A modular, maintainable nix-darwin configuration for macOS systems with comprehensive tooling and automation.
- 🎯 Modular Architecture: Clean separation of concerns with focused modules
- 🔧 Comprehensive Tooling: Bootstrap, health-check, and recovery scripts
- 🧪 Full Test Suite: Unit and integration tests with CI/CD
- 📚 Rich Documentation: Architecture diagrams and detailed guides
- 🚀 Modern Development: Latest tools and best practices
- 🔒 Security First: Proper secrets handling and validation
- macOS (Intel or Apple Silicon)
- Internet connection
- Administrator access
-
Run the bootstrap script:
curl -L https://raw.githubusercontent.com/yourusername/nixdots/main/scripts/bootstrap.sh | bash -
Or manually:
# Install Nix curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install # Clone repository git clone https://github.com/yourusername/nixdots.git ~/nixdots cd ~/nixdots # Build and switch darwin-rebuild switch --flake .#$(hostname -s)
.
├── flake.nix # Entry point defining systems
├── lib/ # Helper functions and abstractions
│ ├── mkSystem.nix # System builder functions
│ ├── options.nix # Option type helpers
│ └── validators.nix # Configuration validators
├── modules/ # Modular system configuration
│ ├── core/ # Core system modules
│ ├── darwin/ # macOS-specific modules
│ │ ├── ui/ # UI customizations
│ │ ├── system/ # System preferences
│ │ └── apps/ # Application settings
│ ├── home/ # User environment modules
│ │ ├── shell/ # Shell configurations
│ │ ├── tools/ # Development tools
│ │ └── editors/ # Editor settings
│ └── services/ # System services
├── machines/ # Host-specific configurations
├── users/ # User-specific configurations
├── scripts/ # Operational scripts
│ ├── bootstrap.sh # Initial setup
│ ├── health-check.sh # System verification
│ └── recovery.sh # Disaster recovery
├── tests/ # Test infrastructure
└── docs/ # Documentation
# Most common - rebuild and switch
just switch # or: just s
# Build without switching
just build # or: just b
# Update all inputs
just update # or: just u
# Format code
just fmt
# Run checks
just check
# Clean old generations
just clean # or: just gc
# Show available commands
just# Rebuild system
darwin-rebuild switch --flake .#$(hostname -s)
# Check configuration
nix flake check
# Update inputs
nix flake update
# Garbage collection
nix-collect-garbage -dThe configuration uses a modular architecture with clear separation:
- Core Modules (
modules/core/): Nix settings, security - Darwin Modules (
modules/darwin/): macOS customizations - Home Modules (
modules/home/): User environment - Service Modules (
modules/services/): System services
See docs/ARCHITECTURE.md for detailed architecture documentation.
-
Create
machines/hostname.nix:{ config, pkgs, lib, ... }: { networking.hostName = "hostname"; system.stateVersion = 4; # Machine-specific configuration }
-
Add to
flake.nix:darwinConfigurations.hostname = nix-darwin.lib.darwinSystem { system = "aarch64-darwin"; # or "x86_64-darwin" modules = [ ./modules/core/nix.nix ./modules/darwin ./modules/services/homebrew.nix ./machines/hostname.nix # ... user config ]; };
Enable/disable specific features in your user configuration:
{
# Disable specific darwin modules
modules.darwin.safari.enable = false;
# Configure git
modules.home.tools.git = {
userName = "Your Name";
userEmail = "[email protected]";
signing.enable = true;
signing.key = "YOUR_GPG_KEY";
};
# Choose shell prompt style
modules.home.shell.prompts.style = "full"; # minimal, full, custom
}- Modern Shell: Zsh with autosuggestions, syntax highlighting
- Smart Prompt: Starship with git integration
- CLI Tools: ripgrep, fd, bat, eza, delta, and more
- Development: Git, tmux, neovim, direnv, fzf
- Languages: Node.js, Python, Go, Rust (via user config)
- System Preferences: Dock, Finder, keyboard, trackpad
- Security: Touch ID for sudo, FileVault
- Applications: Safari, Terminal, Activity Monitor settings
- Homebrew: GUI applications and Mac App Store apps
- Bootstrap Script: Zero to functional system
- Health Checks: System verification and diagnostics
- Recovery Tools: Rollback and repair capabilities
- Test Suite: Automated testing for all modules
- CI/CD: GitHub Actions for continuous validation
# Run health check
./scripts/health-check.sh
# Enter recovery mode
./scripts/recovery.sh
# Rollback to previous generation
darwin-rebuild --rollback
# Fix Nix store permissions
sudo nix-store --verify --check-contents --repair- Module not found: Check import paths and typos
- Build failures: Run with
--show-tracefor details - Permission denied: Ensure proper sudo access
- Flake issues: Try
nix flake update
# Run all tests
just test
# Run specific test suite
./tests/unit/test-modules.sh
./tests/integration/test-full-build.sh
# Validate structure
./tests/lib/validate-structure.sh- Fork the repository
- Create a feature branch
- Make your changes
- Run tests
- Submit a pull request
- No secrets in code: Use environment variables or secret management
- Validated inputs: All configuration options are type-checked
- Minimal permissions: Only request necessary access
- Regular updates: Keep dependencies current
- Fast evaluation: < 5 second configuration evaluation
- Optimized builds: Shared nixpkgs, minimal rebuilds
- Efficient runtime: Lazy loading, optimized PATH
- Smart caching: Nix store deduplication
MIT - See LICENSE file for details.
Inspired by the Nix community and various configurations:
For detailed architecture documentation, see docs/ARCHITECTURE.md. For improvement plans and roadmap, see NIX_FIX.md.