OS-nixCfg

My personal declarative Nix configurations for macOS, Android, and Linux (NixOS/WSL).

---

---

---

Contents

• 📜 Overview
• 📁 Project Structure
• 📊 Home Manager Profile Graph
• 🗺️ Network Topology
• ❄️Flake Inputs
• 🔒 Secrets Management
• 🔗 Related Repositories

---

📜 Overview

This repository contains primarily nix configurations, leveraging Nix Flakes, Home Manager, and system-specific modules (NixOS, nix-darwin, nix-on-droid) to achieve a purely declarative, reproducible, and consistent environment across multiple OSes on multiple hosts for multiple users:

• 🍎 macOS (via nix-darwin)
• 🤖 Android (via nix-on-droid)
• 🐧 *nix (NixOS) (including WSL via NixOS-WSL)

📁 Project Structure

The repository is organized using flake-parts for better modularity.

└── OS-nixCfg/
    ├── .claude/
    │   └── settings.json
    ├── .github/
    │   ├── workflows/
    │   │   ├── darwin-build.yml
    │   │   ├── flake-check.yml
    │   │   ├── flake-lock-update.yml
    │   │   ├── flakehub-publish-tagged.yml
    │   │   ├── home-build.yml
    │   │   ├── nixos-build.yml
    │   │   └── topology-build.yml
    │   └── FUNDING.yml
    ├── assets/
    │   ├── topology/
    │   │   ├── main.svg
    │   │   └── network.svg
    │   ├── home_graph.png
    │   ├── qezta.gif
    │   └── qezta.png
    ├── common/
    │   ├── all/
    │   ├── home/
    │   └── hosts/
    │       ├── all/
    │       ├── darwin/
    │       ├── droid/
    │       └── nixos/
    ├── flake/
    │   ├── actions/
    │   ├── topology/
    │   ├── checks.nix
    │   ├── default.nix
    │   ├── devshells.nix
    │   ├── formatters.nix
    │   └── mkHost.nix
    ├── home/
    │   ├── ai/
    │   │   └── interface/
    │   ├── comms/
    │   │   ├── email/
    │   │   └── irc/
    │   ├── dev/
    │   │   ├── js/
    │   │   └── python/
    │   ├── gui/
    │   │   ├── darwin/
    │   │   ├── emulators/
    │   │   ├── ide/
    │   │   └── linux/
    │   ├── media/
    │   │   └── music/
    │   ├── tools/
    │   │   ├── keyboard/
    │   │   ├── privacy/
    │   │   └── productivity/
    │   ├── tty/
    │   │   ├── editors/
    │   │   ├── fetchers/
    │   │   ├── file/
    │   │   ├── multiplexers/
    │   │   ├── network/
    │   │   ├── pagers/
    │   │   ├── shells/
    │   │   └── vcs/
    │   ├── web/
    │   │   └── tui/
    │   └── default.nix
    ├── hosts/
    │   ├── darwin/
    │   │   └── L1/
    │   ├── droid/
    │   │   └── M1/
    │   ├── nixos/
    │   │   ├── L2/
    │   │   └── WSL/
    │   └── default.nix
    ├── lib/
    │   ├── custom.nix
    │   └── default.nix
    ├── modules/
    │   ├── home/
    │   ├── hosts/
    │   │   └── darwin/
    │   └── default.nix
    ├── overlays/
    │   ├── default.nix
    │   └── nixpkgs.nix
    ├── pkgs/
    │   ├── custom/
    │   │   ├── gittype-bin/
    │   │   └── gowa/
    │   ├── darwin/
    │   │   ├── cliclick-bin/
    │   │   ├── element/
    │   │   ├── hot-bin/
    │   │   ├── LibreScore-bin/
    │   │   ├── LosslessSwitcher-bin/
    │   │   ├── menubar-dock-bin/
    │   │   ├── MultiSoundChanger-bin/
    │   │   └── wacom-toggle/
    │   └── pypi/
    │       ├── flatlatex/
    │       └── keymap-drawer/
    ├── templates/
    │   ├── vanilla/
    │   │   └── flake/
    │   └── default.nix
    ├── utils/
    │   ├── home_rebuild.sh
    │   └── hosts_rebuild.sh
    ├── .editorconfig
    ├── .envrc
    ├── .gitattributes
    ├── .gitignore
    ├── .mcp.json
    ├── CLAUDE.md
    ├── CODEOWNERS
    ├── flake.lock
    ├── flake.nix
    ├── LICENSE
    ├── README.md
    ├── SECURITY.md
    └── shell.nix

