{"id":50521110,"url":"https://github.com/dryvist/nix-darwin","last_synced_at":"2026-06-03T04:03:09.853Z","repository":{"id":325269703,"uuid":"1097599056","full_name":"dryvist/nix-darwin","owner":"dryvist","description":"Flakes-based nix-darwin config for macOS — system packages, networking, security, and home-manager orchestration via Nix","archived":false,"fork":false,"pushed_at":"2026-05-29T04:19:13.000Z","size":5899,"stargazers_count":0,"open_issues_count":58,"forks_count":1,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-05-29T04:21:52.361Z","etag":null,"topics":["darwin","declarative","home-manager","infrastructure-as-code","macos","macos-configuration","nix","nix-darwin","nix-flakes","reproducible"],"latest_commit_sha":null,"homepage":"","language":"Nix","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dryvist.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null}},"created_at":"2025-11-16T13:44:51.000Z","updated_at":"2026-05-25T20:18:07.000Z","dependencies_parsed_at":null,"dependency_job_id":"ee3d5f64-869b-4cd3-a62e-cdd008d7ade0","html_url":"https://github.com/dryvist/nix-darwin","commit_stats":null,"previous_names":["jacobpevans/nix","jacobpevans/nix-darwin","dryvist/nix-darwin"],"tags_count":101,"template":false,"template_full_name":null,"purl":"pkg:github/dryvist/nix-darwin","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dryvist%2Fnix-darwin","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dryvist%2Fnix-darwin/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dryvist%2Fnix-darwin/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dryvist%2Fnix-darwin/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dryvist","download_url":"https://codeload.github.com/dryvist/nix-darwin/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dryvist%2Fnix-darwin/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33847265,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-03T02:00:06.370Z","response_time":59,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["darwin","declarative","home-manager","infrastructure-as-code","macos","macos-configuration","nix","nix-darwin","nix-flakes","reproducible"],"created_at":"2026-06-03T04:03:05.921Z","updated_at":"2026-06-03T04:03:09.841Z","avatar_url":"https://github.com/dryvist.png","language":"Nix","funding_links":[],"categories":[],"sub_categories":[],"readme":"# nix-darwin\n\n\u003e macOS system configuration managed with nix-darwin and Nix flakes.\n\n[![License][license-img]][license-link]\n\n[![CI Gate][ci-gate-img]][ci-gate-link] [![Nix Build][nix-build-img]][nix-build-link] [![Markdown Lint][md-lint-img]][md-lint-link]\n\n## What Is This?\n\nA flakes-only nix-darwin configuration for M4 Max MacBook Pro. Manages macOS\nsystem-level settings: system packages, Dock, Finder, keyboard, security,\nHomebrew, and LaunchDaemons -- all declaratively. User-level configuration\n(dotfiles, dev tools, LaunchAgents) is managed by nix-home and nix-ai,\nimported as flake inputs.\n\n**Part of a trio:**\n\n| Repo | Scope | Installs via |\n| ---- | ----- | ------------ |\n| **nix-darwin** (this repo) | macOS system config (Dock, Finder, Homebrew, security) | nix-darwin |\n| [nix-ai](https://github.com/JacobPEvans/nix-ai) | AI CLI ecosystem (Claude, Gemini, Copilot, MCP) | home-manager |\n| [nix-home](https://github.com/JacobPEvans/nix-home) | User environment (dotfiles, dev tools, LaunchAgents) | home-manager |\n\n## Prerequisites\n\n- **macOS on Apple Silicon** (aarch64-darwin only -- x86 Mac is not supported)\n- **Determinate Nix** installer: \u003chttps://install.determinate.systems\u003e\n- **git**\n\n## Quick Start\n\n### First-Time Setup\n\n```bash\n# 1. Clone as a bare repo (worktree convention used throughout ${GIT_HOME})\ngit clone --bare https://github.com/JacobPEvans/nix-darwin.git ${GIT_HOME_PUBLIC}/nix-darwin\ncd ${GIT_HOME_PUBLIC}/nix-darwin\n\n# 2. Create the main worktree\ngit worktree add main main\n\n# 3. Build and activate for the first time\ncd ${GIT_HOME_PUBLIC}/nix-darwin/main\nsudo darwin-rebuild switch --flake .\n```\n\n### Subsequent Rebuilds\n\n```bash\n# Rebuild after config changes\nd-r\n\n# Search for a package\nnix search nixpkgs \u003cname\u003e\n\n# Rollback if something breaks\nsudo darwin-rebuild --rollback\n```\n\nThe `d-r` alias (defined in nix-home) expands to `sudo darwin-rebuild switch --flake .`\nand handles full system + home-manager activation in one step.\nSee [RUNBOOK.md](RUNBOOK.md) for detailed operational procedures.\n\n## Supported Platforms\n\n**aarch64-darwin only.** This configuration targets Apple Silicon Macs.\nThe quality checks (`nix flake check`) run cross-platform (Linux/x86 too),\nbut the Darwin configuration itself only builds and activates on aarch64-darwin.