fix(darwin): pam_reattach for Touch-ID sudo in tmux; trim dock defaults
CI / flake (pull_request) Successful in 3m17s
CI / flake (pull_request) Successful in 3m17s
Touch ID for sudo failed because pam_tid can't reach the GUI session from inside tmux (terminals here auto-start tmux); enable sudo_local reattach (pam_reattach) so the session is re-attached first. Also drop the dock autohide and tilesize defaults. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
Emma Thorpe
@@ -145,17 +145,20 @@
|
||||
|
||||
# Touch ID authorises sudo (and darwin-rebuild's sudo prompt) instead of a
|
||||
# typed password. sudo_local keeps the change in /etc/pam.d/sudo_local so it
|
||||
# survives macOS updates.
|
||||
security.pam.services.sudo_local.touchIdAuth = true;
|
||||
# survives macOS updates. reattach pulls in pam_reattach: pam_tid (Touch ID)
|
||||
# otherwise fails inside tmux/screen because the process is detached from the
|
||||
# GUI login session -- and terminals here auto-start tmux, so it is required.
|
||||
security.pam.services.sudo_local = {
|
||||
touchIdAuth = true;
|
||||
reattach = true;
|
||||
};
|
||||
|
||||
# Declarative macOS UI defaults -- the main reason to run nix-darwin beyond
|
||||
# package management. Applied on activation; all reversible.
|
||||
system.defaults = {
|
||||
dock = {
|
||||
autohide = true;
|
||||
show-recents = false;
|
||||
mru-spaces = false; # don't reorder spaces by use
|
||||
tilesize = 48;
|
||||
};
|
||||
finder = {
|
||||
AppleShowAllExtensions = true;
|
||||
|
||||
Reference in New Issue
Block a user