OS-nixCfg

My personal declarative Nix configurations for macOS, Android, and Linux (NixOS/WSL).

---

---

📜 Overview

This repository contains primarily nix configurations, leveraging Nix Flakes, Home Manager, and system-specific modules (NixOS, nix-darwin, nix-on-droid) to achieve a purely declarative, reproducible, and consistent environment across multiple OSes on multiple hosts for multiple users:

• 🍎 macOS (via nix-darwin)
• 🤖 Android (via nix-on-droid)
• 🐧 *nix (NixOS) (including WSL via NixOS-WSL)

📁 Project Structure

The repository is organized using flake-parts for better modularity.

└── OS-nixCfg/
    ├── assets/
    │   └── qezta.png
    ├── flake/
    │   ├── default.nix
    │   ├── devshells.nix
    │   ├── formatters.nix
    │   ├── mkHost.nix
    │   └── pre-commit.nix
    ├── flake.lock
    ├── flake.nix
    ├── home/
    │   ├── common
    │   ├── comms
    │   ├── default.nix
    │   ├── desktop-env
    │   ├── dev
    │   ├── keyboard
    │   ├── media
    │   ├── tools
    │   ├── tty
    │   └── web
    ├── hosts/
    │   ├── common
    │   ├── darwin
    │   ├── default.nix
    │   ├── droid
    │   └── nixos
    ├── lib/
    │   └── default.nix
    ├── LICENSE
    ├── modules/
    │   ├── common
    │   ├── home
    │   └── hosts
    ├── nix.nix
    ├── README.md
    ├── scripts/
    │   ├── home_rebuild.sh
    │   └── hosts_rebuild.sh
    ├── SECURITY.md
    └── shell.nix

❄️Flake Inputs

This flake relies on several external inputs to manage dependencies and configurations:

• nixpkgs: The core Nix package set (tracking nixpkgs-unstable).
• flake-parts: Used for structuring the flake outputs with modularity.
• home-manager: Manages user-level configurations and dotfiles.
• nix-darwin: Enables declarative macOS system configuration.
• nix-on-droid: Enables declarative Android configuration via Termux fork.
• NixOS-WSL: Provides modules for running NixOS on WSL.
• nix-homebrew: For Homebrew bootstrapping within nix-darwin.
• agenix / ragenix: Used for managing secrets declaratively via age encryption.
• OS-nixCfg-secrets: (Private Repository) Contains encrypted secrets managed by agenix.
• Nvim-Cfg: My external Neovim configuration repository.
• nvchad4nix: Integrates Neovim configurations (like NvChad or custom starters) with Home Manager.
• kanata-tray: Provides a system tray application for managing Kanata keyboard remapping presets.
• devshell: Provides a convenient development shell
• pre-commit-hooks: Manages Git hooks for code quality and formatting.
• systems: Provides standard system identifiers list (e.g., x86_64-darwin).
• (Other dependencies): Various helper flakes and libraries.

(See flake.nix for the complete list and specific sources)

🔒 Secrets Management

Secrets (API keys, passwords, sensitive configurations) are managed using agenix or specificaly ragenix.

1. Secrets are encrypted using ssh keys. My public key is explicitly available to ragenix.
2. The encrypted files reside in a private GitHub repository: DivitMittal/OS-nixCfg-secrets. This repository is referenced as a flake input.
3. During the Nix build process, agenix decrypts these files using my private key (which must be present on the target machine at ~/.ssh/agenix/id_ed25519).
4. The decrypted files are placed in the Nix store and symlinked to their target locations.

⚠️ Building this configuration requires access to the private OS-nixCfg-secrets repository and the corresponding private ssh key.

🔗 Related Repositories

• DivitMittal/Nvim-Cfg: Pure lua standalone Neovim configuration, used as an input via nix4nvchad.
• DivitMittal/OS-nixCfg-secrets: (Private) Contains encrypted secrets managed by agenix.
• DivitMittal/TLTR: Cross-platform complex multi-layer keyboard layout tailored for programmers .