feat(darwin): declarative macOS defaults + Touch-ID sudo

Touch ID now authorises sudo (via sudo_local, update-safe). Adds the standard system.defaults blocks — dock autohide / no-recents, Finder extensions + path bar + list view, dark mode, fast key repeat, trackpad tap-to-click — so the Mac's UI is managed declaratively too. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-10 16:44:53 +01:00
parent 318c64a371
commit 8c058632ef
1 changed files with 32 additions and 0 deletions
@@ -151,6 +151,38 @@
    };
  };

+  # Touch ID authorises sudo (and darwin-rebuild's sudo prompt) instead of a
+  # typed password. sudo_local keeps the change in /etc/pam.d/sudo_local so it
+  # survives macOS updates.
+  security.pam.services.sudo_local.touchIdAuth = true;
+
+  # Declarative macOS UI defaults -- the main reason to run nix-darwin beyond
+  # package management. Applied on activation; all reversible.
+  system.defaults = {
+    dock = {
+      autohide = true;
+      show-recents = false;
+      mru-spaces = false; # don't reorder spaces by use
+      tilesize = 48;
+    };
+    finder = {
+      AppleShowAllExtensions = true;
+      ShowPathbar = true;
+      FXPreferredViewStyle = "Nlsv"; # list view
+      _FXShowPosixPathInTitle = true;
+    };
+    NSGlobalDomain = {
+      AppleInterfaceStyle = "Dark";
+      ApplePressAndHoldEnabled = false; # key-repeat instead of the accent popup
+      InitialKeyRepeat = 15;
+      KeyRepeat = 2;
+    };
+    trackpad = {
+      Clicking = true; # tap to click
+      TrackpadThreeFingerDrag = true;
+    };
+  };
+
  # Used for backwards compatibility; read `darwin-rebuild changelog` before changing.
  system.stateVersion = 5;
 }