Unified Nix flake for macOS hosts, Home Manager user configuration, and reusable module building blocks.

This repository is still tailored to George's machines, user profile, and workflows today. Ongoing work is focused on separating those personal defaults into reusable framework primitives and a standalone library of modules.

• Primary focus is nix-darwin plus Home Manager.
• Active Darwin hosts: argus (work profile enabled) and rocinante (personal profile).
• Active Home Manager output: homeConfigurations.george.
• Exported systems: aarch64-darwin, aarch64-linux, x86_64-linux.
• NixOS modules are exported, but there are currently no nixosConfigurations defined.

• darwin/: host entrypoints.
• home/: user configuration (home/george).
• modules/: reusable modules (common, darwin, nixos, home).
• packages/: custom package outputs (axiom-cli, codex-desktop, conductor, droid, gogcli, homebrew-zsh-completion, linear-cli, nix-manipulator, scratch, sculptor, sublime-kdl, superset, toad).
• overlays/: package overrides and source pinning.
• lib/: Python libraries for update tooling and Nix model/schema helpers.
• nixcfg.py: Typer CLI exposed through nix run .#nixcfg -- ....

1. Install Nix (recommended: Determinate Nix Installer).
2. Clone this repository to ~/.config/nixcfg.
3. Apply the Darwin configuration:

nh darwin switch --no-nom .

Useful build-only checks:

nix build .#checks.aarch64-darwin.darwin-argus
nix build .#checks.aarch64-darwin.darwin-rocinante
nix build .#homeConfigurations.george.activationPackage

# Enter the dev environment (tooling + pre-commit hooks)
nix develop

# Keep Python tooling in sync for editor/test workflows
uv sync

# Format and evaluate
nix fmt
nix flake check

# Pre-commit hooks
prek run -a

# Individual quality checks
uv run coverage run -m pytest
uv run coverage report

# Python test suite
uv run pytest

# Mutation testing (full run)
uv run mutmut run --max-children 4

# Mutation testing (targeted rerun by mutant glob)
uv run mutmut run "lib.nix.commands.*"
uv run mutmut results
uv run mutmut browse

# Mutation testing with cosmic-ray (safer fallback on Python 3.14)
uv run cosmic-ray init cosmic-ray.toml .cosmic-ray.sqlite
uv run cosmic-ray exec cosmic-ray.toml .cosmic-ray.sqlite
uv run cr-report .cosmic-ray.sqlite

The repo ships a dedicated update CLI:

nix run .#nixcfg -- --help
nix run .#nixcfg -- update --help
nix run .#nixcfg -- ci --help
nix run .#nixcfg -- schema --help

GitHub Actions workflow .github/workflows/update.yml runs every 6 hours and:

• updates flake.lock
• resolves upstream versions once
• computes per-platform sources.json hashes
• builds Darwin outputs (argus, rocinante)
• opens a signed PR with update details

This flake can be consumed by another repository as a module framework.

• Exported module sets:

  • darwinModules (nixcfgCommon, nixcfgBase, nixcfgProfiles, nixcfgHomebrew)
  • nixosModules (nixcfgCommon, nixcfgBase, nixcfgProfiles)
  • homeModules (nixcfgBase, nixcfgGit, nixcfgProfiles, nixcfgPackages, nixcfgOpencode, nixcfgTheme, nixcfgFonts, nixcfgStylix, nixcfgZsh, nixcfgDarwin, nixcfgLinux, nixcfgLanguageBun, nixcfgLanguageGo, nixcfgLanguagePython, nixcfgLanguageRust)

• Exported constructors in lib:

  • mkSystem, mkDarwinHost, mkHome, mkHomeModules

• Downstream-oriented controls:

  • mkHome supports extraSpecialArgs for downstream-only module arguments
  • mkSystem supports extraSpecialArgs, homeManagerExtraSpecialArgs, homeModuleArgsByUser, and tolerates users = [ ] (it sets primaryUser = null)
  • mkDarwinHost forwards extraSpecialArgs, homeManagerExtraSpecialArgs, homeModuleArgsByUser, supports includeDefaultUserModule = false, homeModulesByUser, and custom system

• Policy knobs intended to be overridden in downstream repos:

  • nixcfg.common.hostname
  • nixcfg.common.nix.substituters
  • nixcfg.common.nix.trustedPublicKeys
  • nixcfg.darwin.homebrew.{user,taps,mutableTaps,enableRosetta}

Example downstream pattern:

{
  outputs = { nixcfg, ... }: {
    darwinConfigurations.my-host = nixcfg.lib.mkDarwinHost {
      user = "alice";
      includeDefaultUserModule = false;

      extraSpecialArgs = {
        org = "acme";
      };
      homeManagerExtraSpecialArgs = {
        privateRoot = ./.;
      };
      homeModuleArgsByUser.alice = {
        role = "platform";
      };

      extraHomeModules = [
        nixcfg.homeModules.nixcfgBase
        nixcfg.homeModules.nixcfgGit
        ./home/alice.nix
      ];

      extraSystemModules = [
        {
          nixcfg.common.nix.substituters = [ "https://cache.nixos.org" ];
          nixcfg.common.nix.trustedPublicKeys = [
            "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
          ];
        }
      ];
    };
  };
}

Site-specific policy (for example cache keys, org profile settings, host/user modules) should live in the consuming repository, while these shared modules stay generic.

MIT