From 16cbbdf5e5959bd494bf547fab2469e3bcb06f30 Mon Sep 17 00:00:00 2001 From: Emma Thorpe Date: Tue, 2 Jun 2026 15:46:19 +0000 Subject: [PATCH 1/4] feat(darwin): add nix-darwin support with a default macOS host Add the nix-darwin input (nix-darwin-26.05, follows nixpkgs) and a mkDarwinHost mirroring mkHost: shared commonModule (nixpkgs/nix settings) is factored out and reused, home-manager is wired via darwinModules, and identity is threaded through specialArgs. New darwinConfigurations.lyrathorpe-mac (aarch64-darwin) reuses the cross-platform ./lyrathorpe/home modules (shell, git, editor); Linux-only sway/desktop modules are excluded. Build with: darwin-rebuild switch --flake .#lyrathorpe-mac. --- flake.lock | 22 ++++++ flake.nix | 90 +++++++++++++++++++++---- system/machine/Darwin/configuration.nix | 12 ++++ 3 files changed, 111 insertions(+), 13 deletions(-) create mode 100644 system/machine/Darwin/configuration.nix diff --git a/flake.lock b/flake.lock index 4e4f632..76c0d48 100644 --- a/flake.lock +++ b/flake.lock @@ -72,6 +72,27 @@ "type": "github" } }, + "nix-darwin": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1779036909, + "narHash": "sha256-zXcwYQGCT6pzinK+1dBB2ekTVtfxGZAapb3Evdcu4fY=", + "owner": "nix-darwin", + "repo": "nix-darwin", + "rev": "56c666e108467d87d13508936aade6d567f2a501", + "type": "github" + }, + "original": { + "owner": "nix-darwin", + "ref": "nix-darwin-26.05", + "repo": "nix-darwin", + "type": "github" + } + }, "nixos-apple-silicon": { "inputs": { "flake-compat": "flake-compat", @@ -149,6 +170,7 @@ "inputs": { "flake-parts": "flake-parts", "home-manager": "home-manager", + "nix-darwin": "nix-darwin", "nixos-apple-silicon": "nixos-apple-silicon", "nixos-wsl": "nixos-wsl", "nixpkgs": "nixpkgs", diff --git a/flake.nix b/flake.nix index 777636c..75ca6e0 100644 --- a/flake.nix +++ b/flake.nix @@ -15,6 +15,9 @@ # Apple Silicon (Asahi) support for the MacBook host. nixos-apple-silicon.url = "github:nix-community/nixos-apple-silicon"; nixos-apple-silicon.inputs.nixpkgs.follows = "nixpkgs"; + # nix-darwin: manage macOS hosts from this same flake. + nix-darwin.url = "github:nix-darwin/nix-darwin/nix-darwin-26.05"; + nix-darwin.inputs.nixpkgs.follows = "nixpkgs"; # Provides mkFlake: the systems/perSystem scaffolding used below. flake-parts.url = "github:hercules-ci/flake-parts"; flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs"; @@ -28,6 +31,7 @@ home-manager, nixos-wsl, nixos-apple-silicon, + nix-darwin, ... }: flake-parts.lib.mkFlake { inherit inputs; } ( @@ -51,20 +55,23 @@ "lens-desktop" ]; - # Shared scaffolding for every host: common user, overlays, home-manager. + # nixpkgs + nix-daemon settings shared by NixOS and Darwin hosts. + commonModule = { + nixpkgs.overlays = overlays; + nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) unfreePackages; + nix.settings.experimental-features = [ + "nix-command" + "flakes" + ]; + # Make `nix shell nixpkgs#...` and use the pinned nixpkgs. + nix.registry.nixpkgs.flake = nixpkgs; + nix.nixPath = [ "nixpkgs=${nixpkgs}" ]; + }; + + # Shared scaffolding for every NixOS host: common user, settings, home-manager. baseModules = [ ./lyrathorpe/user.nix - { - nixpkgs.overlays = overlays; - nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) unfreePackages; - nix.settings.experimental-features = [ - "nix-command" - "flakes" - ]; - # Make `nix shell nixpkgs#...` and use the pinned nixpkgs. - nix.registry.nixpkgs.flake = nixpkgs; - nix.nixPath = [ "nixpkgs=${nixpkgs}" ]; - } + commonModule home-manager.nixosModules.home-manager { home-manager.useGlobalPkgs = true; @@ -99,6 +106,43 @@ ]; }; + # Shared scaffolding for every Darwin (macOS) host. + darwinBaseModules = [ + commonModule + home-manager.darwinModules.