diff --git a/flake.lock b/flake.lock index 4e4f632..9fabdc6 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,22 @@ { "nodes": { + "brew-src": { + "flake": false, + "locked": { + "lastModified": 1778427648, + "narHash": "sha256-pt9KaDGsMyYWB9JeHs4XGHs870f1lOZe3vx9LpVIhUE=", + "owner": "Homebrew", + "repo": "brew", + "rev": "6f293daa9f9f5832e13b497976335e90509886d7", + "type": "github" + }, + "original": { + "owner": "Homebrew", + "ref": "5.1.11", + "repo": "brew", + "type": "github" + } + }, "flake-compat": { "locked": { "lastModified": 1761640442, @@ -72,6 +89,45 @@ "type": "github" } }, + "nix-darwin": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1779036909, + "narHash": "sha256-zXcwYQGCT6pzinK+1dBB2ekTVtfxGZAapb3Evdcu4fY=", + "owner": "nix-darwin", + "repo": "nix-darwin", + "rev": "56c666e108467d87d13508936aade6d567f2a501", + "type": "github" + }, + "original": { + "owner": "nix-darwin", + "ref": "nix-darwin-26.05", + "repo": "nix-darwin", + "type": "github" + } + }, + "nix-homebrew": { + "inputs": { + "brew-src": "brew-src" + }, + "locked": { + "lastModified": 1778851564, + "narHash": "sha256-p8wzcnpB2Iys+QzAKM9/Eyw/pUyqCO3sw/NCnDH4dTE=", + "owner": "zhaofengli", + "repo": "nix-homebrew", + "rev": "b3a87b4793205cc111f3c61e25e018ffac3b8039", + "type": "github" + }, + "original": { + "owner": "zhaofengli", + "repo": "nix-homebrew", + "type": "github" + } + }, "nixos-apple-silicon": { "inputs": { "flake-compat": "flake-compat", @@ -149,6 +205,8 @@ "inputs": { "flake-parts": "flake-parts", "home-manager": "home-manager", + "nix-darwin": "nix-darwin", + "nix-homebrew": "nix-homebrew", "nixos-apple-silicon": "nixos-apple-silicon", "nixos-wsl": "nixos-wsl", "nixpkgs": "nixpkgs", diff --git a/flake.nix b/flake.nix index 777636c..2378dfb 100644 --- a/flake.nix +++ b/flake.nix @@ -15,6 +15,11 @@ # Apple Silicon (Asahi) support for the MacBook host. nixos-apple-silicon.url = "github:nix-community/nixos-apple-silicon"; nixos-apple-silicon.inputs.nixpkgs.follows = "nixpkgs"; + # nix-darwin: manage macOS hosts from this same flake. + nix-darwin.url = "github:nix-darwin/nix-darwin/nix-darwin-26.05"; + nix-darwin.inputs.nixpkgs.follows = "nixpkgs"; + # nix-homebrew: declaratively own and install the Homebrew prefix on macOS. + nix-homebrew.url = "github:zhaofengli/nix-homebrew"; # Provides mkFlake: the systems/perSystem scaffolding used below. flake-parts.url = "github:hercules-ci/flake-parts"; flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs"; @@ -28,6 +33,8 @@ home-manager, nixos-wsl, nixos-apple-silicon, + nix-darwin, + nix-homebrew, ... }: flake-parts.lib.mkFlake { inherit inputs; } ( @@ -51,20 +58,23 @@ "lens-desktop" ]; - # Shared scaffolding for every host: common user, overlays, home-manager. + # nixpkgs + nix-daemon settings shared by NixOS and Darwin hosts. + commonModule = { + nixpkgs.overlays = overlays; + nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) unfreePackages; + nix.settings.experimental-features = [ + "nix-command" + "flakes" + ]; + # Make `nix shell nixpkgs#...` and use the pinned nixpkgs. + nix.registry.nixpkgs.flake = nixpkgs; + nix.nixPath = [ "nixpkgs=${nixpkgs}" ]; + }; + + # Shared scaffolding for every NixOS host: common user, settings, home-manager. baseModules = [ ./lyrathorpe/user.nix - { - nixpkgs.overlays = overlays; - nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) unfreePackages; - nix.settings.experimental-features = [ - "nix-command" - "flakes" - ]; - # Make `nix shell nixpkgs#...` and use the pinned nixpkgs. - nix.registry.nixpkgs.flake = nixpkgs; - nix.nixPath = [ "nixpkgs=${nixpkgs}" ]; - } + commonModule home-manager.nixosModules.home-manager { home-manager.useGlobalPkgs = true; @@ -99,6 +109,44 @@ ]; }; + # Shared scaffolding for every Darwin (macOS) host. + darwinBaseModules = [ + commonModule + nix-homebrew.darwinModules.nix-homebrew + home-manager.darwinModules.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + } + ]; + + # mkDarwinHost :: { system, username, fullName, modules, homeModules } -> darwinSystem + # Darwin counterpart of mkHost. macOS already owns the login user, so we + # only attach the platform and home-manager; no NixOS user module here. + mkDarwinHost = + { + system, + username, + fullName, + modules, + homeModules, + }: + nix-darwin.lib.darwinSystem { + specialArgs = { inherit inputs username fullName; }; + modules = + darwinBaseModules + ++ modules + ++ [ + { + nixpkgs.hostPlatform = system; + # macOS owns the account; point home-manager at its home dir. + users.users.