From 18c1e10f13274724a280975b954f08036a706395 Mon Sep 17 00:00:00 2001 From: Emma Thorpe Date: Wed, 10 Jun 2026 18:02:02 +0100 Subject: [PATCH] fix(darwin): pam_reattach for Touch-ID sudo in tmux; trim dock defaults Touch ID for sudo failed because pam_tid can't reach the GUI session from inside tmux (terminals here auto-start tmux); enable sudo_local reattach (pam_reattach) so the session is re-attached first. Also drop the dock autohide and tilesize defaults. Co-Authored-By: Claude Opus 4.8 (1M context) --- system/machine/Darwin/configuration.nix | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/system/machine/Darwin/configuration.nix b/system/machine/Darwin/configuration.nix index 15c0104..617728a 100644 --- a/system/machine/Darwin/configuration.nix +++ b/system/machine/Darwin/configuration.nix @@ -145,17 +145,20 @@ # Touch ID authorises sudo (and darwin-rebuild's sudo prompt) instead of a # typed password. sudo_local keeps the change in /etc/pam.d/sudo_local so it - # survives macOS updates. - security.pam.services.sudo_local.touchIdAuth = true; + # survives macOS updates. reattach pulls in pam_reattach: pam_tid (Touch ID) + # otherwise fails inside tmux/screen because the process is detached from the + # GUI login session -- and terminals here auto-start tmux, so it is required. + security.pam.services.sudo_local = { + touchIdAuth = true; + reattach = true; + }; # Declarative macOS UI defaults -- the main reason to run nix-darwin beyond # package management. Applied on activation; all reversible. system.defaults = { dock = { - autohide = true; show-recents = false; mru-spaces = false; # don't reorder spaces by use - tilesize = 48; }; finder = { AppleShowAllExtensions = true;