Fixed SDDM fingerprint not working.

- Added a new custom flake input of pam_fprintd_grosshack so it accepts either password or fingerprint
2026-03-25 11:16:30 +01:00
parent cf1470cb63
commit b953cdb4be
3 changed files with 62 additions and 2 deletions
--- a/modules/configuration.nix
+++ b/modules/configuration.nix
@ -13,6 +13,7 @@
  host,
  version,
  system,
+  pam-fprint-grosshack-pkg,
  ...
 }: {
  #Assign Swap to the PC
@ -313,14 +314,28 @@
    sudo.wheelNeedsPassword = false;

    pam.services = {
-      sddm.fprintAuth = false; #Because of the bug with 30 seconds on sddm login
-      sddm-autologin.fprintAuth = false; #Same as above
      login.fprintAuth = false;
      sudo.fprintAuth = false; #Disabled because of security risk: https://nvd.nist.gov/vuln/detail/cve-2024-37408
      kscreenlocker.fprintAuth = true;
      polkit-1.fprintAuth = false; #Disabled because of security risk: https://nvd.nist.gov/vuln/detail/cve-2024-37408
      kde.fprintAuth = false;
      hyprlock = {};
+
+      sddm = {
+        fprintAuth = false; # prevent NixOS from adding its own pam_fprintd block
+
+        text = lib.mkForce ''
+          auth sufficient ${pam-fprint-grosshack-pkg}/lib/security/pam_fprintd_grosshack.so
+          auth sufficient pam_unix.so try_first_pass nullok
+          auth sufficient ${pkgs.fprintd}/lib/security/pam_fprintd.so
+
+          account required pam_unix.so
+          password required pam_deny.so
+
+          session required pam_unix.so
+          session optional ${pkgs.systemd}/lib/security/pam_systemd.so
+        '';
+      };
    };
  };