From 0c6d6ac16759d27c5f31f19a833ecfda7c4a2cd8 Mon Sep 17 00:00:00 2001 From: Emma Thorpe Date: Wed, 10 Jun 2026 17:58:49 +0100 Subject: [PATCH 1/2] chore(darwin): drop declarative masApps; install MAS apps manually nix-darwin 26.05 forces activation to run as root, and mas cannot reach the App Store/StoreKit session from root, so homebrew.masApps silently failed to install. Remove the masApps list; install those apps by hand with `mas install ` from a GUI Terminal. The mas CLI stays in systemPackages for that. Co-Authored-By: Claude Opus 4.8 (1M context) --- system/machine/Darwin/configuration.nix | 20 ++++++-------------- 1 file changed, 6 insertions(+), 14 deletions(-) diff --git a/system/machine/Darwin/configuration.nix b/system/machine/Darwin/configuration.nix index bea63d2..15c0104 100644 --- a/system/machine/Darwin/configuration.nix +++ b/system/machine/Darwin/configuration.nix @@ -80,7 +80,7 @@ }; # Declarative Homebrew for packages with no nixpkgs equivalent or that must be - # the vendor build (GUI casks, Mac App Store apps). + # the vendor build (GUI casks). homebrew = { enable = true; onActivation = { @@ -136,19 +136,11 @@ "vscodium" "winbox" ]; - masApps = { - Amphetamine = 937984704; - "Apple Configurator" = 1037126344; - "Game Controller Tester" = 1500593102; - "Home Assistant" = 1099568401; - Infuse = 1136220934; - Keynote = 409183694; - Numbers = 409203825; - Pages = 409201541; - PDFgear = 6469021132; - PL2303Serial = 1624835354; - WireGuard = 1451685025; - }; + # Mac App Store apps are not managed declaratively: nix-darwin 26.05 forces + # activation to run as root, and `mas` cannot reach the App Store session + # from root, so installs silently fail. Install them by hand with + # `mas install ` from a GUI Terminal (the `mas` CLI is in + # environment.systemPackages above). }; # Touch ID authorises sudo (and darwin-rebuild's sudo prompt) instead of a From 18c1e10f13274724a280975b954f08036a706395 Mon Sep 17 00:00:00 2001 From: Emma Thorpe Date: Wed, 10 Jun 2026 18:02:02 +0100 Subject: [PATCH 2/2] fix(darwin): pam_reattach for Touch-ID sudo in tmux; trim dock defaults Touch ID for sudo failed because pam_tid can't reach the GUI session from inside tmux (terminals here auto-start tmux); enable sudo_local reattach (pam_reattach) so the session is re-attached first. Also drop the dock autohide and tilesize defaults. Co-Authored-By: Claude Opus 4.8 (1M context) --- system/machine/Darwin/configuration.nix | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/system/machine/Darwin/configuration.nix b/system/machine/Darwin/configuration.nix index 15c0104..617728a 100644 --- a/system/machine/Darwin/configuration.nix +++ b/system/machine/Darwin/configuration.nix @@ -145,17 +145,20 @@ # Touch ID authorises sudo (and darwin-rebuild's sudo prompt) instead of a # typed password. sudo_local keeps the change in /etc/pam.d/sudo_local so it - # survives macOS updates. - security.pam.services.sudo_local.touchIdAuth = true; + # survives macOS updates. reattach pulls in pam_reattach: pam_tid (Touch ID) + # otherwise fails inside tmux/screen because the process is detached from the + # GUI login session -- and terminals here auto-start tmux, so it is required. + security.pam.services.sudo_local = { + touchIdAuth = true; + reattach = true; + }; # Declarative macOS UI defaults -- the main reason to run nix-darwin beyond # package management. Applied on activation; all reversible. system.defaults = { dock = { - autohide = true; show-recents = false; mru-spaces = false; # don't reorder spaces by use - tilesize = 48; }; finder = { AppleShowAllExtensions = true;