feat(gs/system): Setup fingerprint scanner

This is kinda nifty

Change-Id: I1b9a6762a5349974f539d2c4938a2b3dcdf488ad
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2219
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI

users/glittershark/pkgs/fprintd/default.nix

@@ -0,0 +1,124 @@
+args @ { pkgs, ... }:
+
+let
+  nixpkgs = import pkgs.nixpkgsSrc {
+    config.allowUnfree = true;
+  };
+  inherit (nixpkgs)
+    stdenv
+    fetchFromGitLab
+    fetchpatch
+    pkgconfig
+    meson
+    ninja
+    perl
+    gettext
+    cairo
+    gtk-doc
+    libxslt
+    docbook-xsl-nons
+    docbook_xml_dtd_412
+    glib
+    dbus
+    dbus-glib
+    polkit
+    nss
+    pam
+    systemd
+    python3;
+  libfprint-tod = nixpkgs.callPackage ./libfprint-tod.nix {};
+
+in
+
+stdenv.mkDerivation rec {
+  pname = "fprintd";
+  version = "1.90.1";
+  outputs = [ "out" "devdoc" ];
+
+  src = fetchFromGitLab {
+    domain = "gitlab.freedesktop.org";
+    owner = "libfprint";
+    repo = pname;
+    rev = version;
+    sha256 = "0mbzk263x7f58i9cxhs44mrngs7zw5wkm62j5r6xlcidhmfn03cg";
+  };
+
+  patches = [
+    # Fixes issue with ":" when there is multiple paths (might be the case on NixOS)
+    # https://gitlab.freedesktop.org/libfprint/fprintd/-/merge_requests/50
+    (fetchpatch {
+      url = "https://gitlab.freedesktop.org/libfprint/fprintd/-/commit/d7fec03f24d10f88d34581c72f0eef201f5eafac.patch";
+      sha256 = "0f88dhizai8jz7hpm5lpki1fx4593zcy89iwi4brsqbqc7jp9ls0";
+    })
+
+    # Fix locating libpam_wrapper for tests
+    (fetchpatch {
+      url = "https://gitlab.freedesktop.org/libfprint/fprintd/-/merge_requests/40.patch";
+      sha256 = "0qqy090p93lzabavwjxzxaqidkcb3ifacl0d3yh1q7ms2a58yyz3";
+    })
+    (fetchpatch {
+      url = "https://gitlab.freedesktop.org/libfprint/fprintd/-/commit/f401f399a85dbeb2de165b9b9162eb552ab6eea7.patch";
+      sha256 = "1bc9g6kc95imlcdpvp8qgqjsnsxg6nipr6817c1pz5i407yvw1iy";
+    })
+  ];
+
+  nativeBuildInputs = [
+    pkgconfig
+    meson
+    ninja
+    perl
+    gettext
+    gtk-doc
+    libxslt
+    dbus
+    docbook-xsl-nons
+    docbook_xml_dtd_412
+  ];
+
+  buildInputs = [
+    glib
+    dbus-glib
+    polkit
+    nss
+    pam
+    systemd
+    libfprint-tod
+  ];
+
+  checkInputs = with python3.pkgs; [
+    python-dbusmock
+    dbus-python
+    pygobject3
+    pycairo
+    pypamtest
+  ];
+
+  mesonFlags = [
+    "-Dgtk_doc=true"
+    "-Dpam_modules_dir=${placeholder "out"}/lib/security"
+    "-Dsysconfdir=${placeholder "out"}/etc"
+    "-Ddbus_service_dir=${placeholder "out"}/share/dbus-1/system-services"
+    "-Dsystemd_system_unit_dir=${placeholder "out"}/lib/systemd/system"
+  ];
+
+  PKG_CONFIG_DBUS_1_INTERFACES_DIR = "${placeholder "out"}/share/dbus-1/interfaces";
+  PKG_CONFIG_POLKIT_GOBJECT_1_POLICYDIR = "${placeholder "out"}/share/polkit-1/actions";
+  PKG_CONFIG_DBUS_1_DATADIR = "${placeholder "out"}/share";
+
+  # FIXME: Ugly hack for tests to find libpam_wrapper.so
+  LIBRARY_PATH = stdenv.lib.makeLibraryPath [ python3.pkgs.pypamtest ];
+
+  doCheck = true;
+
+  postPatch = ''
+    patchShebangs po/check-translations.sh
+  '';
+
+  meta = with stdenv.lib; {
+    homepage = "https://fprint.freedesktop.org/";
+    description = "D-Bus daemon that offers libfprint functionality over the D-Bus interprocess communication bus";
+    license = licenses.gpl2;
+    platforms = platforms.linux;
+    maintainers = with maintainers; [ abbradar elyhaka ];
+  };
+}

