diff --git a/nixos/modules/security/pam.nix b/nixos/modules/security/pam.nix
index 111be7057afc0..e17f0d5ef75d9 100644
--- a/nixos/modules/security/pam.nix
+++ b/nixos/modules/security/pam.nix
@@ -813,7 +813,7 @@ let
             skel = config.security.pam.makeHomeDir.skelDirectory;
             inherit (config.security.pam.makeHomeDir) umask;
           }; }
-          { name = "lastlog"; enable = cfg.updateWtmp; control = "required"; modulePath = "${pkgs.pam}/lib/security/pam_lastlog.so"; settings = {
+          { name = "lastlog"; enable = cfg.updateWtmp; control = "required"; modulePath = "${pkgs.pam_lastlog2}/lib/security/pam_lastlog2.so"; settings = {
             silent = true;
           }; }
           { name = "ecryptfs"; enable = config.security.pam.enableEcryptfs; control = "optional"; modulePath = "${pkgs.ecryptfs}/lib/security/pam_ecryptfs.so"; }
@@ -1520,6 +1520,10 @@ in
 
     environment.etc = mapAttrs' makePAMService config.security.pam.services;
 
+    systemd.packages = optionals config.security.pam.services.login.updateWtmp [ pkgs.pam_lastlog2 ];
+    systemd.services.lastlog2-import.enable = config.security.pam.services.login.updateWtmp;
+    systemd.tmpfiles.packages = optionals config.security.pam.services.login.updateWtmp [ pkgs.pam_lastlog2 ];
+
     security.pam.services =
       { other.text =
           ''
diff --git a/pkgs/by-name/pa/pam_lastlog2/package.nix b/pkgs/by-name/pa/pam_lastlog2/package.nix
new file mode 100644
index 0000000000000..c618f82463e0d
--- /dev/null
+++ b/pkgs/by-name/pa/pam_lastlog2/package.nix
@@ -0,0 +1,63 @@
+{ lib
+, nixosTests
+, stdenv
+, fetchFromGitHub
+, meson
+, ninja
+, pkg-config
+, pam
+, sqlite
+, libxslt
+, docbook5
+, docbook_xsl
+, docbook_xsl_ns
+, coreutils
+}:
+
+stdenv.mkDerivation rec {
+  pname = "pam_lastlog2";
+  version = "1.2.0";
+
+  src = fetchFromGitHub {
+    owner = "thkukuk";
+    repo = "lastlog2";
+    rev = "v${version}";
+    sha256 = "2qGRV5ihJAdg/pfKHSvR57iEAAw0r39FbTmS3w47kcs=";
+  };
+
+  nativeBuildInputs = [
+    meson
+    pkg-config
+    ninja
+    libxslt
+    docbook5
+    docbook_xsl
+    docbook_xsl_ns
+  ];
+
+  buildInputs = [
+    pam
+    sqlite
+   ];
+
+  mesonFlags = [
+    "--prefix=${placeholder "out"}"
+    "-Drootprefix=${placeholder "out"}"
+    "-Dpamlibdir=${placeholder "out"}/lib/security"
+    "-Dman=true"
+  ];
+
+  postInstall = ''
+    substituteInPlace $out/lib/systemd/system/lastlog2-import.service \
+      --replace /usr/bin/lastlog2 $out/bin/lastlog2 \
+      --replace /usr/bin/mv ${coreutils}/bin/mv
+  '';
+
+  meta = with lib; {
+    description = "Y2038 safe version of lastlog";
+    homepage = "https://github.com/thkukuk/lastlog2";
+    changelog = "https://github.com/thkukuk/lastlog2/releases/tag/v${version}";
+    license = licenses.bsd2;
+    platforms = platforms.linux;
+  };
+}