Hello Guix, I recently changed my setup at home for work. Now I have a laptop to do my work on and my desktop (that's running Guix) for my personal notes etc. I still jump between the two through out the day. It is a bit annoying to have to type in my password every time I switch to my desktop to unlock swaylock.
I got an u2f compatible USB key which got me thinking. I might be able to set it up that swaylock requires either password or the u2f key. That way I don't need to type in my password to unlock my desktop all the time. Although it is a bit unclear if swaylock can handle this or not. However it does not look supertrivial to modify a PAM service. So before I venture down this path I figured it might be good to ask the community to see if someone has done something similar? >From what I have gathered so far I need to disable the PAM services for `screen-locker-service`. Something like this: ``` (service screen-locker-service-type (screen-locker-configuration (name "swaylock") (program (file-append swaylock "/bin/swaylock")) (using-pam? #f) (using-setuid? #f))) ``` Then define my own for swaylock using `unix-pam-service`. But grab the result from that and modify the `auth` section to add the pam-u2f module and also change the password from `required` to `sufficient`. Does that sound right? Or is there a better way of going about this? Thanks -- s/Fred[re]+i[ck]+/Fredrik/g