Hello Guix,
I recently changed my setup at home for work. Now I have a laptop to do
my work on and my desktop (that's running Guix) for my personal notes
etc. I still jump between the two through out the day. It is a bit
annoying to have to type in my password every time I switch to my
desktop to unlock swaylock.
I got an u2f compatible USB key which got me thinking. I might be able
to set it up that swaylock requires either password or the u2f key.
That way I don't need to type in my password to unlock my desktop all
the time. Although it is a bit unclear if swaylock can handle this or
not.
However it does not look supertrivial to modify a PAM service. So
before I venture down this path I figured it might be good to ask the
community to see if someone has done something similar?
>From what I have gathered so far I need to disable the PAM services for
`screen-locker-service`. Something like this:
```
(service screen-locker-service-type
(screen-locker-configuration
(name "swaylock")
(program (file-append swaylock "/bin/swaylock"))
(using-pam? #f)
(using-setuid? #f)))
```
Then define my own for swaylock using `unix-pam-service`. But grab the
result from that and modify the `auth` section to add the pam-u2f module
and also change the password from `required` to `sufficient`. Does that
sound right? Or is there a better way of going about this?
Thanks
--
s/Fred[re]+i[ck]+/Fredrik/g
