From 7b050d81c99dfbddbebbcd6be780750e0db43125 Mon Sep 17 00:00:00 2001
From: Emily <vcs@emily.moe>
Date: Mon, 3 Feb 2025 21:47:09 +0000
Subject: [PATCH] users: use `launchctl managername` to determine session type
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Seems like this should be more robust, and it will work even
after the activation script purifies its environment. Apparently
it may treat `tmux` sessions like SSH ones, which may have
something to do with `reattach-to-user-namespace`/`pam_reattach`; see
<https://github.com/ChrisJohnsen/tmux-MacOSX-pasteboard/issues/78#issuecomment-1074543831>.
(My hope is that `pam_reattach` does the right thing here, but I
haven’t tested.)
---
 modules/users/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/users/default.nix b/modules/users/default.nix
index 5affe6a85..fc7f51c8a 100644
--- a/modules/users/default.nix
+++ b/modules/users/default.nix
@@ -147,7 +147,7 @@ in
         homeDirectory=''${homeDirectory#NFSHomeDirectory: }
 
         if ! dscl . -change /Users/nobody NFSHomeDirectory "$homeDirectory" "$homeDirectory" &> /dev/null; then
-          if [[ -n "$SSH_CONNECTION" ]]; then
+          if [[ "$(launchctl managername)" != Aqua ]]; then
             printf >&2 '\e[1;31merror: users cannot be %s over SSH without Full Disk Access, aborting activation\e[0m\n' "$2"
             printf >&2 'The user %s could not be %s as `darwin-rebuild` was not executed with Full Disk Access over SSH.\n' "$1" "$2"
             printf >&2 'You can either:\n'