Skip to content

Latest commit

 

History

History
178 lines (133 loc) · 7.62 KB

README.md

File metadata and controls

178 lines (133 loc) · 7.62 KB

This is a boilerplate for someone wanting to build a Nix-Darwin flake.

This is intended to be used as a starting point, so it would make most sense, to create a new template from this repository and modify it to fit your needs.

Features:

Codifies the following settings (in no particular order):

  • Basic user configuration in roles/user.nix
  • Installed applications with brew in roles/brew.nix
  • Tiling windows and custom keyboard shortcuts with Yabai and SKHD in roles/yabai.nix
  • Firefox configuration with Home-Manager in roles/home-manager/user.nix:
    • Default Firefox profile named default:
      profiles.default = {
      search.force = true; # This is required so the build won't fail each time
      # View extensions here: https://github.com/nix-community/nur-combined/blob/master/repos/rycee/pkgs/firefox-addons/generated-firefox-addons.nix
      extensions = with pkgs.nur.repos.rycee.firefox-addons; [
      bitwarden
      darkreader
      firenvim
      gnome-shell-integration
      okta-browser-plugin
      privacy-badger
      private-relay
      redirector
      ublock-origin
      vimium
      ];
      userChrome = ''
      /* * Do not remove the @namespace line -- it's required for correct functioning */
      /* set default namespace to XUL */
      @namespace url("http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul");
      /* Remove Back button when there's nothing to go Back to */
      #back-button[disabled="true"] { display: none; }
      /* Remove Forward button when there's nothing to go Forward to */
      #forward-button[disabled="true"] { display: none; }
      /* Remove Home button (never use it) */
      #home-button { display: none; }
      .titlebar-spacer {
      display: none !important;
      }
      /* Remove import bookmarks button */
      #import-button {
      display: none;
      }
      /* Remove bookmark toolbar */
      toolbarbutton.bookmark-item:not(.subviewbutton) {
      display: none;
      }
      /* Remove whitespace in toolbar */
      #nav-bar toolbarpaletteitem[id^="wrapper-customizableui-special-spring"], #nav-bar toolbarspring {
      display: none;
      }
      /* Hide dumb Firefox View button */
      #firefox-view-button {
      visibility: hidden;
      }
      /* Hide Firefox tab icon */
      .tab-icon-image {
      display: none;
      }
      '';
      isDefault = true;
      name = "default";
      settings = {
      "app.shield.optoutstudies.enabled" = false;
      "browser.bookmarks.restore_default_bookmarks" = false;
      "browser.bookmarks.showMobileBookmarks" = false;
      "browser.compactmode.show" = true;
      "browser.formfill.enable" = false;
      "browser.newtabpage.activity-stream.feeds.section.topstories" = false;
      "browser.newtabpage.activity-stream.feeds.telemetry" = false;
      "browser.newtabpage.activity-stream.feeds.topsites" = false;
      "browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts.havePinned" = "duckduckgo";
      "browser.newtabpage.activity-stream.showSponsored" = false;
      "browser.newtabpage.activity-stream.telemetry" = false;
      "browser.ping-centre.telemetry" = false;
      "browser.search.isUS" = true;
      "browser.search.suggest.enabled" = false;
      "browser.tabs.drawInTitlebar" = true;
      "browser.urlbar.quicksuggest.scenario" = "offline";
      "browser.urlbar.suggest.engines" = false;
      "browser.urlbar.suggest.quicksuggest.nonsponsored" = false;
      "browser.urlbar.suggest.quicksuggest.sponsored" = false;
      "browser.urlbar.suggest.topsites" = false;
      "experiments.activeExperiment" = false;
      "experiments.enabled" = false;
      "experiments.supported" = false;
      "extensions.activeThemeID" = "[email protected]";
      "extensions.formautofill.addresses.enabled" = false;
      "extensions.formautofill.creditCards.enabled" = false;
      "extensions.pocket.enabled" = false;
      "extensions.pocket.showHome" = false;
      "extensions.webextensions.restrictedDomains" = "";
      "datareporting.healthreport.uploadEnabled" = false;
      "datareporting.policy.dataSubmissionEnabled" = false;
      "network.allow-experiments" = false;
      "signon.rememberSignons" = false;
      "signon.rememberSignons.visibilityToggle" = false;
      "svg.context-properties.content.enabled" = true;
      "toolkit.legacyUserProfileCustomizations.stylesheets" = true;
      "toolkit.telemetry.archive.enabled" = false;
      "toolkit.telemetry.bhrPing.enabled" = false;
      "toolkit.telemetry.coverage.opt-out" = true;
      "toolkit.telemetry.enabled" = false;
      "toolkit.telemetry.firstShutdownPing.enabled" = false;
      "toolkit.telemetry.hybridContent.enabled" = false;
