manage touchid sudo with nix-darwin

This commit is contained in:
Noah Masur 2022-09-25 14:47:04 +00:00
parent ba14638a8a
commit 1addb7ec21

View File

@ -2,6 +2,8 @@
services.nix-daemon.enable = true; services.nix-daemon.enable = true;
security.pam.enableSudoTouchIdAuth = true;
system = { system = {
keyboard = { keyboard = {
@ -161,16 +163,6 @@
"$(__dock_item /Applications/Alacritty.app)" \ "$(__dock_item /Applications/Alacritty.app)" \
"$(__dock_item /System/Applications/System\ Preferences.app)" "$(__dock_item /System/Applications/System\ Preferences.app)"
echo "Enable sudo Touch ID"
echo "# sudo: auth account password session" > /tmp/sudofile
echo "auth sufficient pam_smartcard.so" >> /tmp/sudofile
echo "auth sufficient pam_tid.so " >> /tmp/sudofile
echo "auth required pam_opendirectory.so" >> /tmp/sudofile
echo "account required pam_permit.so" >> /tmp/sudofile
echo "password required pam_deny.so" >> /tmp/sudofile
echo "session required pam_permit.so" >> /tmp/sudofile
sudo mv /tmp/sudofile /etc/pam.d/sudo
echo "Allow apps from anywhere" echo "Allow apps from anywhere"
SPCTL=$(spctl --status) SPCTL=$(spctl --status)
if ! [ "$SPCTL" = "assessments disabled" ]; then if ! [ "$SPCTL" = "assessments disabled" ]; then