This repository is a declarative macOS configuration using nix, nix-darwin, and home-manager.

• nix-home
  • Installation
    • 1. Install Dependencies
      • 1.1. Install Nix
      • 1.2. Install Homebrew
    • 2. Clone Repository
    • 3. Build Nix stores
      • 3.1. Backup the existing nix.conf file
    • 4. Switch to the built Nix stores
    • 5. Import GPG Keys
    • 6. Decrypt secrets
  • Updates
    • 1. Find the latest stable version of Nix
    • 2. Update flake.lock file
  • Additional Scripts
    • Fetch packages from GitHub
  • References

Install Nix using nix-installer. Read more about it in the Get Nix running on your system guide.

curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install

We need to install Homebrew manually because nix-darwin won't handle Homebrew installation itself.

/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"

Note: Restart the machine if you experience issues with downloading Homebrew.

Clone this repository using HTTPS (because, at this point, we can't expect the new machine to have SSH set up).

git clone https://github.com/zainfathoni/nix-home.git

nix build .#darwinConfigurations.zain.system

Before continuing, backup the existing /etc/nix/nix.conf file from the initial Nix installation by running these commands.

cd /etc/nix
sudo mv nix.conf nix.conf.before-nix-darwin

Running the build result would also run the brew bundle command, which will install Brew packages defined in this repository.

./result/sw/bin/darwin-rebuild switch --flake .#zain

Import GPG Keys from my password manager.

1. Open the GPG Keychain application.
2. Copy the private key block to the clipboard.
3. The GPG Keychain will detect the private keys automatically.

Once yadm is installed using the command above, we can use yadm to decrypt the secrets.

yadm clone https://github.com/zainfathoni/yadm-home.git
yadm decrypt
# enter the passphrase (if prompted)

Here's how to update the Nix registry to the latest versions.

Visit Nix official website and find the latest stable version on the home page. Once you find the latest version, update all versions in flake.nix and default.nix files accordingly.

If you change nix dependencies, it's better to update the flake.lock file accordingly. You can do it by using either of these commands:

$ nix flake update # run this when you're inside the root directory of this nix-home repository

Get rev & sha256 values for packages fetched from GitHub.

$ nix-prefetch-git <github-repository-url>

• Declarative macOS Configuration Using nix-darwin And home-manager