OS-nixCfg

My personal declarative Nix configurations for macOS, Android, and Linux (NixOS/WSL).

---

---

---

Contents

• Overview
• Quick Start
• Architecture
• Project Structure
• Theme Pipeline
• Home Manager Profile Graph
• Network Topology
• Secrets Management
• Related Repositories

---

Overview

This repository contains primarily nix configurations, leveraging Nix Flakes, Home Manager, and system-specific modules (NixOS, nix-darwin, nix-on-droid) to achieve a purely declarative, reproducible, and consistent environment across multiple OSes on multiple hosts for multiple users:

• macOS (via nix-darwin)
• Android (via nix-on-droid)
• *nix (NixOS) (including WSL via NixOS-WSL)

Quick Start

Drop into a pre-built shell environment without cloning or installing anything:

Command	Environment	Platform
nix run github:DivitMittal/OS-nixCfg#tty	Full TTY toolchain (shells, editors, multiplexers, VCS, file tools, …)	all
nix run github:DivitMittal/OS-nixCfg#desktop	TTY + Wayland compositor stack (sway, swaybar, mako, …)	Linux only

Each command drops you into $SHELL with the environment's packages prepended to PATH. No activation, no home-manager switch — ephemeral by design.

The TTY environment already includes the AI toolchain via ai-nixCfg. For an AI-only shell use nix run github:DivitMittal/ai-nixCfg#ai.

---

Architecture

Every host — NixOS, nix-darwin, nix-on-droid, ISO, or standalone home-manager — is built by a single universal function mkCfg (flake/mkCfg.nix). It dispatches by class to the right configuration builder, then composes a layered module bundle: universal defaults from common/all/, platform defaults from common/hosts/<class>/, host-specific overrides from hosts/<class>/<name>/, and (for home-manager configs) user-domain modules from home/<domain>/.

flowchart LR
  subgraph inputs["Flake inputs"]
    direction TB
    np[nixpkgs]
    hm[home-manager]
    nd[nix-darwin]
    nod[nix-on-droid]
    sty[stylix]
    sec["OS-nixCfg-secrets<br/>(private)"]
    more["…+15 more"]
  end

  subgraph layers["Module layers"]
    direction TB
    L1["<b>common/all/</b><br/>shared by every config"]
    L2["<b>common/hosts/&lt;class&gt;/</b><br/>platform defaults"]
    L3["<b>hosts/&lt;class&gt;/&lt;name&gt;/</b><br/>per-host overrides"]
    L4["<b>home/&lt;domain&gt;/</b><br/>home-manager modules"]
    L1 --> L2 --> L3
    L1 --> L4
  end

  mkCfg(["<b>flake/mkCfg.nix</b><br/>universal builder"])

  subgraph outs["Flake outputs"]
    direction TB
    O1[nixosConfigurations]
    O2[darwinConfigurations]
    O3[nixOnDroidConfigurations]
    O4[homeConfigurations]
  end

  inputs --> mkCfg
  layers --> mkCfg
  mkCfg --> outs

Loading

mkCfg is class-driven; each class picks a different system builder and a different slice of modules. See flake/README.md for the dispatch flowchart and common/README.md for the override hierarchy.

---

Project Structure

The repository is organized using flake-parts for better modularity.

.
├── flake/      # flake-parts modules — mkCfg, devshells, checks, actions, topology
├── common/     # shared layers: all/, home/, hosts/{all,darwin,droid,iso,nixos}/
├── hosts/      # per-host overrides: darwin/L1, nixos/{L2,T2,WSL}, droid/M1, iso/
├── home/       # home-manager modules by domain: tty/ gui/ tools/ media/ comms/ dev/ web/
├── modules/    # reusable NixOS/HM/darwin modules
├── overlays/   # nixpkgs overlays (custom, customDarwin)
├── pkgs/       # derivations: custom/ and darwin/
├── lib/        # custom Nix utility functions (palette, scanPaths, …)
├── utils/      # rebuild wrapper scripts
├── templates/  # flake templates (vanilla)
├── assets/     # topology SVGs, wallpapers, profile graph
└── flake.nix   # entry point — inputs, nixConfig, flake-parts wiring

