change to gnome

flake.lock

@@ -1081,11 +1081,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1716991068,
-        "narHash": "sha256-Av0UWCCiIGJxsZ6TFc+OiKCJNqwoxMNVYDBChmhjNpo=",
+        "lastModified": 1717159533,
+        "narHash": "sha256-oamiKNfr2MS6yH64rUn99mIZjc45nGJlj9eGth/3Xuw=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "25cf937a30bf0801447f6bf544fc7486c6309234",
+        "rev": "a62e6edd6d5e1fa0329b8653c801147986f8d446",
         "type": "github"
       },
       "original": {

flake.nix

@@ -63,7 +63,6 @@
     { self
     , nix-formatter-pack
     , nixpkgs
-    , devshells
     , ...
     } @ inputs:
     let
@@ -80,7 +79,7 @@
         # .iso images
 
         # Workstations
-        "gburd@floki" = libx.mkHome { hostname = "floki"; username = "gburd"; desktop = "pantheon"; };
+        "gburd@floki" = libx.mkHome { hostname = "floki"; username = "gburd"; desktop = "gnome"; };
 
         # Servers
       };
@@ -100,7 +99,7 @@
 
         # Workstations
         # Lenovo Carbon X1 Extreme Gen 5 - x86_64
-        floki = libx.mkHost { systemType = "workstation"; hostname = "floki"; username = "gburd"; desktop = "pantheon"; };
+        floki = libx.mkHost { systemType = "workstation"; hostname = "floki"; username = "gburd"; desktop = "gnome"; };
 
         # Servers
         # Can be executed locally:

nixos/workstation/floki/default.nix

@@ -4,7 +4,7 @@
 # RAM:         32GB DDR5
 # SATA:        WD_BLACK SN850X 4TB (624331WD) SSD
 
-{ inputs, lib, pkgs, ... }:
+{ inputs, config, lib, pkgs, ... }:
 {
   imports = [
     (import ./disks.nix)
@@ -104,4 +104,26 @@
   services.fprintd.enable = true;
   services.fprintd.tod.enable = true;
   services.fprintd.tod.driver = pkgs.libfprint-2-tod1-goodix;
+
+  security.pam.services.login.fprintAuth = true;
+  # similarly to how other distributions handle the fingerprinting login
+  security.pam.services.gdm-fingerprint = lib.mkIf (config.services.fprintd.enable) {
+    text = ''
+      auth       required                    pam_shells.so
+      auth       requisite                   pam_nologin.so
+      auth       requisite                   pam_faillock.so      preauth
+      auth       required                    ${pkgs.fprintd}/lib/security/pam_fprintd.so
+      auth       optional                    pam_permit.so
+      auth       required                    pam_env.so
+      auth       [success=ok default=1]      ${pkgs.gnome.gdm}/lib/security/pam_gdm.so
+      auth       optional                    ${pkgs.gnome.gnome-keyring}/lib/security/pam_gnome_keyring.so
+
+      account    include                     login
+
+      password   required                    pam_deny.so
+
+      session    include                     login
+      session    optional                    ${pkgs.gnome.gnome-keyring}/lib/security/pam_gnome_keyring.so auto_start
+    '';
+  };
 }

sdcard/configuration.nix

@@ -32,7 +32,7 @@
   # Otherwise the hdmi disconnects during the boot and reconnect at the end
   # looks like it is still not enough...
   # Don't enable it with qemu
-  boot.initrd.kernelModules = lib.mkIf (!(config ? virtualisation.qemu)) [ "vc4" "bcm2835_dma" "i2c_bcm2835" "ahci"];
+  boot.initrd.kernelModules = lib.mkIf (!(config ? virtualisation.qemu)) [ "vc4" "bcm2835_dma" "i2c_bcm2835" "ahci" ];
 
   # K900 said that I should always try to stay as much as possible on mainline… which makes sense.
   # K900 also recommended to use kernel 6.0.2 (default is 5.*),
@@ -42,7 +42,7 @@
 
   # https://github.com/NixOS/nixpkgs/issues/154163#issuecomment-1008362877
   nixpkgs.overlays = [
-    (final: super: {
+    (_final: super: {
       makeModulesClosure = x:
         super.makeModulesClosure (x // { allowMissing = true; });
     })

sdcard/rpi3.nix

@@ -8,7 +8,7 @@
   ];
 
   nixpkgs.overlays = [
-    (final: super: {
+    (_final: super: {
       makeModulesClosure = x:
         super.makeModulesClosure (x // { allowMissing = true; });
     })