diff --git a/system/machine/Darwin/configuration.nix b/system/machine/Darwin/configuration.nix index bea63d2..617728a 100644 --- a/system/machine/Darwin/configuration.nix +++ b/system/machine/Darwin/configuration.nix @@ -80,7 +80,7 @@ }; # Declarative Homebrew for packages with no nixpkgs equivalent or that must be - # the vendor build (GUI casks, Mac App Store apps). + # the vendor build (GUI casks). homebrew = { enable = true; onActivation = { @@ -136,34 +136,29 @@ "vscodium" "winbox" ]; - masApps = { - Amphetamine = 937984704; - "Apple Configurator" = 1037126344; - "Game Controller Tester" = 1500593102; - "Home Assistant" = 1099568401; - Infuse = 1136220934; - Keynote = 409183694; - Numbers = 409203825; - Pages = 409201541; - PDFgear = 6469021132; - PL2303Serial = 1624835354; - WireGuard = 1451685025; - }; + # Mac App Store apps are not managed declaratively: nix-darwin 26.05 forces + # activation to run as root, and `mas` cannot reach the App Store session + # from root, so installs silently fail. Install them by hand with + # `mas install ` from a GUI Terminal (the `mas` CLI is in + # environment.systemPackages above). }; # Touch ID authorises sudo (and darwin-rebuild's sudo prompt) instead of a # typed password. sudo_local keeps the change in /etc/pam.d/sudo_local so it - # survives macOS updates. - security.pam.services.sudo_local.touchIdAuth = true; + # survives macOS updates. reattach pulls in pam_reattach: pam_tid (Touch ID) + # otherwise fails inside tmux/screen because the process is detached from the + # GUI login session -- and terminals here auto-start tmux, so it is required. + security.pam.services.sudo_local = { + touchIdAuth = true; + reattach = true; + }; # Declarative macOS UI defaults -- the main reason to run nix-darwin beyond # package management. Applied on activation; all reversible. system.defaults = { dock = { - autohide = true; show-recents = false; mru-spaces = false; # don't reorder spaces by use - tilesize = 48; }; finder = { AppleShowAllExtensions = true;