From 8c6b9f65c906ad62e8cee3854dcb07a550bdfd73 Mon Sep 17 00:00:00 2001
From: Bloxx12 <charlie@charlieroot.dev>
Date: Sat, 19 Jul 2025 00:33:08 +0200
Subject: [PATCH] security: add pam configuration

---
 hosts/temperance/configuration.nix          |  5 ++---
 modules/system/os/security/security.mod.nix | 19 +++++++++++++++++++
 2 files changed, 21 insertions(+), 3 deletions(-)

diff --git a/hosts/temperance/configuration.nix b/hosts/temperance/configuration.nix
index 0780997..18d06af 100644
--- a/hosts/temperance/configuration.nix
+++ b/hosts/temperance/configuration.nix
@@ -19,15 +19,14 @@
     system76-scheduler = {
       enable = true;
     };
-    gnome.gnome-keyring.enable = true;
   };
-  security.pam.services.login.enableGnomeKeyring = true;
-  environment.systemPackages = [pkgs.seahorse];
+
   meta = {
     mainUser.gitSigningKey = "";
   };
   modules = {
     system = {
+      isGraphical = true;
       impermanence.enable = true;
       boot = {
         systemd-boot.enable = true;
diff --git a/modules/system/os/security/security.mod.nix b/modules/system/os/security/security.mod.nix
index e24de6e..06e0a7a 100644
--- a/modules/system/os/security/security.mod.nix
+++ b/modules/system/os/security/security.mod.nix
@@ -7,5 +7,24 @@
       killUnconfinedConfinables = true;
       packages = [pkgs.apparmor-profiles];
     };
+
+    pam.services = {
+      login.kwallet = {
+        enable = true;
+        # package = pkgs.kdePackages.kwallet-pam;
+      };
+      niri = {
+        allowNullPassword = true;
+        kwallet = {
+          enable = true;
+          package = pkgs.kdePackages.kwallet-pam;
+        };
+      };
+    };
   };
+  environment.systemPackages = with pkgs.kdePackages; [
+    kwallet # provides helper service
+    kwallet-pam # provides helper service
+    kwalletmanager # provides KCMs and stuff
+  ];
 }