[meta] pam_reattach for sudo w/Touch ID in tmux

ansible/playbooks/homebrew.yml

@@ -25,6 +25,7 @@
         - direnv
         - exa
         - fasd
+        - fd
         - ffmpeg
         - fzf
         - git
@@ -47,6 +48,7 @@
         - ykman
         - youtube-dl
         - zsh
+        - fabianishere/personal/pam_reattach
 
   - name: install universal ctags
     homebrew:
@@ -84,7 +86,6 @@
         - font-hack
         - font-hasklig
         - font-source-code-pro
-        - google-chrome
         - hammerspoon
         - kaleidoscope
         - mailmate

ansible/playbooks/mac_os.yml

@@ -21,3 +21,21 @@
             /usr/libexec/PlistBuddy
             -c "Add :DCSActiveDictionaries:0 string /Users/alpha/Library/Containers/com.apple.Dictionary/Data/Library/Dictionaries/websters-1913.dictionary"
             ~/Library/Preferences/com.apple.DictionaryServices.plist
+
+    - name: Enable Touch ID for sudo
+      become: yes
+      lineinfile:
+        path: /etc/pam.d/sudo
+        insertafter: '^auth\s+sufficient'
+        regexp: '^auth\s+sufficient\s+pam_tid.so$'
+        line: "auth\tsufficient\tpam_tid.so"
+    - name: Enable Touch ID for sudo in tmux
+      block:
+        - shell: brew --prefix
+          register: brew_prefix
+        - lineinfile:
+            path: /etc/pam.d/sudo
+            insertbefore: '^auth\tsufficient\tpam_tid.so'
+            regexp: '^auth\s+optional\s+.*pam_reattach.so$'
+            line: "auth\toptional\t{{ brew_prefix.stdout | trim }}/lib/pam/pam_reattach.so"
+          become: yes