From d665d679bb32170177768fd48a7bc9187121b07f Mon Sep 17 00:00:00 2001
From: Filippo Berto <berto.f@protonmail.com>
Date: Mon, 2 Dec 2024 09:59:28 +0100
Subject: [PATCH] Sif: security pam

---
 instances/sif/configuration.nix | 39 ++++++++++-----------------------
 1 file changed, 12 insertions(+), 27 deletions(-)

diff --git a/instances/sif/configuration.nix b/instances/sif/configuration.nix
index 43ca507..330e61f 100644
--- a/instances/sif/configuration.nix
+++ b/instances/sif/configuration.nix
@@ -322,11 +322,6 @@
     };
   };
 
-  # FPRINTD
-  security = {
-    rtkit.enable = true;
-  };
-
   # Clamav
   # services.clamav = {
   #   daemon.enable = true;
@@ -347,29 +342,19 @@
     podman.enable = true;
     # virtualbox.host.enable = true;
   };
+  security = {
+    # FPRINTD
+    rtkit.enable = true;
 
-  security.sudo.extraConfig = ''
-    Defaults pwfeedback
-  '';
-  security.pam.services = {
-    xscreensaver.fprintAuth = true;
-    gdm = { enableGnomeKeyring = true; fprintAuth = true; };
-    # sudo = {
-    #   fprintAuth = true;
-    #   rootOK = true;
-    #   forwardXAuth = true;
-    #   logFailures = true;
-    #   text = ''
-    #     auth    [success=ok default=bad]  pam_unix.so nullok_secure
-    #     auth    [success=2 default=bad]   pam_fprintd.so
-    #   '';
-    #   # enableGnomeKeyring = true;
-    #   # text = ''
-    #   #   auth		include		system-auth-fprintd
-    #   #   account		include		system-auth
-    #   #   session		include		system-auth
-    #   # '';
-    # };
+    sudo.extraConfig = ''
+      Defaults pwfeedback
+    '';
+
+    pam.services = {
+      xscreensaver.fprintAuth = true;
+      gdm = { enableGnomeKeyring = true; fprintAuth = true; };
+      git = { gnupg.enable = true; enableGnomeKeyring = true; };
+    };
   };
 
   nixpkgs.config = {