Theme Pipeline

A single source-of-truth palette (lib/palette.nix) — pitch-black background, neon cyan/magenta accents, soft white-blue foreground — feeds every themed surface in the repo. Stylix consumes it at three layers (home-manager / NixOS / nix-darwin) and theming-aware modules pull from it directly.

flowchart LR
  palette[("<b>lib/palette.nix</b><br/>16-color base16 +<br/>fonts + opacity + wallpaper")]

  palette --> sHome["common/home/stylix.nix"]
  palette --> sNixos["common/hosts/nixos/stylix.nix"]
  palette --> sDarwin["common/hosts/darwin/stylix.nix"]
  palette --> wezterm["home/gui/emulators/wezterm.nix"]

  sHome --> aHome["bat · btop · fzf · gtk · qt<br/>firefox · helix · fish · mako<br/>sway · swaybar · i3status-rust<br/>swaylock · …all stylix targets"]
  sNixos --> aNixos["TTY console · GDM/SDDM<br/>plymouth · system GTK"]
  sDarwin --> aDarwin["nix-darwin system bits"]
  wezterm --> aWezterm["generated cyberpunk.toml<br/>consumed by term-nixCfg"]

Loading

See lib/README.md for the palette structure and how to retune it.

Home Manager Profile Graph

This dependency graph visualizes the dependencies of the Home-Manager profile configuration:

Network Topology

The network topology visualizations are automatically generated using nix-topology and provide a comprehensive view of the infrastructure setup across all hosts and networks.

Main Topology

Complete view of all nodes, networks, and their interconnections:

Network View

Focused visualization of network segments and connectivity:

Note: These topology diagrams are automatically built and updated via GitHub Actions whenever topology configurations.

Secrets Management

Secrets (API keys, passwords, sensitive configurations) are managed via agenix or specificaly ragenix.

1. Secrets are encrypted using ssh keys. My public key is explicitly available to ragenix.
2. The encrypted files reside in a private GitHub repository: DivitMittal/OS-nixCfg-secrets. This repository is referenced as a flake input.
3. During the Nix build process, agenix decrypts these files using my private key.
4. The decrypted files are placed in the Nix store & symlinked to their target locations.

⚠️ Building this configuration requires access to the private DivitMittal/OS-nixCfg-secrets repo and the corresponding age private ssh key.

Related Repositories

• DivitMittal/ai-nixCfg: AI/LLM tool configurations extracted for modularity (CLI tools, cloud services, MCP servers, REPL configurations).
• DivitMittal/playbooks-4-windows: Ansible IaC for the Windows 11 boot on the x86_64 MacBook (triple-boot partner of L1 & T2); manages Scoop/Winget/MSYS2 packages, registry, and dotfiles.
• DivitMittal/OS-nixCfg-secrets: (Private) Contains encrypted secrets managed by agenix & ragenix.
• DivitMittal/Vim-Cfg: Pure lua standalone Neovim configuration, deployed via nix4nvchad.
• DivitMittal/Emacs-Cfg: An elisp doomemacs configuration, used as an input via nix-doom-emacs-unstraightened.
• DivitMittal/TLTR: Cross-platform complex multi-layer keyboard layout tailored for programmers.
• DivitMittal/hammerspoon-nix: A nix home-manager module for hammerspoon & my hammerspoon lua configuration.
• DivitMittal/firefox-nixCfg: A personal nix home-manager module/configurations for firefox.
• DivitMittal/tidalcycles-nix: A nix flake for TidalCycles live coding environment.
• DivitMittal/term-nixCfg: Terminal emulator configuration.
• DivitMittal/ghOrg-terraform: Terraform configurations for managing the GitHub organization infrastructure.