NixOS Config for kaynetik

---

kaynix

Personal nix-darwin flake with Home Manager and sops-nix. System modules live under modules/; user config is homes/kaynetik.nix.

Prerequisites

1. Install Lix using the Lix installer (flakes and the nix CLI are enabled for this flake):

curl -sSf -L https://install.lix.systems/lix | sh -s -- install

2. Install Homebrew -- required for the casks and brews declared in modules/apps.nix (GUI apps and CLI tools not packaged in nixpkgs):

/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"

3. Familiarize yourself with flake.nix, modules/, and homes/kaynetik.nix before switching. For background on flakes and nix-darwin, ryan4yin/nixos-and-flakes-book is a solid intro.

First deploy

The flake defines per-host entries in the hosts attrset inside flake.nix (currently knt-mbp and knt-mbpf). Replace HOSTNAME below with whichever entry matches your machine, or add a new one first.

# 1. Clone the repo
git clone https://github.com/kaynetik/kaynix.git
cd kaynix

# 2. Build the system derivation
nix build .#darwinConfigurations.HOSTNAME.system

# 3. Apply (first run bootstraps nix-darwin + Home Manager)
./result/sw/bin/darwin-rebuild switch --flake .#HOSTNAME

Subsequent rebuilds only need step 3 (or darwin-rebuild switch --flake .#HOSTNAME once nix-darwin is on $PATH).

Architecture

graph TD
    subgraph inputs["Flake Inputs"]
        NP["nixpkgs-darwin<br/><i>follows nixpkgs-unstable</i>"]
        DW["darwin<br/><i>nix-darwin</i>"]
        HMI["home-manager"]
        SOPS["sops-nix"]
    end

    F["flake.nix<br/>hosts: knt-mbp, knt-mbpf<br/>+ devShells, formatter"]

    subgraph darwin["darwinConfigurations (per host)"]
        direction LR
        NC["nix-core.nix<br/>nixpkgs, overlays, GC"]
        SYS["system.nix<br/>macOS defaults, Touch ID"]
        APPS["apps.nix<br/>Homebrew, fonts, SketchyBar"]
        HU["host-users.nix<br/>hostname, DNS, users"]
        AERO["aerospace.nix<br/>tiling WM"]
        SEC["secrets.nix<br/>writable secrets dir"]
    end

    subgraph hm["Home Manager (embedded in darwin)"]
        KN["homes/kaynetik.nix<br/>program toggles, session"]
        SOPS_HM["homes/sops.nix<br/>secret paths, activation, rekey"]

        subgraph hmmod["modules/home/"]
            direction LR
            PKG["packages.nix<br/>CLI tools, runtimes, scripts/"]
            PROGS["programs/*<br/>zsh, git, neovim, tmux,<br/>terminals, ssh, fzf, atuin,<br/>sketchybar, lazygit, jujutsu, ..."]
        end

        STATIC["homes/static/<br/>nvim, tmux, alacritty,<br/>sketchybar, zsh, git, sops"]
    end

    inputs --> F
    F --> darwin
    darwin -- "darwinModules.home-manager" --> hm
    KN --> SOPS_HM
    KN --> hmmod
    PROGS --> STATIC
    SOPS["sops-nix"] -. "sharedModules" .-> SOPS_HM

Loading

Secrets (SOPS + YubiKey)

Secrets are encrypted at rest in secrets/secrets.yaml, decrypted at Home Manager activation by sops-nix. See secrets/README.md for editing and yubikey.md for the full YubiKey setup.

flowchart LR
    YK["YubiKey (PIV slot)"]
    PLUGIN["age-plugin-yubikey"]
    ID["~/.config/sops/age/<br/>identity stub"]
    SOPSF["secrets/secrets.yaml<br/>(encrypted)"]
    SOPSNIX["sops-nix<br/>(HM activation)"]
    PLAIN["~/.config/zsh/conf-*.zsh<br/>~/.ssh/conf.d/work<br/>(decrypted, 0600)"]

    YK -- "PIV PIN + touch" --> PLUGIN
    PLUGIN --> ID
    ID --> SOPSNIX
    SOPSF --> SOPSNIX
    SOPSNIX --> PLAIN

Loading

Layout

.
├── flake.nix          # inputs, hosts, darwinConfigurations, devShells
├── flake.lock
├── modules/           # nix-darwin system modules + modules/home/ (HM programs)
├── homes/
│   ├── kaynetik.nix   # Home Manager user config (program toggles)
│   ├── sops.nix       # sops-nix secret paths, activation, rekey script
│   └── static/        # dotfiles: nvim, tmux, alacritty, sketchybar, zsh, git
├── secrets/           # sops-encrypted secrets (see secrets/README.md)
└── scripts/           # helper scripts installed into home.packages