${username}.home = "/Users/${username}"; + home-manager.extraSpecialArgs = { inherit inputs username fullName; }; + home-manager.users.${username}.imports = homeModules; + } + ]; + }; + # Host table — declarative registry of every machine. To add a host: # give it a name, its `system`, the owning user, and the module lists. # mapAttrs below turns each entry into a nixosConfiguration of the same name. @@ -147,11 +195,30 @@ ]; }; }; + + # Darwin host table — macOS machines built via mkDarwinHost. The shared + # ./lyrathorpe/home modules (shell, git, editor) are reused; the Linux-only + # desktop/sway modules are intentionally left out. + darwinHosts = { + lyrathorpe-mac = { + system = "aarch64-darwin"; + username = "lyrathorpe"; + fullName = "Lyra Thorpe"; + modules = [ + ./system/machine/Darwin/configuration.nix + ]; + homeModules = [ + ./lyrathorpe/home + ]; + }; + }; in { systems = [ "x86_64-linux" "aarch64-linux" + "aarch64-darwin" + "x86_64-darwin" ]; # perSystem is evaluated once per entry in `systems`; `pkgs` is the @@ -180,8 +247,9 @@ ''; }; - # Realise the host table: each `hosts` entry becomes a nixosConfiguration. + # Realise the host tables: each entry becomes a {nixos,darwin}Configuration. flake.nixosConfigurations = lib.mapAttrs (_name: mkHost) hosts; + flake.darwinConfigurations = lib.mapAttrs (_name: mkDarwinHost) darwinHosts; } ); } diff --git a/system/machine/Darwin/configuration.nix b/system/machine/Darwin/configuration.nix new file mode 100644 index 0000000..755de91 --- /dev/null +++ b/system/machine/Darwin/configuration.nix @@ -0,0 +1,137 @@ +# Default nix-darwin host. Minimal macOS baseline; the user environment +# (shell, git, editor) is carried by the shared ./lyrathorpe/home modules, +# the same ones used by the Linux hosts. nixpkgs.hostPlatform is set by +# mkDarwinHost in flake.nix. +{ pkgs, username, ... }: +{ + programs.zsh.enable = true; + + # CLI tooling sourced from nixpkgs instead of Homebrew formulae. Pure library + # dependencies are omitted; nix pulls them into closures automatically. + environment.systemPackages = with pkgs; [ + # Build & toolchain + autoconf + automake + cmake + coreutils + gcc + gettext + gnumake + pkgconf + ruby + zig + # Version control & dev workflow + pre-commit + deno + opentofu + # Compression + lz4 + p7zip + xz + zstd + # Crypto & networking + gnupg + gnutls + openssl + pinentry_mac + unbound + wget + # Media + ffmpeg + svt-av1 + yt-dlp + # Graphics / Vulkan / SDL + glslang + moltenvk + spirv-tools + vulkan-loader + vulkan-tools + SDL2 + sdl3 + # Embedded + esptool + picotool + # Misc utilities + f3 + gnused + lua5_4 + magic-wormhole + ncurses + sqlite + ]; + + # Account that runs user-level activation and Homebrew. + system.primaryUser = username; + + # nix-homebrew owns and installs the Homebrew prefix declaratively, so brew + # itself no longer needs a manual bootstrap. enableRosetta permits x86_64 + # formulae via Rosetta 2 on Apple Silicon. + nix-homebrew = { + enable = true; + enableRosetta = true; + user = username; + }; + + # Declarative Homebrew for packages with no nixpkgs equivalent or that must be + # the vendor build (GUI casks, Mac App Store apps). + homebrew = { + enable = true; + onActivation = { + autoUpdate = true; + upgrade = true; + # Lists below are authoritative: anything not declared is uninstalled. + cleanup = "zap"; + }; + taps = [ ]; + # Formulae kept on brew: vendor PWA host and version-pinned toolchains that + # are simpler to track via brew than to match exactly in nixpkgs. + brews = [ + "firefoxpwa" + "llvm@21" + "lld@21" + "python@3.14" + ]; + # GUI applications. macOS app bundles are managed as casks; nixpkgs darwin + # GUI support is unreliable, so these stay on brew for continuity. + casks = [ + "alfred" + "android-platform-tools" + "angry-ip-scanner" + "arduino-ide" + "autodesk-fusion" + "bambu-studio" + "bitwarden" + "citrix-workspace" + "curseforge" + "discord" + "firefox" + "freecad" + "gcc-arm-embedded" + "google-chrome" + "istat-menus" + "iterm2" + "macfuse" + "microsoft-teams" + "nextcloud" + "obs" + "omnidisksweeper" + "openscad@snapshot" + "orcaslicer" + "plex" + "plexamp" + "postman" + "signal" + "steam" + "thunderbird" + "virtualbox" + "visual-studio-code" + "vnc-viewer" + "vscodium" + "winbox" + ]; + masApps = { }; + }; + + # Used for backwards compatibility; read `darwin-rebuild changelog` before changing. + system.stateVersion = 5; +}