Nix Config for macOS + NixOS

Overview

Forked from dustinlyons - all credit towards him! :)

Modified for my personal needs. lot's of documentation stripped away. Detailed documentation can be found at dustin's repo (https://github.com/dustinlyons/nixos-config)

For macOS (May 2024)

This configuration supports both Intel and Apple Silicon Macs.

Prepare your system (Optional)

Before installing anything you'll need to prepare your system:

1. Don't register an Apple ID

2. Enable Lockdown Mode

3. Disable all Sharing stuff: General > Sharing: Disable All

4. Disable Notifications previews:

   • Notifications > Show Previews: Never
   • Notifications: Disable "Allow notifications when the screen is locked"
   • Lock Screen > Require password immediately

5. Change NTP Server: General > Date & Time > Source: Change to "pool.ntp.org"

6. Set the smart battery saver: Boost mode on AC and Low Power mode on battery

7. Disable Siri:

   • Siri and Spotlight: Disable "Ask Siri"
   • Siri and Spotlight > Siri Suggestions > Disable all

8. Disable Analytics:

   • Privacy and Security > Analytics > Improvements: Disable all
   • Privacy and Security > Apple Advertising > Disable personalized ads
   • Game Center: Disable all

1. Install dependencies

xcode-select --install

2. Install Nix

Thank you for the installer, Determinate Systems!

curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install

mkdir -p nixos-config && cd nixos-config && nix flake --extra-experimental-features 'nix-command flakes' init -t github:dlorent/nixos-config#starter

4. Make apps executable

find apps/$(uname -m | sed 's/arm64/aarch64/')-darwin -type f \( -name apply -o -name build -o -name build-switch -o -name create-keys -o -name copy-keys -o -name check-keys \) -exec chmod +x {} \;

5. Apply your current user info

Run this Nix command to replace stub values with your system properties, username, full name, and email.

Email is only used in the git configuration.

nix run .#apply

9. Install configuration

Ensure the build works before deploying the configuration, run:

nix run .#build

10. Make changes

Finally, alter your system with this command:

nix run .#build-switch

Features

• Nix Flakes: 100% flake driven, no configuration.nix, no Nix channels─ just flake.nix
• Same Environment Everywhere: Easily share config across Linux and macOS (both Nix and Home Manager)
• macOS Dream Setup: Fully declarative macOS (Apple / Intel) w/ UI, dock and macOS App Store apps
• Simple Bootstrap: Simple Nix commands to start from zero, both x86 and macOS platforms
• Managed Homebrew: Zero maintenance homebrew environment with nix-darwin and nix-homebrew
• Disk Management: Declarative disk management with disko, say goodbye to disk utils
• Secrets Management: Declarative secrets with agenix for SSH, PGP, syncthing, and other tools
• Super Fast Emacs: Bleeding edge Emacs that fixes itself, thanks to a community overlay
• Built In Home Manager: home-manager module for seamless configuration (no extra clunky CLI steps)
• NixOS Environment: Extensively configured NixOS including clean aesthetic + window animations
• Nix Overlays: Auto-loading of Nix overlays: drop a file in a dir and it runs (great for patches!)
• Declarative Sync: No-fuss Syncthing: managed keys, certs, and configuration across all platforms
• Emacs Literate Configuration: Large Emacs literate configuration to explore (if that's your thing)
• Simplicity and Readability: Optimized for simplicity and readability in all cases, not small files everywhere
• Backed by Continuous Integration: Flake auto updates weekly if changes don't break starter build

Noteworthy additions

• Homebrew
  Added support for formulas
• Sudo fingerprints
  (security.pam.enableSudoTouchIdAuth = true;)

Tools Overview

Containers and Virtualization

• docker
  Platform for developing, shipping, and running applications in containers.
• docker-compose
  Tool for defining and running multi-container Docker applications.
• k9s
  Kubernetes CLI to manage and debug Kubernetes clusters.
• tailscale
  Zero-config VPN to connect your devices securely.

