From 8c058632efb535ceb14d2fb4e35ca7eac780656a Mon Sep 17 00:00:00 2001 From: Emma Thorpe Date: Wed, 10 Jun 2026 16:44:53 +0100 Subject: [PATCH] feat(darwin): declarative macOS defaults + Touch-ID sudo MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Touch ID now authorises sudo (via sudo_local, update-safe). Adds the standard system.defaults blocks — dock autohide / no-recents, Finder extensions + path bar + list view, dark mode, fast key repeat, trackpad tap-to-click — so the Mac's UI is managed declaratively too. Co-Authored-By: Claude Opus 4.8 (1M context) --- system/machine/Darwin/configuration.nix | 32 +++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/system/machine/Darwin/configuration.nix b/system/machine/Darwin/configuration.nix index e894e08..bea63d2 100644 --- a/system/machine/Darwin/configuration.nix +++ b/system/machine/Darwin/configuration.nix @@ -151,6 +151,38 @@ }; }; + # Touch ID authorises sudo (and darwin-rebuild's sudo prompt) instead of a + # typed password. sudo_local keeps the change in /etc/pam.d/sudo_local so it + # survives macOS updates. + security.pam.services.sudo_local.touchIdAuth = true; + + # Declarative macOS UI defaults -- the main reason to run nix-darwin beyond + # package management. Applied on activation; all reversible. + system.defaults = { + dock = { + autohide = true; + show-recents = false; + mru-spaces = false; # don't reorder spaces by use + tilesize = 48; + }; + finder = { + AppleShowAllExtensions = true; + ShowPathbar = true; + FXPreferredViewStyle = "Nlsv"; # list view + _FXShowPosixPathInTitle = true; + }; + NSGlobalDomain = { + AppleInterfaceStyle = "Dark"; + ApplePressAndHoldEnabled = false; # key-repeat instead of the accent popup + InitialKeyRepeat = 15; + KeyRepeat = 2; + }; + trackpad = { + Clicking = true; # tap to click + TrackpadThreeFingerDrag = true; + }; + }; + # Used for backwards compatibility; read `darwin-rebuild changelog` before changing. system.stateVersion = 5; }