This repository contains primarily nix configurations, leveraging Nix Flakes, Home Manager, and system-specific modules (NixOS, nix-darwin, nix-on-droid) to achieve a purely declarative, reproducible, and consistent environment across multiple OSes on multiple hosts for multiple users:
- 🍎 macOS (via
nix-darwin) - 🤖 Android (via
nix-on-droid) - 🐧 *nix (NixOS) (including WSL via
NixOS-WSL)
The repository is organized using flake-parts for better modularity.
└── OS-nixCfg/
├── assets/
│ └── qezta.png
├── flake/
│ ├── default.nix
│ ├── devshells.nix
│ ├── formatters.nix
│ ├── mkHost.nix
│ └── pre-commit.nix
├── flake.lock
├── flake.nix
├── home/
│ ├── common
│ ├── comms
│ ├── default.nix
│ ├── desktop-env
│ ├── dev
│ ├── keyboard
│ ├── media
│ ├── tools
│ ├── tty
│ └── web
├── hosts/
│ ├── common
│ ├── darwin
│ ├── default.nix
│ ├── droid
│ └── nixos
├── lib/
│ └── default.nix
├── LICENSE
├── modules/
│ ├── common
│ ├── home
│ └── hosts
├── nix.nix
├── README.md
├── scripts/
│ ├── home_rebuild.sh
│ └── hosts_rebuild.sh
├── SECURITY.md
└── shell.nix
This graph visualizes the dependencies of the Home Manager profile configuration:
This flake relies on several external inputs to manage dependencies and configurations:
- Core & System:
nixpkgs: The core Nix package set (trackingnixpkgs-unstable).nixpkgs-master: Tracks the master branch of Nixpkgs (used occasionally).systems: Provides standard system identifiers (e.g.,x86_64-darwin).
- Flake Helpers:
flake-parts: Used for structuring the flake outputs with modularity.flake-utils: General utilities for flakes.devshell: Provides convenient development shells.pre-commit-hooks: Manages Git hooks for code quality and formatting.treefmt-nix: For code formatting integration.
- OS Integration:
home-manager: Manages user-level configurations and dotfiles.nix-darwin: Enables declarative macOS system configuration.nix-homebrew: For Homebrew package integration withinnix-darwin.nixos-wsl: Provides modules for running NixOS on WSL.nix-on-droid: Enables declarative Android configuration via Termux fork.
- Secrets Management:
agenix: Base library for managing secrets declaratively via age encryption.ragenix: Rust implementation/wrapper foragenix.OS-nixCfg-secrets: (Private Repository) Contains encrypted secrets managed byragenix.
- Application/Tooling Specific:
nix-index-database: Provides a database fornix-index.Nvim-Cfg: My external Neovim configuration repository (used as a source).nvchad4nix: Integrates Neovim configurations (like NvChad or custom starters) with Home Manager.kanata-tray: Provides a system tray application for managing Kanata keyboard remapping presets.betterfox: Nix integration for Betterfox Firefox hardening.brew-nix: Alternative Nix integration for Homebrew casks/formulae (using a local fork).brew-api: Homebrew API data used bybrew-nix.
(See flake.nix for the complete list and specific sources/versions)
Secrets (API keys, passwords, sensitive configurations) are managed using agenix or specificaly ragenix.
- Secrets are encrypted using
sshkeys. My public key is explicitly available toragenix. - The encrypted files reside in a private GitHub repository:
DivitMittal/OS-nixCfg-secrets. This repository is referenced as a flake input. - During the Nix build process,
agenixdecrypts these files using my private key (which must be present on the target machine at~/.ssh/agenix/id_ed25519). - The decrypted files are placed in the Nix store and symlinked to their target locations.
OS-nixCfg-secrets repository and the corresponding private ssh key.
- DivitMittal/Nvim-Cfg: Pure lua standalone Neovim configuration, used as an input via
nix4nvchad. DivitMittal/OS-nixCfg-secrets: (Private) Contains encrypted secrets managed byagenix.- DivitMittal/TLTR: Cross-platform complex multi-layer keyboard layout tailored for programmers .