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + } + ]; + + # mkDarwinHost :: { system, username, fullName, modules, homeModules } -> darwinSystem + # Darwin counterpart of mkHost. macOS already owns the login user, so we + # only attach the platform and home-manager; no NixOS user module here. + mkDarwinHost = + { + system, + username, + fullName, + modules, + homeModules, + }: + nix-darwin.lib.darwinSystem { + specialArgs = { inherit inputs username fullName; }; + modules = + darwinBaseModules + ++ modules + ++ [ + { + nixpkgs.hostPlatform = system; + # macOS owns the account; point home-manager at its home dir. + users.users.${username}.home = "/Users/${username}"; + home-manager.extraSpecialArgs = { inherit inputs username fullName; }; + home-manager.users.${username}.imports = homeModules; + } + ]; + }; + # Host table — declarative registry of every machine. To add a host: # give it a name, its `system`, the owning user, and the module lists. # mapAttrs below turns each entry into a nixosConfiguration of the same name. @@ -147,11 +191,30 @@ ]; }; }; + + # Darwin host table — macOS machines built via mkDarwinHost. The shared + # ./lyrathorpe/home modules (shell, git, editor) are reused; the Linux-only + # desktop/sway modules are intentionally left out. + darwinHosts = { + lyrathorpe-mac = { + system = "aarch64-darwin"; + username = "lyrathorpe"; + fullName = "Lyra Thorpe"; + modules = [ + ./system/machine/Darwin/configuration.nix + ]; + homeModules = [ + ./lyrathorpe/home + ]; + }; + }; in { systems = [ "x86_64-linux" "aarch64-linux" + "aarch64-darwin" + "x86_64-darwin" ]; # perSystem is evaluated once per entry in `systems`; `pkgs` is the @@ -180,8 +243,9 @@ ''; }; - # Realise the host table: each `hosts` entry becomes a nixosConfiguration. + # Realise the host tables: each entry becomes a {nixos,darwin}Configuration. flake.nixosConfigurations = lib.mapAttrs (_name: mkHost) hosts; + flake.darwinConfigurations = lib.mapAttrs (_name: mkDarwinHost) darwinHosts; } ); } diff --git a/system/machine/Darwin/configuration.nix b/system/machine/Darwin/configuration.nix new file mode 100644 index 0000000..93bc15a --- /dev/null +++ b/system/machine/Darwin/configuration.nix @@ -0,0 +1,12 @@ +# Default nix-darwin host. Minimal macOS baseline; the user environment +# (shell, git, editor) is carried by the shared ./lyrathorpe/home modules, +# the same ones used by the Linux hosts. nixpkgs.hostPlatform is set by +# mkDarwinHost in flake.nix. +{ pkgs, ... }: +{ + programs.zsh.enable = true; + environment.systemPackages = [ pkgs.git ]; + + # Used for backwards compatibility; read `darwin-rebuild changelog` before changing. + system.stateVersion = 5; +} From 532e581696c22e7074d286ab2a19e08d620925b7 Mon Sep 17 00:00:00 2001 From: Emma Thorpe Date: Tue, 2 Jun 2026 15:50:21 +0000 Subject: [PATCH 2/4] feat(darwin): enable declarative Homebrew on the macOS host Turn on nix-darwin's homebrew module with empty taps/brews/casks/masApps lists to fill in, onActivation autoUpdate+upgrade, and cleanup=none (manual formulae left intact; flip to zap for fully authoritative lists). Set system.primaryUser so brew activation runs as the host user. --- system/machine/Darwin/configuration.nix | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/system/machine/Darwin/configuration.nix b/system/machine/Darwin/configuration.nix index 93bc15a..1b79a83 100644 --- a/system/machine/Darwin/configuration.nix +++ b/system/machine/Darwin/configuration.nix @@ -2,11 +2,33 @@ # (shell, git, editor) is carried by the shared ./lyrathorpe/home modules, # the same ones used by the Linux hosts. nixpkgs.hostPlatform is set by # mkDarwinHost in flake.nix. -{ pkgs, ... }: +{ pkgs, username, ... }: { programs.zsh.enable = true; environment.systemPackages = [ pkgs.git ]; + # Account that runs user-level activation and Homebrew. + system.primaryUser = username; + + # Declarative Homebrew for packages with no nixpkgs equivalent or that must be + # the