users/glittershark/pkgs/fprintd/libfprint-tod-clean.nix

@@ -0,0 +1,81 @@
+{ stdenv
+, pkgs
+, fetchFromGitLab
+, fetchurl
+, pkgconfig
+, meson
+, ninja
+, libusb
+, gusb
+, pixman
+, gobject-introspection
+, glib
+, nss
+, gtk3
+, python3
+, umockdev
+, coreutils
+, gtk-doc
+, docbook_xsl
+, docbook_xml_dtd_43
+}:
+
+stdenv.mkDerivation rec {
+  pname = "libfprint";
+  version = "1.90.2";
+  outputs = [ "out" "devdoc" ];
+
+  src = fetchFromGitLab {
+    domain = "gitlab.freedesktop.org";
+    owner = "3v1n0";
+    repo = "libfprint";
+    rev = "0e123d0752538d834ee2cca8b471373369ad5e89";
+    sha256 = "11yl3nikdyykamafqf3ys1wg7zx3rb81lf11ndd8sf9rkwwfgpn6";
+  };
+
+  checkInputs = [ (python3.withPackages (ps: with ps; [ pycairo gobject ])) umockdev ];
+
+  nativeBuildInputs = [
+    pkgconfig
+    meson
+    gobject-introspection
+    ninja
+    gtk-doc
+    docbook_xsl
+    docbook_xml_dtd_43
+  ];
+
+  buildInputs = [
+    libusb
+    gusb
+    pixman
+    glib
+    nss
+    gtk3
+  ];
+
+  mesonFlags = [
+    "-Dudev_rules_dir=${placeholder "out"}/lib/udev/rules.d"
+    "-Dx11-examples=false"
+  ];
+
+  doChecks = true;
+
+  checkPhase = ''
+    meson test -C build --print-errorlogs
+  '';
+
+  postPatch = ''
+    substituteInPlace libfprint/meson.build \
+      --replace /bin/echo ${coreutils}/bin/echo
+  '';
+
+
+  meta = with stdenv.lib; {
+    homepage = https://fprint.freedesktop.org/;
+    description = "A library designed to make it easy to add support for consumer fingerprint readers";
+    license = licenses.lgpl21;
+    platforms = platforms.linux;
+    maintainers = with maintainers; [ jobojeha ];
+  };
+}

users/glittershark/pkgs/fprintd/libfprint-tod-goodix.nix

@@ -0,0 +1,47 @@
+{ stdenv
+, pkgs
+, fetchgit
+, libfprint-tod ? (pkgs.callPackage ./libfprint-tod-clean.nix {})
+, git
+, autoPatchelfHook
+, libusb
+, glibc
+,
+}:
+stdenv.mkDerivation rec {
+  pname = "libfprint-2-tod1-xps9300-bin";
+  version = "0.0.6";
+
+  src = fetchgit {
+    url = "git://git.launchpad.net/~oem-solutions-engineers/libfprint-2-tod1-goodix/+git/libfprint-2-tod1-goodix/";
+    rev = "882735c6366fbe30149eea5cfd6d0ddff880f0e4";
+    sha256 = "1x9h5x027s2avdhjhnfmmhdpgyf9x79fz8skcjd3rm3phnpr3zsj";
+  };
+
+  buildInputs = [
+    libfprint-tod
+    git
+    libusb
+    autoPatchelfHook
+    glibc
+  ];
+
+  installPhase = ''
+    install -dm 755 "$out/lib/udev/rules.d/"
+    install -dm 755 "$out/usr/lib/libfprint-2/tod-1/"
+
+    sed -n -r '/Shenzhen/,/^\s*$/p' debian/copyright > LICENSE
+    install -Dm644 LICENSE "$out/usr/share/licenses/libfprint-2-tod1-xps9300-bin/LICENSE"
+
+    install -Dm 755 usr/lib/x86_64-linux-gnu/libfprint-2/tod-1/libfprint-tod-goodix-53xc-0.0.6.so "$out/usr/lib/libfprint-2/tod-1/"
+    install -Dm 0755 lib/udev/rules.d/60-libfprint-2-tod1-goodix.rules "$out/lib/udev/rules.d/"
+  '';
+
+  meta = with stdenv.lib; {
+    homepage = "https://git.launchpad.net/~oem-solutions-engineers/libfprint-2-tod1-goodix/+git/libfprint-2-tod1-goodix";
+    description = "Goodix driver module for libfprint-2 Touch OEM Driver";
+    license = licenses.unfreeRedistributable;
+    platforms = platforms.linux;
+    maintainers = with maintainers; [ jobojeha ];
+  };
+}

