Changing default on attribute set in NixOS

I have enabled services.fprintd.enable. Which is happened to be a default value of<name>.fprintAuth. But I want only specified pam services to have it enabled. I was thinking of using lib.mkDefault, but how to apply it on an option inside attribute set of submodules.

1 Like

Default is

That means you can just set services.fprintd.enable to true
Unless you don’t want it to be true (because of other side effect).

Since I don’t know how to answer your question directly, you can try to overwrite the side unexpected side effect, our reimplement expected one…

services.fprintd.enable installs pkgs.fprintd
but you can also set
services.fprintd.package = pkgs.emptyDir if your problems is that you already have fprint comming from somewhere else that are conflicting.
or (<name>) if the problem is how it is configuring systemd service for you…

Not quite.

Basically, I wanted to be able to use my fingerprint to authenticate only in doas (sudo alternative).

To do that, I set services.fprintd.enable = true. To enable fprintd.

doas as well as many other apps use PAM to authenticate users. PAM configures separately for each service via<name>.fprintAuth which is an attribute. But I only want fprintAuth to be enabled for doas. And the default for<name>.fprintAuth comes from services.fprintd.enable.

So the possible solution I see now are:

  1. Disable<name>.fprintAuth for each service except PAM. Which seems excessive.
  2. Reimplement whole PAM nixos module. Which also very excessive.
  3. Change just default of<name>.fprintAuth. Normally, I guess it should be done via mkDefault. But due to is in attrset of submodules. I am not sure how to use mkDefault then.