vendor build (GUI casks, Mac App Store apps). Homebrew itself must already + # be installed: + # /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" + homebrew = { + enable = true; + onActivation = { + autoUpdate = true; + upgrade = true; + # "none" leaves manually-installed formulae alone. Switch to "zap" to make + # the lists below fully authoritative (uninstalls anything not declared). + cleanup = "none"; + }; + taps = [ ]; + brews = [ ]; + casks = [ ]; + masApps = { }; + }; + # Used for backwards compatibility; read `darwin-rebuild changelog` before changing. system.stateVersion = 5; } From e67bc0f4d57579df367c912e5d51b3c8c56723e5 Mon Sep 17 00:00:00 2001 From: Emma Thorpe Date: Tue, 2 Jun 2026 15:56:37 +0000 Subject: [PATCH 3/4] feat(darwin): wire nix-homebrew and make Homebrew authoritative Add the nix-homebrew input and darwin module so the Homebrew prefix is installed and owned declaratively (no manual bootstrap), with enableRosetta for x86_64 formulae on Apple Silicon and user = host username. Set homebrew.onActivation.cleanup = zap so the taps/brews/casks/masApps lists are authoritative: anything not declared is removed on activation. --- flake.lock | 36 +++++++++++++++++++++++++ flake.nix | 4 +++ system/machine/Darwin/configuration.nix | 18 ++++++++----- 3 files changed, 52 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 76c0d48..9fabdc6 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,22 @@ { "nodes": { + "brew-src": { + "flake": false, + "locked": { + "lastModified": 1778427648, + "narHash": "sha256-pt9KaDGsMyYWB9JeHs4XGHs870f1lOZe3vx9LpVIhUE=", + "owner": "Homebrew", + "repo": "brew", + "rev": "6f293daa9f9f5832e13b497976335e90509886d7", + "type": "github" + }, + "original": { + "owner": "Homebrew", + "ref": "5.1.11", + "repo": "brew", + "type": "github" + } + }, "flake-compat": { "locked": { "lastModified": 1761640442, @@ -93,6 +110,24 @@ "type": "github" } }, + "nix-homebrew": { + "inputs": { + "brew-src": "brew-src" + }, + "locked": { + "lastModified": 1778851564, + "narHash": "sha256-p8wzcnpB2Iys+QzAKM9/Eyw/pUyqCO3sw/NCnDH4dTE=", + "owner": "zhaofengli", + "repo": "nix-homebrew", + "rev": "b3a87b4793205cc111f3c61e25e018ffac3b8039", + "type": "github" + }, + "original": { + "owner": "zhaofengli", + "repo": "nix-homebrew", + "type": "github" + } + }, "nixos-apple-silicon": { "inputs": { "flake-compat": "flake-compat", @@ -171,6 +206,7 @@ "flake-parts": "flake-parts", "home-manager": "home-manager", "nix-darwin": "nix-darwin", + "nix-homebrew": "nix-homebrew", "nixos-apple-silicon": "nixos-apple-silicon", "nixos-wsl": "nixos-wsl", "nixpkgs": "nixpkgs", diff --git a/flake.nix b/flake.nix index 75ca6e0..2378dfb 100644 --- a/flake.nix +++ b/flake.nix @@ -18,6 +18,8 @@ # nix-darwin: manage macOS hosts from this same flake. nix-darwin.url = "github:nix-darwin/nix-darwin/nix-darwin-26.05"; nix-darwin.inputs.nixpkgs.follows = "nixpkgs"; + # nix-homebrew: declaratively own and install the Homebrew prefix on macOS. + nix-homebrew.url = "github:zhaofengli/nix-homebrew"; # Provides mkFlake: the systems/perSystem scaffolding used below. flake-parts.url = "github:hercules-ci/flake-parts"; flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs"; @@ -32,6 +34,7 @@ nixos-wsl, nixos-apple-silicon, nix-darwin, + nix-homebrew, ... }: flake-parts.lib.mkFlake { inherit inputs; } ( @@ -109,6 +112,7 @@ # Shared scaffolding for every Darwin (macOS) host. darwinBaseModules = [ commonModule + nix-homebrew.darwinModules.nix-homebrew home-manager.darwinModules.home-manager { home-manager.useGlobalPkgs = true; diff --git a/system/machine/Darwin/configuration.nix b/system/machine/Darwin/configuration.nix index 1b79a83..de81735 100644 --- a/system/machine/Darwin/configuration.nix +++ b/system/machine/Darwin/configuration.nix @@ -10,18 +10,24 @@ # Account that runs user-level activation and