diff --git a/README.md b/README.md index f1fde26..c16916d 100644 --- a/README.md +++ b/README.md @@ -1,20 +1,5 @@ # Nix Config -## Approach - -This repo is the source of truth for the machine's reproducible developer -environment across macOS and Linux: - -- `home/` contains the Home Manager modules for user-facing tools -- `config/` contains the repo-owned config trees copied from your daily setup -- `modules/` contains host-level `nix-darwin` policy and package layers -- `modules/homebrew.nix` is intentionally narrow and only exists for GUI apps - that are still easier to keep in Brew on macOS -- `home/migration.nix` contains one-time ownership handoff logic from `~/dots` - into Home Manager so the steady-state modules can stay focused on real config -- `lib/package-sets.nix` defines the shared CLI package subsets used by both - macOS and Linux hosts - ## Layout - `flake.nix`: top-level flake and host wiring @@ -39,15 +24,7 @@ environment across macOS and Linux: `~/Library/Application Support` state are intentionally outside declarative Nix ownership -## Dedicated Inputs - -Most tools come from `nixpkgs`. Fast-moving CLIs that you want to update on -their own cadence are pinned as dedicated flake inputs: - -- `googleworkspace-cli` -- `claudeCode` - -Bitwarden note: +## Bitwarden note: - `bw` is installed via Homebrew as `bitwarden-cli` - `bws` is not currently managed in this repo because I did not find a @@ -56,84 +33,3 @@ Bitwarden note: via `just secrets-sync` - vault items are currently the source of truth for imported machine secrets and SSH material - -## Commands - -First switch: - -```bash -nix run github:LnL7/nix-darwin/master#darwin-rebuild -- switch --flake path:.#hari-macbook-pro -``` - -First Linux switch: - -```bash -nix run github:nix-community/home-manager -- switch --flake path:.#workstation -b hm-bak -``` - -After the first successful switch: - -```bash -just switch -just switch workstation -just build -just build workstation -just check -``` - -Update everything pinned by the flake: - -```bash -nix flake update -just switch -``` - -Update only Codex or Claude: - -```bash -nix flake lock --update-input claudeCode -just switch -``` - -Update Codex: - -```bash -brew upgrade --cask codex -just switch -``` - -Sync Bitwarden-backed shell secrets: - -```bash -export BW_SESSION="$(bw unlock --raw)" -just secrets-sync -``` - -Restore file-based secrets from Bitwarden: - -```bash -export BW_SESSION="$(bw unlock --raw)" -just secrets-restore-files -``` - -## What Still Needs Manual Handling - -- Promoting vault-backed secrets into Bitwarden Secrets Manager machine-account - flows, if you want fully non-interactive sandbox secret injection later -- App state under `~/Library/Application Support` -- Anything that depends on local credentials, keychains, or encrypted stores -- Manual cleanup of old non-Nix installs that are no longer wanted - -## Current Homebrew Scope - -The current Homebrew boundary is only: - -- `cap` -- `codex` -- `raycast` -- `riptide-dev` -- `thebrowsercompany-dia` -- `wispr-flow` - -Homebrew activation is currently `cleanup = "uninstall"`, so anything outside -that list is treated as drift and removed on `darwin-rebuild switch`.