Nix Managed macOS Launchd Agents
Home Manager launchd agents on macOS show as “sh from unidentified developer” in System Settings > Login Items because they wrap binaries in /bin/sh -c "/bin/wait4path /nix/store && exec <binary>".
Why the wait4path wrapper exists
At boot, /nix/store may not be mounted yet. The /bin/sh wrapper blocks until the store is available. KeepAlive.PathState is NOT a good alternative because launchd can still try to start the service before the path exists and penalize it.
Fix: AssociatedBundleIdentifiers
Apple’s launchd.plist(5) supports an AssociatedBundleIdentifiers key (since macOS Ventura) that tells the Login Items UI which app to associate the agent with. Home Manager’s launchd module has freeformType = attrsOf anything, so arbitrary plist keys are accepted:
launchd.agents.aerospace.config.AssociatedBundleIdentifiers = "bobko.aerospace";
launchd.agents.jankyborders.config.AssociatedBundleIdentifiers = "com.mitchellh.ghostty";For CLI tools without a bundle (atuin, tldr), associate with a parent app like the terminal emulator.
Clearing cached entries
sudo sfltool resetbtm resets the BTM database. Side effect: also wipes “Open at Login” items (those don’t auto-restore after reboot). Dump current state first with sudo sfltool dumpbtm > ~/Documents/btmdump.txt.