Skip to content

kaynetik/kaynix

BranchesTags

Repository files navigation


NixOS Config for kaynetik

Last commit Security CI workflow status CI runs on Ubuntu and macOS License Nix Flakes Ready

kaynix

Personal nix-darwin flake with Home Manager and sops-nix. System modules live under modules/; user config is homes/kaynetik.nix.

Prerequisites

  1. Install Nix: nixos.org/download or DeterminateSystems/nix-installer.
  2. Read flake.nix, modules/, and homes/kaynetik.nix before switching. For flakes and nix-darwin, ryan4yin/nixos-and-flakes-book is a solid intro.
  3. Install Homebrew if you use the casks and brews declared in modules/apps.nix (GUI apps and some CLI tools not available in nixpkgs).

First deploy

Replace HOSTNAME with the hostname in flake.nix (hostname in the let binding, currently tied to darwinConfigurations).

nix build .#darwinConfigurations.HOSTNAME.system \
  --extra-experimental-features 'nix-command flakes'

./result/sw/bin/darwin-rebuild switch --flake .#HOSTNAME

Optional Makefile at the repo root:

# set HOSTNAME to match flake.nix
HOSTNAME := knt-mbp

deploy:
	nix build .#darwinConfigurations.$(HOSTNAME).system \
		--extra-experimental-features 'nix-command flakes'
	./result/sw/bin/darwin-rebuild switch --flake .#$(HOSTNAME)

Then run make deploy from the checkout.

Architecture

graph TD
    F["flake.nix"]

    subgraph darwin["darwinConfigurations (system)"]
        NC["nix-core.nix<br/>nix settings, GC, caches"]
        SYS["system.nix<br/>macOS defaults, Touch ID"]
        APPS["apps.nix<br/>Homebrew, fonts, SketchyBar"]
        HU["host-users.nix<br/>hostname, DNS, users"]
        AERO["aerospace.nix<br/>tiling WM (darwin-only)"]
        SEC["secrets.nix<br/>writable secrets dir"]
    end

    subgraph hm["Home Manager"]
        KN["homes/kaynetik.nix<br/>packages, zsh, git, sops"]
        STATIC["homes/static/<br/>nvim, tmux, alacritty,<br/>sketchybar, zsh"]
    end

    subgraph inputs["Flake inputs"]
        NP["nixpkgs-unstable"]
        DW["nix-darwin"]
        HMI["home-manager"]
        SOPS["sops-nix"]
    end

    F --> darwin
    F --> hm
    inputs --> F
    KN --> STATIC
    SOPS --> KN
Loading

Secrets (SOPS + YubiKey)

Secrets are encrypted at rest in secrets/secrets.yaml, decrypted at Home Manager activation by sops-nix. See secrets/README.md for editing and yubikey.md for the full YubiKey setup.

flowchart LR
    YK["YubiKey (PIV slot)"]
    PLUGIN["age-plugin-yubikey"]
    ID["~/.config/sops/age/<br/>identity stub"]
    SOPSF["secrets/secrets.yaml<br/>(encrypted)"]
    SOPSNIX["sops-nix<br/>(HM activation)"]
    PLAIN["~/.config/zsh/conf-*.zsh<br/>(decrypted, 0600)"]

    YK -- "PIV PIN + touch" --> PLUGIN
    PLUGIN --> ID
    ID --> SOPSNIX
    SOPSF --> SOPSNIX
    SOPSNIX --> PLAIN
Loading

Layout

.
├── flake.nix          # inputs, hostname, darwinConfigurations, devShells
├── flake.lock
├── modules/           # nix-darwin modules (system, apps, nix, secrets, ...)
├── homes/
│   └── kaynetik.nix   # Home Manager user config
├── secrets/           # sops-encrypted secrets (see secrets/README.md)
├── scripts/           # helper scripts installed into home.packages
├── USAGE.md           # commands and customization
└── yubikey.md         # OpenSSH sk keys, PIV, age-plugin-yubikey, SOPS

About

Home of the NixOS

nesovic.dev

Topics

neovim nixos aerospace nixos-configuration nix-darwin sops home-manager nixos-config nixos-dotfiles sops-nix nixos-flake

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 10

v1.6.1 Latest
Apr 3, 2026
+ 9 releases

Contributors

Languages