Leveraging nix, nix-os, nix-darwin, and home-manager to apply machine and home configurations
Built on the dendritic flake-parts pattern via
mightyiam/import-tree:
flake.nix is just mkFlake + (import-tree ./modules). Every .nix
file under ./modules/ is a flake-parts module that contributes to the
flake's outputs by option-merging.
.
├── flake.nix # mkFlake + (import-tree ./modules)
├── flake.lock # Lockfile (updated daily via GitHub Actions)
├── modules/ # Everything here is a flake-parts module
│ ├── wiring/
│ │ ├── hosts.nix # Central host registry (mkNixos / mkDarwin / mkHome)
│ │ ├── options.nix # Option declarations for non-standard flake outputs
│ │ └── formatter.nix # perSystem.formatter = nixfmt-rfc-style
│ ├── nixos-modules/ # NixOS feature modules (base, zfs, docker, ...)
│ ├── darwin-modules/ # Darwin feature modules (base, homebrew, determinate)
│ ├── home-modules/ # Home Manager feature modules (cli, fish, dev, ...)
│ ├── overlays/ # One flake-parts module per overlay
│ └── packages/ # perSystem.packages registrations
├── hosts/ # NOT loaded by import-tree; referenced from modules/wiring/hosts.nix
│ ├── nixos/
│ │ ├── nas/ # NixOS NAS server (Proxmox, ZFS, Samba, etc.)
│ │ ├── home/ # NixOS VM running in NAS
│ │ └── cloud/ # NixOS VM running in Oracle Cloud
│ ├── darwin/
│ │ ├── Jeffs-M3Pro.nix # Personal MacBook Pro
│ │ └── work-laptop.nix # Work MacBook Pro
│ └── home/
│ ├── jeff/{default,Jeffs-M3Pro,work-laptop,home,cloud}.nix
│ └── nix/{default,nas}.nix
├── packages/ # Custom callPackage-style derivations
└── secrets.nix # Encrypted secrets file (git-crypt)
- Dendritic pattern: every
.nixundermodules/is a flake-parts module loaded recursively byimport-tree - Modular architecture: all features are opt-in modules with
enableoptions - Explicit host registry:
modules/wiring/hosts.nixlists every nixos / darwin / home configuration (adding a host = one line)
Everyone keeps gushing about how amazing Nix is and I want to get in on the hype cycle
- Learn nix
- Mostly reproduce features from my existing dotfiles
- Replace existing ubunut-based 'home VM'
- Expand usage to other shell environments such as WSL, Macbook, etc
- handle secrets - ideally using 1Password and not SOPS - using git-crypt for now
- try agenix for secrets handling
- introduce the concept of impermanence where appropriate
- Misterio77/nix-starter-config
- How to learn Nix
- home-manager
- Zero to Nix: Everything I Know About Nix & NixOS
- Walkthrough of Nix Install and Setup on MacOS (YouTube)
- NixOS as a server, part 1: Impermanence
- budimanjojo/dotfiles
- wrmilling/nixos-configuration
- gshpychka/dotfiles-nix
- wimpysworld/nix-config
Old dotfiles are still accessible in archive branch