      "toolkit.telemetry.newProfilePing.enabled" = false;
      "toolkit.telemetry.prompted" = 2;
      "toolkit.telemetry.rejected" = true;
      "toolkit.telemetry.reportingpolicy.firstRun" = false;
      "toolkit.telemetry.shutdownPingSender.enabled" = false;
      "toolkit.telemetry.unified" = false;
      "toolkit.telemetry.unifiedIsOptIn" = false;
      "toolkit.telemetry.updatePing.enabled" = false;
      };
    • Better Firefox privacy tweaks:
      settings = {
      "app.shield.optoutstudies.enabled" = false;
      "browser.bookmarks.restore_default_bookmarks" = false;
      "browser.bookmarks.showMobileBookmarks" = false;
      "browser.compactmode.show" = true;
      "browser.formfill.enable" = false;
      "browser.newtabpage.activity-stream.feeds.section.topstories" = false;
      "browser.newtabpage.activity-stream.feeds.telemetry" = false;
      "browser.newtabpage.activity-stream.feeds.topsites" = false;
      "browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts.havePinned" = "duckduckgo";
      "browser.newtabpage.activity-stream.showSponsored" = false;
      "browser.newtabpage.activity-stream.telemetry" = false;
      "browser.ping-centre.telemetry" = false;
      "browser.search.isUS" = true;
      "browser.search.suggest.enabled" = false;
      "browser.tabs.drawInTitlebar" = true;
      "browser.urlbar.quicksuggest.scenario" = "offline";
      "browser.urlbar.suggest.engines" = false;
      "browser.urlbar.suggest.quicksuggest.nonsponsored" = false;
      "browser.urlbar.suggest.quicksuggest.sponsored" = false;
      "browser.urlbar.suggest.topsites" = false;
      "experiments.activeExperiment" = false;
      "experiments.enabled" = false;
      "experiments.supported" = false;
      "extensions.activeThemeID" = "[email protected]";
      "extensions.formautofill.addresses.enabled" = false;
      "extensions.formautofill.creditCards.enabled" = false;
      "extensions.pocket.enabled" = false;
      "extensions.pocket.showHome" = false;
      "extensions.webextensions.restrictedDomains" = "";
      "datareporting.healthreport.uploadEnabled" = false;
      "datareporting.policy.dataSubmissionEnabled" = false;
      "network.allow-experiments" = false;
      "signon.rememberSignons" = false;
      "signon.rememberSignons.visibilityToggle" = false;
      "svg.context-properties.content.enabled" = true;
      "toolkit.legacyUserProfileCustomizations.stylesheets" = true;
      "toolkit.telemetry.archive.enabled" = false;
      "toolkit.telemetry.bhrPing.enabled" = false;
      "toolkit.telemetry.coverage.opt-out" = true;
      "toolkit.telemetry.enabled" = false;
      "toolkit.telemetry.firstShutdownPing.enabled" = false;
      "toolkit.telemetry.hybridContent.enabled" = false;
      "toolkit.telemetry.newProfilePing.enabled" = false;
      "toolkit.telemetry.prompted" = 2;
      "toolkit.telemetry.rejected" = true;
      "toolkit.telemetry.reportingpolicy.firstRun" = false;
      "toolkit.telemetry.shutdownPingSender.enabled" = false;
      "toolkit.telemetry.unified" = false;
      "toolkit.telemetry.unifiedIsOptIn" = false;
      "toolkit.telemetry.updatePing.enabled" = false;
      };
    • Minimal Firefox appearance tweaks with UserChrome.css:
      userChrome = ''
      /* * Do not remove the @namespace line -- it's required for correct functioning */
      /* set default namespace to XUL */
      @namespace url("http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul");
      /* Remove Back button when there's nothing to go Back to */
      #back-button[disabled="true"] { display: none; }
      /* Remove Forward button when there's nothing to go Forward to */
      #forward-button[disabled="true"] { display: none; }
      /* Remove Home button (never use it) */
      #home-button { display: none; }
      .titlebar-spacer {
      display: none !important;
      }
      /* Remove import bookmarks button */
      #import-button {
      display: none;
      }
      /* Remove bookmark toolbar */
      toolbarbutton.bookmark-item:not(.subviewbutton) {
      display: none;
      }
      /* Remove whitespace in toolbar */
      #nav-bar toolbarpaletteitem[id^="wrapper-customizableui-special-spring"], #nav-bar toolbarspring {
      display: none;
      }
      /* Hide dumb Firefox View button */
      #firefox-view-button {
      visibility: hidden;
      }
      /* Hide Firefox tab icon */
      .tab-icon-image {
      display: none;
      }
      '';
    • Installed Firefox Extensions with NUR:
      extensions = with pkgs.nur.repos.rycee.firefox-addons; [
      bitwarden
      darkreader
      firenvim
      gnome-shell-integration
      okta-browser-plugin
      privacy-badger
      private-relay
      redirector
      ublock-origin
      vimium
      ];
  • Other various settings in roles

