A comprehensive, declarative macOS configuration using Nix flakes, nix-darwin, and home-manager. This configuration provides a reproducible development environment with carefully tuned system preferences, package management, and application settings.
This configuration uses a modular architecture combining:
- Nix Flakes for reproducible builds and dependency management
- nix-darwin for macOS system configuration
- home-manager for user-level packages and dotfiles
- nix-homebrew for declarative Homebrew management
- Fully Reproducible Environment - Every setting, package, and preference is declared in code and version-controlled
- Zero-Configuration Setup - Clone and run a single command to get a complete development environment
- Atomic System Updates - Build and test changes before applying, with instant rollback capability
- Hybrid Package Management - Combines Nix's reproducibility with Homebrew's macOS app ecosystem
- Infrastructure-as-Code - Complete macOS system configuration managed through Nix modules
-
Install Nix (if not already installed):
curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install
-
Clone and bootstrap:
git clone <this-repo> cd nixos-config just bootstrap
-
Build and install:
just install
- Update system:
just update && just install - Install new software: Add to appropriate package list and run
just install - Rollback changes:
just rollback - Clean old generations:
just clean
All common operations are available through the just task runner:
just bootstrap # Bootstrap new macOS installationRuns ./bootstrap.zsh to install Xcode CLI tools and Nix.
just build # Build configuration without applying
just install # Build and switch to new configuration
just rollback # Rollback to previous generation
just list # List all system generationsjust update # Update all flake inputs
just update-flake FLAKE # Update specific flake input
just clean # Clean up old generationsjust # Show all available commands- CLI tools: Add to
modules/packages.nix - GUI apps: Add to
modules/darwin/homebrew/casks.nix - Homebrew formulas: Add to
modules/darwin/homebrew/brews.nix - Mac App Store: Add to homebrew
masAppslist
- Edit relevant files in
modules/darwin/ - Each module handles specific system aspects (keyboard, finder, dock, etc.)
- Run
just installto apply changes
- Add dock entries in
modules/darwin/dock/default.nix - Configure app-specific preferences in
modules/darwin/applications/
This configuration uses a hybrid approach with four package managers:
- Nix Packages - CLI tools, development dependencies, and system utilities
- Homebrew Casks - GUI applications and macOS-specific software
- Homebrew Brews - Additional CLI tools not available in Nix
- Mac App Store Apps - Apps distributed through Apple's store
Each package manager handles what it does best: Nix for reproducible development tools, Homebrew for macOS applications, and the Mac App Store for Apple ecosystem integration.
- Firewall enabled with stealth mode
- Secure DNS (Cloudflare 1.1.1.1)
- GPG integration with pinentry for macOS
- No .DS_Store files on network/USB drives
- Quarantine disabled for trusted applications
- Auto-updates for critical security patches
nixos-config/
├── flake.nix # Main flake configuration
├── flake.lock # Pinned dependency versions
├── justfile # Task runner commands
├── bootstrap.zsh # Initial setup script
├── hosts/darwin/ # Host-specific configuration
├── modules/
│ ├── darwin/ # macOS system modules
│ │ ├── applications/ # App-specific preferences
│ │ ├── dock/ # Custom dock management
│ │ └── homebrew/ # Homebrew package lists
│ ├── packages.nix # Nix package definitions
│ └── home-manager.nix # User-level configuration
└── apps/ # System management scripts| Component | Description | Location |
|---|---|---|
| Flake Configuration | Main entry point defining inputs, outputs, and system configuration | flake.nix |
| Darwin Host | macOS system-level configuration and module imports | hosts/darwin/ |
| Darwin Modules | Modular macOS system preferences and application settings | modules/darwin/ |
| Package Management | Comprehensive package list | modules/packages.nix |
| Home Manager | User-level package management and service configuration | modules/home-manager.nix |
| Homebrew Integration | Declarative Homebrew casks, brews, and Mac App Store apps | modules/darwin/homebrew/ |
| Applications | System management scripts (build, install, rollback) | apps/ |
| Bootstrap Script | Initial system setup script for new macOS installations | bootstrap.zsh |
| Task Runner | Just commands for common operations | justfile |
| Module | Description | Location |
|---|---|---|
| Applications | App-specific preferences (Activity Monitor, Spotlight, etc.) | modules/darwin/applications/ |
| Dock | Custom declarative dock management with dockutil | modules/darwin/dock/ |
| Finder | Finder preferences and file management settings | modules/darwin/finder.nix |
| Keyboard | Keyboard behavior and shortcuts | modules/darwin/keyboard.nix |
| Networking | Network configuration, DNS, and firewall settings | modules/darwin/networking.nix |
| Desktop | Window management and desktop behavior | modules/darwin/desktop.nix |
| System Preferences | Complete macOS system preferences coverage | modules/darwin/*.nix |