users/glittershark/pkgs/fprintd/libfprint-tod.nix

@@ -0,0 +1,89 @@
+{ stdenv
+, pkgs
+, fetchFromGitLab
+, fetchurl
+, pkgconfig
+, meson
+, ninja
+, libusb
+, gusb
+, pixman
+, gobject-introspection
+, glib
+, nss
+, gtk3
+, python3
+, umockdev
+, coreutils
+, gtk-doc
+, docbook_xsl
+, docbook_xml_dtd_43
+, libfprint-tod-goodix ? (pkgs.callPackage ./libfprint-tod-goodix.nix {})
+}:
+
+stdenv.mkDerivation rec {
+  pname = "libfprint";
+  version = "1.90.2";
+  outputs = [ "out" "devdoc" ];
+
+  src = fetchFromGitLab {
+    domain = "gitlab.freedesktop.org";
+    owner = "3v1n0";
+    repo = "libfprint";
+    rev = "0e123d0752538d834ee2cca8b471373369ad5e89";
+    sha256 = "11yl3nikdyykamafqf3ys1wg7zx3rb81lf11ndd8sf9rkwwfgpn6";
+  };
+
+  checkInputs = [ (python3.withPackages (ps: with ps; [ pycairo gobject ])) umockdev ];
+
+  nativeBuildInputs = [
+    pkgconfig
+    meson
+    gobject-introspection
+    ninja
+    gtk-doc
+    docbook_xsl
+    docbook_xml_dtd_43
+  ];
+
+  buildInputs = [
+    libusb
+    gusb
+    pixman
+    glib
+    nss
+    gtk3
+    libfprint-tod-goodix
+  ];
+
+  mesonFlags = [
+    "-Dudev_rules_dir=${placeholder "out"}/lib/udev/rules.d"
+    "-Dx11-examples=false"
+  ];
+
+  doChecks = true;
+
+  checkPhase = ''
+    meson test -C build --print-errorlogs
+  '';
+
+  postPatch = ''
+    substituteInPlace libfprint/meson.build \
+      --replace /bin/echo ${coreutils}/bin/echo
+  '';
+
+  postInstall = ''
+    mkdir -p $out/lib/libfprint-2/tod-1/
+    ln -s ${libfprint-tod-goodix}/usr/lib/libfprint-2/tod-1/libfprint-tod-goodix-53xc-0.0.6.so $out/lib/libfprint-2/tod-1/
+    ln -s ${libfprint-tod-goodix}/lib/udev/rules.d/60-libfprint-2-tod1-goodix.rules $out/lib/udev/rules.d/
+
+  '';
+
+  meta = with stdenv.lib; {
+    homepage = https://fprint.freedesktop.org/;
+    description = "A library designed to make it easy to add support for consumer fingerprint readers";
+    license = licenses.lgpl21;
+    platforms = platforms.linux;
+    maintainers = with maintainers; [ jobojeha ];
+  };
+}

users/glittershark/system/system/default.nix

@@ -16,7 +16,13 @@ rec {
   yeren = import ./machines/yeren.nix;
 
   yerenSystem = (pkgs.nixos {
-    configuration = yeren;
+    configuration = { ... }: {
+      imports = [
+        ./machines/yeren.nix
+        "${depot.depotPath}/ops/nixos/depot.nix"
+      ];
+      inherit depot;
+    };
   }).system;
 
   iso = import ./iso.nix args;

users/glittershark/system/system/machines/yeren.nix

@@ -8,6 +8,8 @@
     ../modules/xserver.nix
     ../modules/fonts.nix
     ../modules/sound.nix
+    ../modules/tvl.nix
+    ../modules/development.nix
   ];
 
   networking.hostName = "yeren";
@@ -69,4 +71,18 @@
     libvdpau-va-gl
     intel-media-driver
   ];
+
+  services.fprintd = {
+    enable = true;
+    package = config.depot.users.glittershark.pkgs.fprintd;
+  };
+
+  security.pam.services = {
+    login.fprintAuth = true;
+    sudo.fprintAuth = true;
+    i3lock.fprintAuth = false;
+    i3lock-color.fprintAuth = false;
+    lightdm.fprintAuth = true;
+    lightdm-greeter.fprintAuth = true;
+  };
 }