nix-home

This repository is a declarative macOS configuration using nix, nix-darwin, and home-manager.

• nix-home
  • Installation
    • 1. Install Dependencies
      • 1.1. Install Nix
      • 1.2. Install Homebrew
    • 2. Clone Repository
    • 3. Build Nix stores
      • 3.1. Backup the existing nix.conf file
    • 4. Switch to the built Nix stores
    • 5. Import GPG Keys
    • 6. Decrypt secrets
  • Updates
    • 1. Find the latest stable version of Nix
    • 2. Update flake.lock file
  • Additional Scripts
    • Fetch packages from GitHub
  • References

Installation

1. Install Dependencies

1.1. Install Nix

Install Nix using nix-installer. Read more about it in the Get Nix running on your system guide.

curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install

1.2. Install Homebrew

We need to install Homebrew manually because nix-darwin won't handle Homebrew installation itself.

/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"

Note: Restart the machine if you experience issues with downloading Homebrew.

2. Clone Repository

Clone this repository using HTTPS (because, at this point, we can't expect the new machine to have SSH set up).

git clone https://github.com/zainfathoni/nix-home.git

3. Build Nix stores

nix build .#darwinConfigurations.zain.system

3.1. Backup the existing nix.conf file

Before continuing, backup the existing /etc/nix/nix.conf file from the initial Nix installation by running these commands.

cd /etc/nix
sudo mv nix.conf nix.conf.before-nix-darwin

4. Switch to the built Nix stores

Running the build result would also run the brew bundle command, which will install Brew packages defined in this repository.

./result/sw/bin/darwin-rebuild switch --flake .#zain

5. Import GPG Keys

Import GPG Keys from my password manager.

1. Open the GPG Keychain application.
2. Copy the private key block to the clipboard.
3. The GPG Keychain will detect the private keys automatically.

6. Decrypt secrets

Once yadm is installed using the command above, we can use yadm to decrypt the secrets.

yadm clone https://github.com/zainfathoni/yadm-home.git
yadm decrypt
# enter the passphrase (if prompted)

Updates

Here's how to update the Nix registry to the latest versions.

1. Find the latest stable version of Nix

Visit Nix official website and find the latest stable version on the home page. Once you find the latest version, update all versions in flake.nix and default.nix files accordingly.

2. Update flake.lock file

If you change nix dependencies, it's better to update the flake.lock file accordingly. You can do it by using either of these commands:

$ nix flake update # run this when you're inside the root directory of this nix-home repository

Additional Scripts

Fetch packages from GitHub

Get rev & sha256 values for packages fetched from GitHub.

$ nix-prefetch-git <github-repository-url>

References

• Declarative macOS Configuration Using nix-darwin And home-manager