system/machine/Darwin/configuration.nix

@@ -80,7 +80,7 @@
   };
 
   # Declarative Homebrew for packages with no nixpkgs equivalent or that must be
-  # the vendor build (GUI casks, Mac App Store apps).
+  # the vendor build (GUI casks).
   homebrew = {
     enable = true;
     onActivation = {
@@ -136,34 +136,29 @@
       "vscodium"
       "winbox"
     ];
-    masApps = {
-      Amphetamine = 937984704;
-      "Apple Configurator" = 1037126344;
-      "Game Controller Tester" = 1500593102;
-      "Home Assistant" = 1099568401;
-      Infuse = 1136220934;
-      Keynote = 409183694;
-      Numbers = 409203825;
-      Pages = 409201541;
-      PDFgear = 6469021132;
-      PL2303Serial = 1624835354;
-      WireGuard = 1451685025;
-    };
+    # Mac App Store apps are not managed declaratively: nix-darwin 26.05 forces
+    # activation to run as root, and `mas` cannot reach the App Store session
+    # from root, so installs silently fail. Install them by hand with
+    # `mas install <id>` from a GUI Terminal (the `mas` CLI is in
+    # environment.systemPackages above).
   };
 
   # Touch ID authorises sudo (and darwin-rebuild's sudo prompt) instead of a
   # typed password. sudo_local keeps the change in /etc/pam.d/sudo_local so it
-  # survives macOS updates.
-  security.pam.services.sudo_local.touchIdAuth = true;
+  # survives macOS updates. reattach pulls in pam_reattach: pam_tid (Touch ID)
+  # otherwise fails inside tmux/screen because the process is detached from the
+  # GUI login session -- and terminals here auto-start tmux, so it is required.
+  security.pam.services.sudo_local = {
+    touchIdAuth = true;
+    reattach = true;
+  };
 
   # Declarative macOS UI defaults -- the main reason to run nix-darwin beyond
   # package management. Applied on activation; all reversible.
   system.defaults = {
     dock = {
-      autohide = true;
       show-recents = false;
       mru-spaces = false; # don't reorder spaces by use
-      tilesize = 48;
     };
     finder = {
       AppleShowAllExtensions = true;