darwin-config

Provisioning for my MacBook's with Nix.

Secrets

Generally all secrets are encrypted with agenix, so make sure to copy the SSH keys from the secrets stick with these commands:

mkdir -p $HOME/.ssh
cp /Volumes/secrets/ssh/id_* $HOME/.ssh/
chmod u=rw,g=,o= $HOME/.ssh/id_*

Prepare

Generally we disable SIP, just boot into the recovery system and open a terminal to execute csrutil disable, after rebooting into the regular system you can check with csrutil status if it's still disabled.

It's a good idea to install all apps from the store which have been bought, especially Xcode, otherwise it fails to build macOS applications.

Dagda

Bootstrap

softwareupdate --install-rosetta --agree-to-license
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
sh <(curl -L https://nixos.org/nix/install)
reboot

nix \
    --extra-experimental-features "nix-command flakes" \
    build \
    github:tboerger/darwin-config\#dagda \
    --no-write-lock-file

./result/sw/bin/darwin-rebuild switch \
    --flake github:tboerger/darwin-config\#dagda

Updates

darwin-rebuild switch \
    --flake github:tboerger/darwin-config\#dagda

Security

If you find a security issue please contact [email protected] first.

Contributing

Fork -> Patch -> Push -> Pull Request

Authors

• Thomas Boerger

License

Apache-2.0

Copyright

Copyright (c) 2021 Thomas Boerger <[email protected]>