Requirements:

Quickstart:

Assuming you want to build the m2-macbook-air output, you'd use these commands:

git clone https://github.com/heywoodlh/nix-darwin-flake
cd nix-darwin-flake
darwin-rebuild switch --flake .#m2-macbook-air

Making this your own:

First, create a new repository using this repository as your template, using the following link:

https://github.com/heywoodlh/nix-darwin-flake/generate

Create a new MacOS configuration/output for your own machine in the darwinConfigurations section in flake.nix. Suppose that we wanted to name this output mac-mini, we would create an output in the darwinConfigurations section like this:

      # M1 mac-mini
      "mac-mini" = darwin.lib.darwinSystem {
        system = "aarch64-darwin";
        specialArgs = inputs;
        modules = [ ./hosts/mac-mini.nix ];
      };

Then, create a new file in ./hosts/mac-mini.nix with the following configuration (modify the hostname and username variables in the let section to match your desired values):

{ config, pkgs, lib, home-manager, nur, ... }:

let
  hostname = "mac-mini";
  username = "heywoodlh";
in {
  imports = [
    ../roles/m1.nix
    ../roles/defaults.nix
    ../roles/brew.nix
    ../roles/yabai.nix
    ../roles/network.nix
    ../roles/home-manager/settings.nix
  ];
  # Define user settings
  users.users.${username} = import ../roles/user.nix { inherit config; inherit pkgs; };

  # Set home-manager configs for username
  home-manager.users.${username} = import ../roles/home-manager/user.nix;

  # Set hostname
  networking.hostName = "${hostname}";

  system.stateVersion = 4;
}

Once your configuration is set, you can switch to the new mac-mini output with these commands (while in the root directory of this repository):

darwin-rebuild switch --flake .#mac-mini

Once your configuration is working, start modifying your new repository with your desired Nix-Darwin settings! Here are some resources for getting started:

Note: The way this repository is built, any Nix-Darwin settings you want shared or to be re-used between your outputs should go in the roles folder and any Nix-Darwin configuration settings that are specific to a single machine should go in its corresponding file in the hosts folder.

What is a Nix Flake and how does it work?

A Nix flake is a self-contained Nix configuration. In this case, we're building Nix-Darwin configurations, which allow a user to configure MacOS.

The flake.nix file consists of two parts, inputs and outputs. Inputs are resources that will be utilized by the outputs. Outputs are build targets -- in this case, our outputs are MacOS builds. This Flake is designed with the intention that each MacOS you manage should have its own output.

The anatomy of this Flake

Inputs

Inputs are resources that will be utilized by the build. In this Flake, we're using the following external resources to build the configuration for the machine:

This snippet shows all of the inputs in the Flake:

...
  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable";
    darwin.url = "github:LnL7/nix-darwin/master";
    darwin.inputs.nixpkgs.follows = "nixpkgs";
    home-manager = {
      url = "github:nix-community/home-manager";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    nur.url = "github:nix-community/NUR";
  };
...

Outputs (build targets)

Each MacOS build is an output in flake.nix. This repository comes with two outputs/MacOS builds:

  • m2-macbook-air: an example build for settings required for an M2 Macbook Air
  • intel-macbook: an example build for settings required for an Intel Macbook

Each output/MacOS build has a corresponding file in ./hosts where configurations should be imported from the ./roles directory. Any specific configuration for a particular machine should live in its file in the ./hosts directory.

This snippet from flake.nix shows the Flake's output named m2-macbook-air and its corresponding config file ./hosts/m2-macbook-air.nix being imported:

  ...
  outputs = inputs@{ self, nixpkgs, darwin, home-manager, jovian-nixos, nur, ... }: {
    darwinConfigurations = {
      # m1-macbook 
      "m2-macbook-air" = darwin.lib.darwinSystem {
        system = "aarch64-darwin";
        specialArgs = inputs;
        modules = [ ./hosts/m2-macbook-air.nix ];
      };
  ...

In ./hosts/m2-macbook-air.nix, we can define which configurations we want to select from the [./roles](./roles) directory, for example:

...
  imports = [
    ../roles/m1.nix
    ../roles/defaults.nix
    ../roles/brew.nix
    ../roles/yabai.nix
    ../roles/network.nix
    ../roles/home-manager/settings.nix
  ];
...

Roles:

Currently, the Flake contains the following example configurations that are in the ./roles directory (listed in no particular order):