NixOS Unstable fprintd Fingerprint Reader Issues

Hi. I am currently running the unstable version of NixOS, along with Home Manager, on a Framework laptop, on Hyprland I have recently added the following config option to enable fprintd:

services.fprintd.enable = true;

I saw on this NixOS on Framework article that the TOD patches are not required to get the fingerprint reader to work properly, so I did not include the services.fprintd.tod config.

I was able to setup fprintd successfully, and I enrolled 2 fingers without issue. I am trying to get swaylock to unlock by using my fingerprint. On Arch Linux, when the screen is locked (via swaylock), you need to press enter so that it begins verifying, and then place your finger on the reader, and it unlocks. On NixOS, however, this does not work at all, and I can only unlock by entering my password directly.

I also have this config piece:

security.pam.services.swaylock = {
  text = ''
    auth sufficient pam_unix.so try_first_pass likeauth nullok
    auth sufficient pam_fprintd.so
    auth include login
  '';
};

Which resembles the /etc/pam.d file for swaylock that I had on Arch, with those same options. Has anyone else encountered this issue, and has a working solution? I haven’t tried testing the fingerprint yet with other password-required elements, like sudo, or with standard login (I am just logging in thru a TTY and running Hyprland to get into the WM), as I am trying to get the swaylock piece working first.

Any guidance is much appreciated. Thank you…!

This may be a bit of a stretch, but I just tried to configure fprintd on a thinkpad, and things completely did not work, until I realized that I had to pass in my local username for fprintd-enroll:

sudo fprintd-enroll -f left-index-finger pi

For unknown reasons, enrolling without sudo didn’t work:

EnrollStart failed: GDBus.Error:net.reactivated.Fprint.Error.PermissionDenied: Not Authorized: net.reactivated.fprint.device.enroll

And with sudo, the fingerprints where enrolled successfully, but for root, so I had to delete those before re-registering for my regular account.