Skip to content
/ OS-nixCfg Public

nix (via nix-darwin, nixos, nix-on-droid, home-manager, etc.) declarative configurations to attain my deterministically reproducible layer

License

MIT license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

DivitMittal/OS-nixCfg

BranchesTags

Repository files navigation

An abstract image of a donut-like object

OS-nixCfg

My personal declarative Nix configurations for macOS, Android, and Linux (NixOS/WSL).
nix-flake-check home-manager-build nix-darwin-build nixos-build

Contents

📜 Overview

This repository contains primarily nix configurations, leveraging Nix Flakes, Home Manager, and system-specific modules (NixOS, nix-darwin, nix-on-droid) to achieve a purely declarative, reproducible, and consistent environment across multiple OSes on multiple hosts for multiple users:

  • 🍎 macOS (via nix-darwin)
  • 🤖 Android (via nix-on-droid)
  • 🐧 *nix (NixOS) (including WSL via NixOS-WSL)

📁 Project Structure

The repository is organized using flake-parts for better modularity.

└── OS-nixCfg/
    ├── .editorconfig
    ├── .envrc
    ├── .gitattributes
    ├── .gitignore
    ├── flake.lock
    ├── flake.nix
    ├── LICENSE
    ├── README.md
    ├── assets/
    │   ├── graph.png
    │   └── qezta.png
    ├── common/
    │   ├── all/
    │   ├── home/
    │   └── hosts/
    ├── flake/
    │   ├── actions.nix
    │   ├── checks.nix
    │   ├── default.nix
    │   ├── devshells.nix
    │   ├── formatters.nix
    │   └── mkHost.nix
    ├── home/
    │   ├── comms/
    │   ├── default.nix
    │   ├── desktop-env/
    │   ├── dev/
    │   ├── keyboard/
    │   ├── media/
    │   ├── tools/
    │   ├── tty/
    │   └── web/
    ├── hosts/
    │   ├── darwin/
    │   ├── default.nix
    │   ├── droid/
    │   └── nixos/
    ├── lib/
    │   ├── custom.nix
    │   └── default.nix
    ├── modules/
    │   ├── default.nix
    │   ├── home/
    │   └── hosts/
    ├── overlays/
    ├── pkgs/
    └── utils/

📊 Home Manager Profile Graph

This graph visualizes the dependencies of the Home Manager profile configuration:

Home Manager Profile Dependency Graph

❄️Flake Inputs

This flake relies on several external inputs to manage dependencies and configurations:

  • Core & System:
    • nixpkgs: The core Nix package set (tracking nixpkgs-unstable).
    • nixpkgs-master: Tracks the master branch of Nixpkgs (used occasionally).
    • systems: Provides standard system identifiers (e.g., x86_64-darwin).
  • Flake Helpers:
    • flake-parts: Used for structuring the flake outputs with modularity.
    • flake-utils: General utilities for flakes.
    • devshell: Provides convenient development shells.
    • pre-commit-hooks: Manages Git hooks for code quality and formatting.
    • treefmt-nix: For code formatting integration.
  • OS Integration:
    • home-manager: Manages user-level configurations and dotfiles.
    • nix-darwin: Enables declarative macOS system configuration.
    • nix-homebrew: For Homebrew package integration within nix-darwin.
    • nixos-wsl: Provides modules for running NixOS on WSL.
    • nix-on-droid: Enables declarative Android configuration via Termux fork.
  • Secrets Management:
    • agenix: Base library for managing secrets declaratively via age encryption.
    • ragenix: Rust implementation/wrapper for agenix.
    • OS-nixCfg-secrets: (Private Repository) Contains encrypted secrets managed by ragenix.
  • Application/Tooling Specific:
    • nix-index-database: Provides a database for nix-index.
    • Nvim-Cfg: My external Neovim configuration repository (used as a source).
    • nvchad4nix: Integrates Neovim configurations (like NvChad or custom starters) with Home Manager.
    • kanata-tray: Provides a system tray application for managing Kanata keyboard remapping presets.
    • betterfox: Nix integration for Betterfox Firefox hardening.
    • brew-nix: Alternative Nix integration for Homebrew casks/formulae (using a local fork).
    • brew-api: Homebrew API data used by brew-nix.

(See flake.nix for the complete list and specific sources/versions)

🔒 Secrets Management

Secrets (API keys, passwords, sensitive configurations) are managed using agenix or specificaly ragenix.

  1. Secrets are encrypted using ssh keys. My public key is explicitly available to ragenix.
  2. The encrypted files reside in a private GitHub repository: DivitMittal/OS-nixCfg-secrets. This repository is referenced as a flake input.
  3. During the Nix build process, agenix decrypts these files using my private key (which must be present on the target machine at ~/.ssh/agenix/id_ed25519).
  4. The decrypted files are placed in the Nix store and symlinked to their target locations.

⚠️ Building this configuration requires access to the private OS-nixCfg-secrets repository and the corresponding private ssh key.

🔗 Related Repositories

  • DivitMittal/Nvim-Cfg: Pure lua standalone Neovim configuration, used as an input via nix4nvchad.
  • DivitMittal/Emacs-Cfg: An elisp doomemacs configuration, used as an input via nix-doom-emacs-unstraightened.
  • DivitMittal/OS-nixCfg-secrets: (Private) Contains encrypted secrets managed by agenix.
  • DivitMittal/TLTR: Cross-platform complex multi-layer keyboard layout tailored for programmers .

About

nix (via nix-darwin, nixos, nix-on-droid, home-manager, etc.) declarative configurations to attain my deterministically reproducible layer

Topics

nix emacs neovim nixos nix-darwin flakes home-manager agenix nix-on-droid nixos-wsl flake-parts

Resources

Readme

License

MIT license

Security policy

Security policy
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Contributors 2

  •  
  •  

Languages