smg1024/nix-darwin
1
0
Fork 0
mirror of https://github.com/smg1024/nix-darwin.git synced 2026-05-22 20:32:59 +09:00
Code Issues Projects Releases Packages Wiki Activity Actions
nix-darwin/README.md
Poby f80b0b0d4f
chore: add todo in README.md
2026-03-24 21:00:03 +09:00

2.6 KiB
Raw Blame History

nix-darwin

한국어

Declarative macOS setup with nix-darwin, home-manager, nix-homebrew, and sops-nix.

What This Repo Manages

  • System-level macOS configuration in hosts/
  • User-level tooling, shell, terminal, and editor config in home/
  • Declarative Homebrew taps/apps/casks in hosts/apps.nix
  • Encrypted secrets via SOPS (secrets/ + .sops.yaml)

Prerequisites

  • macOS on Apple Silicon (aarch64-darwin)
  • Nix with flakes enabled (nix-command + flakes)
  • just (command runner)
  • SOPS age key at:
~/.config/sops/age/keys.txt

Repository Layout

  • flake.nix: flake inputs/outputs and darwinConfigurations
  • Justfile: day-to-day commands (darwin, darwin-debug, fmt, up, gc)
  • hosts/: system modules
    • default.nix
    • nix-core.nix
    • system.nix
    • apps.nix
    • host-users.nix
  • home/: Home Manager modules (git.nix, zsh.nix, nvf/, aerospace.nix, etc.)
  • secrets/: encrypted secret files (poby.yaml)

Common Commands

# List available tasks
just

# Build and switch for current machine hostname
just darwin $(hostname)

# Build and switch with trace/verbose logs
just darwin-debug $(hostname)

# Format Nix files (from repository root)
just fmt .

# Update all flake inputs
just up

# Update one flake input
just upp nixpkgs-darwin

# Validate build without switching (example host: fenrir)
nix build .#darwinConfigurations.fenrir.system --extra-experimental-features 'nix-command flakes'

# Inspect profile history / cleanup old generations
just history
just clean
just gc

Configuration Notes

  • flake.nix currently defines one darwinConfigurations entry from hostname, and imports system modules through ./hosts.
  • home/default.nix composes user modules (shell, git, nvf, aerospace, sops, ssh).
  • Aerospace multi-monitor workspace assignment lives in home/aerospace.nix.
  • Homebrew-first app management (for frequently updated apps) is in hosts/apps.nix.

Secrets

  • Keep secrets encrypted in secrets/*.yaml.
  • .sops.yaml enforces encryption rules for secrets/.*\.yaml.
  • Home Manager reads from secrets/poby.yaml via home/sops.nix:
    • github_ssh_key
    • github_cli_token

Troubleshooting

  • Use just darwin-debug <hostname> for detailed evaluation/build output.
  • If evaluation fails for a host, verify it exists under darwinConfigurations.
  • If settings look stale after a successful build, run switch again and verify active hostname/config values.

Milestone

  • multi-host implementation
  • Dentritic Pattern - using flake-parts