\n\n## Pre-Commit Hooks\n\nFormatting and linting run automatically on every commit via pre-commit hooks\n(nixfmt, statix, deadnix, shellcheck). BATS shell tests run via `nix flake check`\nand CI -- not on each commit.\n\nTo install the hooks locally:\n\n```bash\nnix shell nixpkgs#pre-commit -c pre-commit install\n```\n\n## What It Manages\n\n- **Nix packages** via nixpkgs (preferred over Homebrew)\n- **macOS system defaults** (Dock, Finder, keyboard, trackpad, energy)\n- **Homebrew** (fallback for casks not in nixpkgs)\n- **Security settings** (firewall, Gatekeeper, stealth mode)\n- **LaunchAgents** via nix-darwin launchd modules\n- **Activation scripts** with error tracking and recovery\n\nSee **[MANIFEST.md](MANIFEST.md)** for the complete package inventory.\n\n## Directory Structure\n\n```text\n.\n├── flake.nix                  # Main entry point\n├── hosts/                     # Host-specific configurations\n│   └── macbook-m4/            # Active M4 Max MacBook Pro\n├── modules/                   # Reusable configuration modules\n│   └── darwin/                # macOS system settings\n├── overlays/                  # Nixpkgs overlays\n├── scripts/                   # Build and CI scripts\n├── lib/                       # Shared configuration variables\n└── tests/                     # Shell and integration tests\n```\n\nFull details in [ARCHITECTURE.md](ARCHITECTURE.md).\n\n## Key Components\n\n| Component | What It Does |\n| --------- | ------------ |\n| **Determinate Nix** | Manages Nix itself -- daemon, updates, core config |\n| **nix-darwin** | macOS packages, system settings, Homebrew integration |\n| **home-manager** | Activation recovery, config symlinks, and Raycast scripts |\n| **mac-app-util** | Stable app trampolines to preserve TCC permissions |\n| **[nix-ai](https://github.com/JacobPEvans/nix-ai)** | Shared home-manager modules for AI tools (Claude, Gemini, Copilot, MCP) |\n| **[nix-home](https://github.com/JacobPEvans/nix-home)** | Shared home-manager modules for dev environment (git, zsh, VS Code, tmux) |\n| **sops-nix** | Decrypts age-encrypted secrets to `/run/secrets/` for system services |\n\n## Secrets Management\n\nSystem-level secrets (used by LaunchDaemons and activation scripts) are managed via\n**[sops-nix](https://github.com/Mic92/sops-nix)**. Encrypted YAML files live in `secrets/`\nand are safe to commit. The age private key (`~/.config/sops/age/keys.txt`) is generated\nonce per machine and never committed.\n\n**Doppler** is used for developer credentials accessed in the user session (Terraform state,\nAPI tokens, etc.). Doppler CLI requires Keychain and cannot be called from activation scripts\n(which run as root). sops-nix handles that boundary.\n\nThis repo is the **orchestrator**: it pulls in `nix-ai` and `nix-home` as flake inputs\nand wires their `homeManagerModules.default` into the shared home-manager configuration.\nChanges to AI tools or dev environment settings belong in those repos, not here.\n\n**Key Rule**: Use nixpkgs for everything. Homebrew is fallback only.\n\n## Documentation\n\n| File | Purpose |\n| ---- | ------- |\n| [RUNBOOK.md](RUNBOOK.md) | Step-by-step operational procedures |\n| [ARCHITECTURE.md](ARCHITECTURE.md) | Detailed structure and module relationships |\n| [MANIFEST.md](MANIFEST.md) | Complete inventory of packages and settings |\n| [TROUBLESHOOTING.md](TROUBLESHOOTING.md) | Common issues and solutions |\n| [SETUP.md](SETUP.md) | Initial setup guide |\n| [CLAUDE.md](CLAUDE.md) | AI agent instructions |\n\n## Contributing\n\nContributions welcome. See [CONTRIBUTING.md](CONTRIBUTING.md) for details.\n\n## License\n\n[MIT](LICENSE)\n\n---\n\n*Built by a human, refined by AI, used by both.*\n\n\u003c!-- Badge references --\u003e\n[license-img]: https://img.shields.io/badge/License-MIT-blue.svg\n[license-link]: LICENSE\n[ci-gate-img]: https://github.com/JacobPEvans/nix-darwin/actions/workflows/ci-gate.yml/badge.svg\n[ci-gate-link]: https://github.com/JacobPEvans/nix-darwin/actions/workflows/ci-gate.yml\n[nix-build-img]: https://github.com/JacobPEvans/nix-darwin/actions/workflows/ci-nix.yml/badge.svg\n[nix-build-link]: https://github.com/JacobPEvans/nix-darwin/actions/workflows/ci-nix.yml\n[md-lint-img]: https://github.com/JacobPEvans/nix-darwin/actions/workflows/ci-markdownlint.yml/badge.svg\n[md-lint-link]: https://github.com/JacobPEvans/nix-darwin/actions/workflows/ci-markdownlint.yml\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdryvist%2Fnix-darwin","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdryvist%2Fnix-darwin","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdryvist%2Fnix-darwin/lists"}