Development and Productivity

• gum
  A tool for writing interactive and rich shell scripts.
• raycast
  Productivity tool to control your Mac, launch applications, and execute scripts quickly.
• veracrypt
  Free open-source disk encryption software.

Communication

• discord
  Free voice, video, and text chat app for gamers and communities.
• slack
  Collaboration hub that connects work with people through messaging, tools, and files.
• zoom
  Video conferencing and online meeting platform.
• microsoft-teams
  Collaboration platform that combines workplace chat, meetings, file storage, and app integration.

Synchronization and File Management

• syncthing
  Open-source continuous file synchronization program.

Multimedia

• vlc
  Free and open-source cross-platform multimedia player and framework.
• spotify
  Digital music service that gives you access to millions of songs.
• ffmpeg
  Complete, cross-platform solution to record, convert and stream audio and video.

Web Browsers

• eloston-chromium
  Ungoogled Chromium browser focusing on privacy, control, and transparency.

Window Management

• rectangle
  Window management app for macOS for snapping windows into various positions and sizes.

Graphics and Fonts

• gimp
  Open-source raster graphics editor for image retouching and editing.
• emacs-all-the-icons-fonts
  Icons for Emacs to improve user interface aesthetics.
• dejavu_fonts
  Font family based on the Vera Fonts with additional characters.
• font-awesome
  Icon set and toolkit.
• hack-font
  Typeface designed for source code with a focus on legibility.
• noto-fonts
  Font family designed to cover all the scripts encoded in the Unicode standard.
• noto-fonts-emoji
  Set of color and black-and-white emoji fonts.
• meslo-lgs-nf
  Customized version of Apple’s Menlo font with added Powerline glyphs.
• jetbrains-mono
  Typeface designed for coding with better readability.

Terminals and Shells

• alacritty
  A fast, GPU-accelerated terminal emulator.
• zsh-powerlevel10k
  Theme for Zsh that emphasizes speed, flexibility, and out-of-the-box experience.
• tmux
  Terminal multiplexer to switch easily between several programs in one terminal.
• zellij
  Terminal workspace with support for tabs, splits, and more.
• atuin
  Enhanced shell history.

Utilities

• microsoft-auto-update
  Tool for updating Microsoft applications on Mac.
• aspell
  Spell-checking tool designed for various applications.
• aspellDicts.en
  English dictionary for Aspell.
• bash-completion
  Script for command-line completion in Bash.
• bat
  Cat clone with syntax highlighting and Git integration.
• btop
  Resource monitor that shows usage and stats for processor, memory, disks, network, and processes.
• coreutils
  Essential GNU utilities like ls, cat, and rm.
• killall
  Command to terminate all processes with a given name.
• neofetch
  Command-line system information tool written in Bash.
• openssh
  Suite of secure networking utilities based on the SSH protocol.
• sqlite
  C library that provides a lightweight, disk-based database.
• wget
  Network utility to retrieve files from the web using HTTP, HTTPS, and FTP.
• zip
  Compression and file packaging utility.
• unzip
  Utility to list, test, and extract compressed files in a ZIP archive.
• unrar
  Extract files from RAR archives.
• lsd
  Next-gen ls command with a lot of pretty colors and some additional features.
• htop
  Interactive process viewer for Unix systems.
• iftop
  Display bandwidth usage on an interface by host.
• jq
  Command-line JSON processor.
• ripgrep
  Line-oriented search tool that recursively searches your current directory for a regex pattern.
• tree
  Recursive directory listing command that produces a depth-indented listing of files.

Security and Encryption

• age
  Simple, modern, and secure file encryption tool.
• age-plugin-yubikey
  Plugin for using YubiKeys with age encryption.
• gnupg
  Free implementation of the OpenPGP standard for encrypting and signing data.
• libfido2
  Library for FIDO 2.0 and CTAP2 based authentication.

Cloud

• google-cloud-sdk
  CLI and libraries for interacting with Google Cloud services.