smg1024/nix-darwin
1
0
Fork 0
mirror of https://github.com/smg1024/nix-darwin.git synced 2026-05-22 20:32:59 +09:00
Code Issues Projects Releases Packages Wiki Activity Actions
Poby's nix-darwin setup
60 commits 1 branch 0 tags 178 KiB
Find a file
Poby 8014e2cc45
feat: aerospace, wezterm config 
utm for vm
2026-03-20 22:58:30 +09:00
.codex/skills/readme docs: update README and codex skills 2026-03-16 22:24:17 +09:00
home feat: aerospace, wezterm config 2026-03-20 22:58:30 +09:00
hosts feat: aerospace, wezterm config 2026-03-20 22:58:30 +09:00
secrets feat: add github_cli_token as sops secret 2026-03-15 02:50:21 +09:00
.gitignore feat(git): git signing with ssh 2026-03-15 02:50:35 +09:00
.sops.yaml feat: sops-nix configuration 2026-03-15 02:50:19 +09:00
AGENTS.md feat: add AGENTS.md 2026-03-15 02:50:28 +09:00
flake.lock feat: sops-nix configuration 2026-03-15 02:50:19 +09:00
flake.nix refactor(darwin): import via ./hosts 2026-03-16 22:01:29 +09:00
Justfile feat: add AGENTS.md 2026-03-15 02:50:28 +09:00
README-ko.md docs: update README and codex skills 2026-03-16 22:24:17 +09:00
README.md docs: update README and codex skills 2026-03-16 22:24:17 +09:00

README.md

nix-darwin

한국어

Declarative macOS setup with nix-darwin, home-manager, nix-homebrew, and sops-nix.

What This Repo Manages

  • System-level macOS configuration in hosts/
  • User-level tooling, shell, terminal, and editor config in home/
  • Declarative Homebrew taps/apps/casks in hosts/apps.nix
  • Encrypted secrets via SOPS (secrets/ + .sops.yaml)

Prerequisites

  • macOS on Apple Silicon (aarch64-darwin)
  • Nix with flakes enabled (nix-command + flakes)
  • just (command runner)
  • SOPS age key at:
~/.config/sops/age/keys.txt

Repository Layout

  • flake.nix: flake inputs/outputs and darwinConfigurations
  • Justfile: day-to-day commands (darwin, darwin-debug, fmt, up, gc)
  • hosts/: system modules
    • default.nix
    • nix-core.nix
    • system.nix
    • apps.nix
    • host-users.nix
  • home/: Home Manager modules (git.nix, zsh.nix, nvf/, aerospace.nix, etc.)
  • secrets/: encrypted secret files (poby.yaml)

Common Commands

# List available tasks
just

# Build and switch for current machine hostname
just darwin $(hostname)

# Build and switch with trace/verbose logs
just darwin-debug $(hostname)

# Format Nix files (from repository root)
just fmt .

# Update all flake inputs
just up

# Update one flake input
just upp nixpkgs-darwin

# Validate build without switching (example host: fenrir)
nix build .#darwinConfigurations.fenrir.system --extra-experimental-features 'nix-command flakes'

# Inspect profile history / cleanup old generations
just history
just clean
just gc

Configuration Notes

  • flake.nix currently defines one darwinConfigurations entry from hostname, and imports system modules through ./hosts.
  • home/default.nix composes user modules (shell, git, nvf, aerospace, sops, ssh).
  • Aerospace multi-monitor workspace assignment lives in home/aerospace.nix.
  • Homebrew-first app management (for frequently updated apps) is in hosts/apps.nix.

Secrets

  • Keep secrets encrypted in secrets/*.yaml.
  • .sops.yaml enforces encryption rules for secrets/.*\.yaml.
  • Home Manager reads from secrets/poby.yaml via home/sops.nix:
    • github_ssh_key
    • github_cli_token

Troubleshooting

  • Use just darwin-debug <hostname> for detailed evaluation/build output.
  • If evaluation fails for a host, verify it exists under darwinConfigurations.
  • If settings look stale after a successful build, run switch again and verify active hostname/config values.

Milestone

  • multi-host implementation