📊 Home-Manager Profile Graph

This dependency graph visualizes the dependencies of the Home-Manager profile configuration:

🗺️ Network Topology

The network topology visualizations are automatically generated using nix-topology and provide a comprehensive view of the infrastructure setup across all hosts and networks.

Main Topology

Complete view of all nodes, networks, and their interconnections:

Network View

Focused visualization of network segments and connectivity:

Note: These topology diagrams are automatically built and updated via GitHub Actions whenever topology configurations.

❄️Flake Inputs

This flake relies on several external inputs to manage dependencies and configurations:

• Core & System:
  • nixpkgs: The core Nix package set (tracking nixpkgs-unstable).
  • nixpkgs-master: Tracks the master branch of Nixpkgs (used occasionally).
  • systems: Provides standard system identifiers (e.g., x86_64-darwin).
• Flake Helpers:
  • flake-parts: Used for structuring the flake outputs with modularity.
  • flake-utils: General utilities for flakes.
  • devshell: Provides convenient development shells.
  • pre-commit-hooks: Manages Git hooks for code quality and formatting.
  • treefmt-nix: For code formatting integration.
• OS Integration:
  • home-manager: Manages user-level configurations and dotfiles.
  • nix-darwin: Enables declarative macOS system configuration.
  • nix-homebrew: For Homebrew package integration within nix-darwin.
  • nixos-wsl: Provides modules for running NixOS on WSL.
  • nix-on-droid: Enables declarative Android configuration via Termux fork.
• Secrets Management:
  • agenix: Base library for managing secrets declaratively via age encryption.
  • ragenix: Rust implementation/wrapper for agenix.
  • OS-nixCfg-secrets: (Private Repository) Contains encrypted secrets managed by ragenix.
• Application/Tooling Specific:
  • nix-index-database: Provides a database for nix-index.
  • Vim-Cfg: My external Neovim configuration repository (used as a source).
  • nvchad4nix: Integrates Neovim configurations (like NvChad or custom starters) with Home Manager.
  • kanata-tray: Provides a system tray application for managing Kanata keyboard remapping presets.
  • betterfox: Nix integration for Betterfox Firefox hardening.
  • brew-nix: Alternative Nix integration for Homebrew casks/formulae.
  • brew-api: Homebrew API data used by brew-nix.

(See flake.nix for the complete list and specific sources/versions)

🔒 Secrets Management

Secrets (API keys, passwords, sensitive configurations) are managed via agenix or specificaly ragenix.

1. Secrets are encrypted using ssh keys. My public key is explicitly available to ragenix.
2. The encrypted files reside in a private GitHub repository: DivitMittal/OS-nixCfg-secrets. This repository is referenced as a flake input.
3. During the Nix build process, agenix decrypts these files using my private key.
4. The decrypted files are placed in the Nix store & symlinked to their target locations.

⚠️ Building this configuration requires access to the private DivitMittal/OS-nixCfg-secrets repo and the corresponding age private ssh key.

🔗 Related Repositories

• DivitMittal/OS-nixCfg-secrets: (Private) Contains encrypted secrets managed by agenix & ragenix.
• DivitMittal/Vim-Cfg: Pure lua standalone Neovim configuration, deployed via nix4nvchad.
• DivitMittal/Emacs-Cfg: An elisp doomemacs configuration, used as an input via nix-doom-emacs-unstraightened.
• DivitMittal/TLTR: Cross-platform complex multi-layer keyboard layout tailored for programmers.
• DivitMittal/hammerspoon-nix: A nix home-manager module for hammerspoon & my hammerspoon lua configuration.
• DivitMittal/firefox-nixCfg: A personal nix home-manager module/configurations for firefox.