mirror of
https://github.com/smg1024/nix-darwin.git
synced 2026-05-22 20:32:59 +09:00
Poby's nix-darwin setup
| .codex | ||
| hosts | ||
| modules | ||
| secrets | ||
| .gitignore | ||
| .sops.yaml | ||
| AGENTS.md | ||
| flake.lock | ||
| flake.nix | ||
| Justfile | ||
| README-ko.md | ||
| README.md | ||
nix-darwin
Declarative macOS setup with nix-darwin, home-manager, nix-homebrew, and
sops-nix.
What This Repo Manages
- Flake orchestration and host assembly in
modules/flake/ - Auto-discovered Darwin and Home Manager aspects in
modules/aspects/ - Auto-discovered host declarations in
hosts/ - Encrypted secrets via SOPS (
secrets/+.sops.yaml)
Prerequisites
- macOS on Apple Silicon (
aarch64-darwin) - Nix with flakes enabled (
nix-command+flakes) just(command runner)- SOPS age key at:
~/.config/sops/age/keys.txt
Repository Layout
flake.nix:flake-partsentrypoint and flake inputsJustfile: day-to-day commands (darwin,darwin-debug,fmt,up,gc)modules/flake/: repo options, Darwin assembly, and shared context modulesmodules/aspects/: auto-discovered aspect entry modules such asbase,homebrew,shell,editor, anddesktopmodules/aspects/_*/: ignored internal implementation trees that back the public aspect entry moduleshosts/: auto-discovered host declarations that registersystemand a flatfeatureslistsecrets/: encrypted secret files (poby.yaml)
Common Commands
# List available tasks
just
# Build and switch for current machine hostname
just darwin $(hostname)
# Build and switch with trace/verbose logs
just darwin-debug $(hostname)
# Format Nix files (from repository root)
just fmt .
# Update all flake inputs
just up
# Update one flake input
just upp nixpkgs
# Validate build without switching (example host: fenrir)
nix build .#darwinConfigurations.fenrir.system --extra-experimental-features 'nix-command flakes'
# Validate without realizing a full build
nix build .#darwinConfigurations.fenrir.system --dry-run --extra-experimental-features 'nix-command flakes'
# Inspect profile history / cleanup old generations
just history
just clean
just gc
Configuration Notes
flake.nixnow usesflake-parts, keeps./modules/flakeexplicit, and auto-discovers./modules/aspectsand./hoststhroughimport-tree.hosts/fenrir.nixis the current host declaration and mapsfenrirto one flat feature list.modules/flake/darwin-configurations.nixassembles each host’sdarwinConfigurations.<host>output and embeds Home Manager for userpoby.modules/aspects/is the feature vocabulary for hosts. The current feature set isbase,nix-core,system-packages,homebrew,macos-defaults,activation,fonts,sudo-auth,shell,cli-tools,git,ssh,secrets,terminal,editor,desktop, andfenrir.- The
cli-toolsaspect owns the CLI user tool set, includingzoxide. modules/aspects/_*/contains implementation files that are intentionally not auto-loaded.import-treeskips paths containing/_, which is the repo’s convention for internal helpers and subtrees like the NVF source.- Home Manager is Darwin-integrated only in this phase; no standalone
homeConfigurationsoutput is exposed.
Adding A Host
- Create
hosts/<hostname>.nix. - Register
repo.hosts.<hostname>.system. - Register
repo.hosts.<hostname>.featureswith the desired aspect names. - Add any host-specific behavior as a new aspect in
modules/aspects/instead of modifying shared features.
Secrets
- Keep secrets encrypted in
secrets/*.yaml. .sops.yamlenforces encryption rules forsecrets/.*\.yaml.- Home Manager reads from
secrets/poby.yamlvia thesecretsaspect:github_ssh_keygithub_cli_token
Troubleshooting
- Use
just darwin-debug <hostname>for detailed evaluation/build output. - If evaluation fails for a host, verify it exists under
darwinConfigurations. - Dry-run evaluation with
nix build .#darwinConfigurations.<host>.system --dry-runbefore a full switch when you only want to confirm the dependency graph. - If settings look stale after a successful build, run switch again and verify active hostname/config values.