From a3837014fa3a6170fa9a0ec55ec84c64553086e0 Mon Sep 17 00:00:00 2001
From: Leonardo Santiago <leonardo.ribeiro.santiago@gmail.com>
Date: Wed, 25 Jun 2025 11:00:14 -0300
Subject: fix: make automatic authentication with fprintd work again

---
 modules/gnome/fingerprint_auth.nix | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 modules/gnome/fingerprint_auth.nix

diff --git a/modules/gnome/fingerprint_auth.nix b/modules/gnome/fingerprint_auth.nix
new file mode 100644
index 0000000..5e6fd2e
--- /dev/null
+++ b/modules/gnome/fingerprint_auth.nix
@@ -0,0 +1,27 @@
+{ config, lib, pkgs, ... } : let
+  cfg = config.santi-modules.gnome;
+in {
+  config = lib.mkIf cfg.enable {
+    security.pam.services.login.fprintAuth = false;
+    # similarly to how other distributions handle the fingerprinting login
+    security.pam.services.gdm-fingerprint = lib.mkIf (config.services.fprintd.enable) {
+      text = ''
+        auth       required                    pam_shells.so
+        auth       requisite                   pam_nologin.so
+        auth       requisite                   pam_faillock.so      preauth
+        auth       required                    ${pkgs.fprintd}/lib/security/pam_fprintd.so
+        auth       optional                    pam_permit.so
+        auth       required                    pam_env.so
+        auth       [success=ok default=1]      ${pkgs.gnome.gdm}/lib/security/pam_gdm.so
+        auth       optional                    ${pkgs.gnome.gnome-keyring}/lib/security/pam_gnome_keyring.so
+
+        account    include                     login
+
+        password   required                    pam_deny.so
+
+        session    include                     login
+        session    optional                    ${pkgs.gnome.gnome-keyring}/lib/security/pam_gnome_keyring.so auto_start
+      '';
+    };
+  };
+}
-- 
cgit v1.2.3