{ description = "Example Darwin system flake"; inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; flake-utils.url = "github:numtide/flake-utils"; nix-darwin.url = "github:LnL7/nix-darwin"; nix-darwin.inputs.nixpkgs.follows = "nixpkgs"; agenix = { url = "github:ryantm/agenix"; inputs.nixpkgs.follows = "nixpkgs"; }; railbird-secrets = { url = "git+ssh://gitea@dev.railbird.ai:1123/railbird/secrets-flake.git"; }; nix-homebrew.url = "github:zhaofengli-wip/nix-homebrew"; # Optional: Declarative tap management homebrew-core = { url = "github:homebrew/homebrew-core"; flake = false; }; homebrew-cask = { url = "github:homebrew/homebrew-cask"; flake = false; }; home-manager.url = "github:nix-community/home-manager"; home-manager.inputs.nixpkgs.follows = "nixpkgs"; codex-cli-nix = { # Default branch is `main` on GitHub (not `master`). url = "github:sadjow/codex-cli-nix/main"; inputs.nixpkgs.follows = "nixpkgs"; }; claude-code-nix = { url = "github:sadjow/claude-code-nix"; inputs.nixpkgs.follows = "nixpkgs"; }; keepbook = { url = "github:colonelpanic8/keepbook"; inputs.nixpkgs.follows = "nixpkgs"; inputs.flake-utils.follows = "flake-utils"; }; git-blame-rank = { url = "github:colonelpanic8/git-blame-rank"; inputs.nixpkgs.follows = "nixpkgs"; inputs.flake-utils.follows = "flake-utils"; }; }; outputs = inputs @ { self, agenix, nix-darwin, nixpkgs, home-manager, nix-homebrew, ... }: let libDir = ../dotfiles/lib; configuration = { pkgs, lib, config, ... }: let essentialPkgs = (import ../nixos/essential.nix {inherit pkgs lib inputs;}).environment.systemPackages; in { networking.hostName = "mac-demarco-mini"; imports = [(import ./gitea-actions-runner.nix)]; age = { identityPaths = [ "${config.users.users.kat.home}/.ssh/id_ed25519" "/etc/ssh/ssh_host_ed25519_key" "/etc/ssh/ssh_host_rsa_key" ]; secrets.gitea-runner-token.file = ../nixos/secrets/gitea-runner-token.mac-demarco-mini.age; }; services.gitea-actions-runner = { user = "gitea-runner"; instances.nix = { enable = true; name = config.networking.hostName; url = "https://dev.railbird.ai"; tokenFile = config.age.secrets.gitea-runner-token.path; labels = [ "nix-darwin-${pkgs.system}:host" "macos-aarch64-darwin" "nix:host" ]; settings = { cache = { enabled = true; }; host = { workdir_parent = "/var/lib/gitea-runner/action-cache-dir"; }; }; hostPackages = with pkgs; [ bash coreutils curl direnv gawk just git-lfs isort gitFull gnused ncdu nixVersions.stable nodejs openssh wget ]; }; }; launchd.daemons.gitea-runner-nix.serviceConfig.EnvironmentVariables = { XDG_CONFIG_HOME = "/var/lib/gitea-runner"; XDG_CACHE_HOME = "/var/lib/gitea-runner/.cache"; XDG_RUNTIME_DIR = "/var/lib/gitea-runner/tmp"; }; system.primaryUser = "kat"; system.defaults.NSGlobalDomain."com.apple.swipescrolldirection" = false; system.defaults.CustomUserPreferences."com.apple.screensaver".idleTime = 300; system.defaults.screensaver.askForPassword = false; system.defaults.screensaver.askForPasswordDelay = 0; power.sleep = { computer = "never"; display = "never"; harddisk = "never"; }; # launchd.daemons.gitea-runner-restarter = { # serviceConfig = { # ProgramArguments = [ # "/usr/bin/env" # "bash" # "-c" # '' # SERVICE_NAME="org.nixos.gitea-runner-nix" # while true; do # # Check the second column of launchctl list output for our service # EXIT_CODE=$(sudo launchctl list | grep "$SERVICE_NAME" | awk '{print $2}') # if [ -z "$EXIT_CODE" ]; then # echo "$(date): $SERVICE_NAME is running correctly. Terminating the restarter." # exit 0 # else # echo "$(date): $SERVICE_NAME is not running or in error state. Attempting to restart..." # sudo launchctl bootout system/$SERVICE_NAME 2>/dev/null || true # sudo launchctl load /Library/LaunchDaemons/$SERVICE_NAME.plist # sleep 2 # Give the service some time to start # fi # done # '' # ]; # RunAtLoad = true; # ThrottleInterval = 300; # }; # }; launchd.daemons.does-anything-work = { serviceConfig = { ProgramArguments = ["/usr/bin/env" "bash" "-c" "date > /var/log/does-anything-work"]; RunAtLoad = true; }; }; nixpkgs.overlays = [ (import ../nixos/overlay.nix) # Use codex and claude-code from dedicated flakes with cachix (final: prev: { codex = inputs.codex-cli-nix.packages.${prev.stdenv.hostPlatform.system}.default; claude-code = inputs.claude-code-nix.packages.${prev.stdenv.hostPlatform.system}.default; }) ]; environment.systemPackages = essentialPkgs ++ [pkgs.spotify]; nixpkgs.config.allowUnfree = true; # Install GUI-visible fonts into /Library/Fonts/Nix Fonts. fonts.packages = with pkgs; [ nerd-fonts.jetbrains-mono ]; # Homebrew casks (managed by nix-darwin, installed by nix-homebrew) homebrew = { enable = true; casks = [ "codex-app" "ghostty" ]; masApps = { Xcode = 497799835; }; onActivation.cleanup = "zap"; }; # Auto upgrade nix package and the daemon service. launchd.user.envVariables.PATH = config.environment.systemPath; programs.direnv.enable = true; # Necessary for using flakes on this system. nix.settings = { experimental-features = "nix-command flakes"; substituters = [ "https://cache.nixos.org" "https://codex-cli.cachix.org" "https://claude-code.cachix.org" ]; trusted-public-keys = [ "codex-cli.cachix.org-1:1Br3H1hHoRYG22n//cGKJOk3cQXgYobUel6O8DgSing=" "claude-code.cachix.org-1:YeXf2aNu7UTX8Vwrze0za1WEDS+4DuI2kVeWEE4fsRk=" ]; }; # Set Git commit hash for darwin-version. system.configurationRevision = self.rev or self.dirtyRev or null; # Used for backwards compatibility, please read the changelog before changing system.stateVersion = 4; # The platform the configuration will be used on. nixpkgs.hostPlatform = "aarch64-darwin"; users.users.kat.openssh.authorizedKeys.keys = inputs.railbird-secrets.keys.kanivanKeys; users.users.gitea-runner = { name = "gitea-runner"; isHidden = false; home = "/Users/gitea-runner"; createHome = false; }; users.users.kat = { name = "kat"; home = "/Users/kat"; }; programs.zsh = { enable = true; enableSyntaxHighlighting = true; }; home-manager = { useGlobalPkgs = true; useUserPackages = true; backupFileExtension = "hm-backup"; extraSpecialArgs = { inherit inputs libDir; }; sharedModules = [./home/common.nix]; users.kat = { imports = [./home/kat.nix]; }; }; }; in { darwinConfigurations."mac-demarco-mini" = nix-darwin.lib.darwinSystem { modules = [ agenix.darwinModules.default home-manager.darwinModules.home-manager nix-homebrew.darwinModules.nix-homebrew { nix-homebrew = { enable = true; user = "kat"; autoMigrate = true; taps = { "homebrew/homebrew-core" = inputs.homebrew-core; "homebrew/homebrew-cask" = inputs.homebrew-cask; }; }; } configuration ]; }; # Expose the package set, including overlays, for convenience. darwinPackages = self.darwinConfigurations."mac-demarco-mini".pkgs; }; }