My nix-darwin/NixOS configuration


The goal for this repo is to declaratively configure MacOS and Linux system using nixos/nix-darwin and home-manger.

feel free to take what you like.

Current MacOS setup

Shellzsh + starship
WMyabai + skhd + sketchybar
TerminalAlacritty + tmux
EditorEmacs + helix
BrowserFirefox (shyfox)

Current Nixos setup

Shellzsh + starship
WMxmonad + xmobar
TerminalAlacritty + tmux
EditorEmacs + helix
BrowserFirefox (shyfox)


Bootstrap on macOS (last test on mac mini 2024 Dec)

Install git via xcode

sudo xcode-select --install

Setup workspace directory

mkdir workspaces

clone the repo

~cd workspaces && git clone ~

Install Nix (with daemon)

with official script sh <(curl -L or using

curl --proto '=https' --tlsv1.2 -sSf -L | sh -s -- install

Change hostname

On your Mac, choose Apple menu > System Settings, click General in the sidebar, then click Sharing. (You may need to scroll down.) Click Edit in the “Local hostname” section at the bottom of the window, then enter a new local hostname. If needed, turn on the “Use dynamic global hostname” option.

Install brew

there are lots of GUI programs, we cannot install nicely using pure nix. There is brew-module in nix-darwin. /bin/bash -c "$(curl -fsSL What is benefits of this ? we can install/uninstall applications using nix don’t forget to do brew analytics off

Please enable Full Disk Access for your terminal under System Settings → Privacy & Security → Full Disk Access.

import gpg keys (airdrop or 1password-like apps)

gpg --list-secret-keys or gpg --list-secret-keys [email protected]

pub   4096R/ABC12345 2020-01-01 [expires: 2025-12-31]
uid                  Your Name <[email protected]>
sub   4096R/DEF67890 2020-01-01 [expires: 2025-12-31]

ID of your key (second column e.g “ABC12345”)

gpg --export-secret-keys YOUR_ID_HERE > private.key

install font (airdrop on 1password)


gpg --import private.key

ssh file


Host *
  IgnoreUnknown UseKeychain
  AddKeysToAgent yes
  UseKeychain yes
  IdentityFile ~/.ssh/id_ed25519


git-crypt unlock to load private files if needed

Set firefox as default browers

Make sure that the other web browser you want to use is already installed.

From the Apple menu  in the corner of your screen, choose System Settings.

Click Desktop & Dock in the sidebar.

Scroll down on the right and choose a web browser from the “Default web browser” menu.

Disable spotlight

nix flake update --recreate-lock-file

build on macos?

nix build .#yuan-mac

switch ?

./result/sw/bin/darwin-rebuild switch --flake .

How to rollback (require sudo)

darwin-rebuild --rollback or darwin-rebuild --list-generations darwin-rebuild --switch-generation XX


$ nixos-rebuild switch --flake '.#' -user-remote-sudo

See the diff between build and current system

nix-diff /run/current-system ./result


Exclude Nix directory from Spotlight index

nix-darwin permission issue

sudo chown -R whoami:staff /nix/store