf9667f573b7d1 Mon Sep 17 00:00:00 2001
From: Cookiez <jaden-puerkenauer@web.de>
Date: Wed, 11 Mar 2026 15:53:00 +0100
Subject: [PATCH] Configured mpre fingerprint settings, also for security

---
 modules/configuration.nix | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/modules/configuration.nix b/modules/configuration.nix
index 44254e4..7a38621 100644
--- a/modules/configuration.nix
+++ b/modules/configuration.nix
@@ -134,7 +134,7 @@
     fprintd.enable = true;
     fprintd.tod.enable = true;
     fprintd.tod.driver = pkgs.libfprint-2-tod1-goodix;
-
+    
     fwupd.enable = true;   #Allows BIOS updates
 
     locate = {
@@ -183,6 +183,11 @@
     openssh.enable = true;
   };
 
+  systemd.services.fprintd = {
+    wantedBy = [ "multi-user.target" ];
+    serviceConfig.Type = "simple";
+  };
+
   fonts = {
     packages = with pkgs; [
       font-awesome
@@ -301,8 +306,12 @@
     sudo.wheelNeedsPassword = false;
 
     pam.services = {
-      login.fprintAuth = true;
-      sudo.fprintAuth = true;
+      sddm.fprintAuth = false;  #Because of the bug with 30 seconds on sddm login
+      sddm-autologin.fprintAuth = false;    #Same as above
+      login.fprintAuth = false;
+      sudo.fprintAuth = false;  #Disabled because of security risk: https://nvd.nist.gov/vuln/detail/cve-2024-37408
+      kscreenlocker.fprintAuth = true;
+      polkit-1.fprintAuth = false;  #Disabled because of security risk: https://nvd.nist.gov/vuln/detail/cve-2024-37408
       kde.fprintAuth = false;
       hyprlock = {};
     };