How to update/extend PAM configuration (/etc/pam.d/*)

I’d like to use kanidm, for which a NixOS service definition exists, including an option services.kanidm.enablePam

Setting this to true will only create the systemd services, but not update the PAM configuration.

So I want to to update the PAM configutation as described in the kanidm book to include, but now I notice the pam.d directory is managed by Nix and looks pretty hardcoded: I cannot easily find an option to update auth, account, password and session sections from within my configuration.nix file. Is there an option I’m overlooking?

It looks like the PAM configuration is not configurable by the user other than the security.pam.*.enable options for specific PAM modules

@Flakebi question since you seem to be the main author of this module: would it be possible to add an option security.pam.kanidm.enable (it depends on services.kanidm.enablePam which is already there)? That would be really nice!

It looks like it is Christmas today, and @max already made nixos/pam: support Kanidm by max-privatevoid · Pull Request #236757 · NixOS/nixpkgs · GitHub
If this could be backported indeed, it would be more than awesome