From 2a543acc6710db37f22cd446cda4d7ed3b1fb802 Mon Sep 17 00:00:00 2001 From: Greg Burd Date: Sun, 2 Jun 2024 15:22:07 -0400 Subject: [PATCH] change to gnome --- flake.lock | 6 +++--- flake.nix | 5 ++--- nixos/workstation/floki/default.nix | 24 +++++++++++++++++++++++- sdcard/configuration.nix | 4 ++-- sdcard/rpi3.nix | 2 +- 5 files changed, 31 insertions(+), 10 deletions(-) diff --git a/flake.lock b/flake.lock index f014563..d91194a 100644 --- a/flake.lock +++ b/flake.lock @@ -1081,11 +1081,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1716991068, - "narHash": "sha256-Av0UWCCiIGJxsZ6TFc+OiKCJNqwoxMNVYDBChmhjNpo=", + "lastModified": 1717159533, + "narHash": "sha256-oamiKNfr2MS6yH64rUn99mIZjc45nGJlj9eGth/3Xuw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "25cf937a30bf0801447f6bf544fc7486c6309234", + "rev": "a62e6edd6d5e1fa0329b8653c801147986f8d446", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index f704eef..f02053f 100644 --- a/flake.nix +++ b/flake.nix @@ -63,7 +63,6 @@ { self , nix-formatter-pack , nixpkgs - , devshells , ... } @ inputs: let @@ -80,7 +79,7 @@ # .iso images # Workstations - "gburd@floki" = libx.mkHome { hostname = "floki"; username = "gburd"; desktop = "pantheon"; }; + "gburd@floki" = libx.mkHome { hostname = "floki"; username = "gburd"; desktop = "gnome"; }; # Servers }; @@ -100,7 +99,7 @@ # Workstations # Lenovo Carbon X1 Extreme Gen 5 - x86_64 - floki = libx.mkHost { systemType = "workstation"; hostname = "floki"; username = "gburd"; desktop = "pantheon"; }; + floki = libx.mkHost { systemType = "workstation"; hostname = "floki"; username = "gburd"; desktop = "gnome"; }; # Servers # Can be executed locally: diff --git a/nixos/workstation/floki/default.nix b/nixos/workstation/floki/default.nix index 3141cbf..8333251 100644 --- a/nixos/workstation/floki/default.nix +++ b/nixos/workstation/floki/default.nix @@ -4,7 +4,7 @@ # RAM: 32GB DDR5 # SATA: WD_BLACK SN850X 4TB (624331WD) SSD -{ inputs, lib, pkgs, ... }: +{ inputs, config, lib, pkgs, ... }: { imports = [ (import ./disks.nix) @@ -104,4 +104,26 @@ services.fprintd.enable = true; services.fprintd.tod.enable = true; services.fprintd.tod.driver = pkgs.libfprint-2-tod1-goodix; + + security.pam.services.login.fprintAuth = true; + # similarly to how other distributions handle the fingerprinting login + security.pam.services.gdm-fingerprint = lib.mkIf (config.services.fprintd.enable) { + text = '' + auth required pam_shells.so + auth requisite pam_nologin.so + auth requisite pam_faillock.so preauth + auth required ${pkgs.fprintd}/lib/security/pam_fprintd.so + auth optional pam_permit.so + auth required pam_env.so + auth [success=ok default=1] ${pkgs.gnome.gdm}/lib/security/pam_gdm.so + auth optional ${pkgs.gnome.gnome-keyring}/lib/security/pam_gnome_keyring.so + + account include login + + password required pam_deny.so + + session include login + session optional ${pkgs.gnome.gnome-keyring}/lib/security/pam_gnome_keyring.so auto_start + ''; + }; } diff --git a/sdcard/configuration.nix b/sdcard/configuration.nix index 697f8ef..65d34bc 100644 --- a/sdcard/configuration.nix +++ b/sdcard/configuration.nix @@ -32,7 +32,7 @@ # Otherwise the hdmi disconnects during the boot and reconnect at the end # looks like it is still not enough... # Don't enable it with qemu - boot.initrd.kernelModules = lib.mkIf (!(config ? virtualisation.qemu)) [ "vc4" "bcm2835_dma" "i2c_bcm2835" "ahci"]; + boot.initrd.kernelModules = lib.mkIf (!(config ? virtualisation.qemu)) [ "vc4" "bcm2835_dma" "i2c_bcm2835" "ahci" ]; # K900 said that I should always try to stay as much as possible on mainlineā€¦ which makes sense. # K900 also recommended to use kernel 6.0.2 (default is 5.*), @@ -42,7 +42,7 @@ # https://github.com/NixOS/nixpkgs/issues/154163#issuecomment-1008362877 nixpkgs.overlays = [ - (final: super: { + (_final: super: { makeModulesClosure = x: super.makeModulesClosure (x // { allowMissing = true; }); }) diff --git a/sdcard/rpi3.nix b/sdcard/rpi3.nix index a3d51bb..214476d 100644 --- a/sdcard/rpi3.nix +++ b/sdcard/rpi3.nix @@ -8,7 +8,7 @@ ]; nixpkgs.overlays = [ - (final: super: { + (_final: super: { makeModulesClosure = x: super.makeModulesClosure (x // { allowMissing = true; }); })