users: use launchctl managername to determine session type

Seems like this should be more robust, and it will work even after the activation script purifies its environment. Apparently it may treat `tmux` sessions like SSH ones, which may have something to do with `reattach-to-user-namespace`/`pam_reattach`; see <ChrisJohnsen/tmux-MacOSX-pasteboard#78 (comment)>. (My hope is that `pam_reattach` does the right thing here, but I haven’t tested.)
LnL7 · Feb 3, 2025 · 4aa8396 · 4aa8396
1 parent b97d50c
commit 4aa8396
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/modules/users/default.nix b/modules/users/default.nix
@@ -147,7 +147,7 @@ in
         homeDirectory=''${homeDirectory#NFSHomeDirectory: }
 
         if ! dscl . -change /Users/nobody NFSHomeDirectory "$homeDirectory" "$homeDirectory" &> /dev/null; then
-          if [[ -n "$SSH_CONNECTION" ]]; then
+          if [[ "$(launchctl managername)" != Aqua ]]; then
             printf >&2 '\e[1;31merror: users cannot be %s over SSH without Full Disk Access, aborting activation\e[0m\n' "$2"
             printf >&2 'The user %s could not be %s as `darwin-rebuild` was not executed with Full Disk Access over SSH.\n' "$1" "$2"
             printf >&2 'You can either:\n'
@@ -172,7 +172,7 @@ in
               printf >&2 '`darwin-rebuild` requires permissions to administrate your computer,\n'
               printf >&2 'please accept the dialog that pops up.\n'
               printf >&2 '\n'
-              printf >&2 'If you do not wish to be prompted every time `darwin-rebuild updates your users,\n'
+              printf >&2 'If you do not wish to be prompted every time `darwin-rebuild` updates your users,\n'
               printf >&2 'you can grant Full Disk Access to your terminal emulator in System Settings.\n'
               printf >&2 '\n'
               printf >&2 'This can be found in System Settings > Privacy & Security > Full Disk Access.\n'