Homebrew. system.primaryUser = username; + # nix-homebrew owns and installs the Homebrew prefix declaratively, so brew + # itself no longer needs a manual bootstrap. enableRosetta permits x86_64 + # formulae via Rosetta 2 on Apple Silicon. + nix-homebrew = { + enable = true; + enableRosetta = true; + user = username; + }; + # Declarative Homebrew for packages with no nixpkgs equivalent or that must be - # the vendor build (GUI casks, Mac App Store apps). Homebrew itself must already - # be installed: - # /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" + # the vendor build (GUI casks, Mac App Store apps). homebrew = { enable = true; onActivation = { autoUpdate = true; upgrade = true; - # "none" leaves manually-installed formulae alone. Switch to "zap" to make - # the lists below fully authoritative (uninstalls anything not declared). - cleanup = "none"; + # Lists below are authoritative: anything not declared is uninstalled. + cleanup = "zap"; }; taps = [ ]; brews = [ ]; From ba2cb1356326461ff4959c7d8dbacb432f210e97 Mon Sep 17 00:00:00 2001 From: Emma Thorpe Date: Tue, 2 Jun 2026 16:08:53 +0000 Subject: [PATCH 4/4] feat(darwin): declare brew/nixpkgs packages for macOS continuity Migrate the prior Homebrew package set onto the nix-darwin host. Leaf CLI formulae move to nixpkgs (environment.systemPackages); pure library deps are dropped since nix resolves them transitively. firefoxpwa and version-pinned llvm@21/lld@21/python@3.14 stay on brew. All GUI apps remain brew casks, since nixpkgs darwin GUI support is unreliable. --- system/machine/Darwin/configuration.nix | 103 +++++++++++++++++++++++- 1 file changed, 100 insertions(+), 3 deletions(-) diff --git a/system/machine/Darwin/configuration.nix b/system/machine/Darwin/configuration.nix index de81735..755de91 100644 --- a/system/machine/Darwin/configuration.nix +++ b/system/machine/Darwin/configuration.nix @@ -5,7 +5,60 @@ { pkgs, username, ... }: { programs.zsh.enable = true; - environment.systemPackages = [ pkgs.git ]; + + # CLI tooling sourced from nixpkgs instead of Homebrew formulae. Pure library + # dependencies are omitted; nix pulls them into closures automatically. + environment.systemPackages = with pkgs; [ + # Build & toolchain + autoconf + automake + cmake + coreutils + gcc + gettext + gnumake + pkgconf + ruby + zig + # Version control & dev workflow + pre-commit + deno + opentofu + # Compression + lz4 + p7zip + xz + zstd + # Crypto & networking + gnupg + gnutls + openssl + pinentry_mac + unbound + wget + # Media + ffmpeg + svt-av1 + yt-dlp + # Graphics / Vulkan / SDL + glslang + moltenvk + spirv-tools + vulkan-loader + vulkan-tools + SDL2 + sdl3 + # Embedded + esptool + picotool + # Misc utilities + f3 + gnused + lua5_4 + magic-wormhole + ncurses + sqlite + ]; # Account that runs user-level activation and Homebrew. system.primaryUser = username; @@ -30,8 +83,52 @@ cleanup = "zap"; }; taps = [ ]; - brews = [ ]; - casks = [ ]; + # Formulae kept on brew: vendor PWA host and version-pinned toolchains that + # are simpler to track via brew than to match exactly in nixpkgs. + brews = [ + "firefoxpwa" + "llvm@21" + "lld@21" + "python@3.14" + ]; + # GUI applications. macOS app bundles are managed as casks; nixpkgs darwin + # GUI support is unreliable, so these stay on brew for continuity. + casks = [ + "alfred" + "android-platform-tools" + "angry-ip-scanner" + "arduino-ide" + "autodesk-fusion" + "bambu-studio" + "bitwarden" + "citrix-workspace" + "curseforge" + "discord" + "firefox" + "freecad" + "gcc-arm-embedded" + "google-chrome" + "istat-menus" + "iterm2" + "macfuse" + "microsoft-teams" + "nextcloud" + "obs" + "omnidisksweeper" + "openscad@snapshot" + "orcaslicer" + "plex" + "plexamp" + "postman" + "signal" + "steam" + "thunderbird" + "virtualbox" + "visual-studio-code" + "vnc-viewer" + "vscodium" + "winbox" + ]; masApps = { }; };