diff --git a/README.md b/README.md index 317fa8c..04de368 100644 --- a/README.md +++ b/README.md @@ -1,9 +1,17 @@ -# Nix Config +# nix -## New Machine +nix-darwin + NixOS + Home Manager config. -### Darwin +## machines +| name | type | manage | +|------|------|--------| +| darwin | MacBook Pro (aarch64) | `just switch` | +| netty | NixOS VPS (x86_64) | `just switch-netty` | + +## new machine setup + +**darwin:** ```bash curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install git clone https://github.com/harivansh-afk/nix.git ~/Documents/GitHub/nix @@ -12,51 +20,32 @@ sudo nix --extra-experimental-features 'nix-command flakes' run github:nix-darwi exec zsh -l bw login export BW_SESSION="$(bw unlock --raw)" -just secrets-sync -just secrets-restore-files +just secrets-sync && just secrets-restore-files exec zsh -l ``` -### Linux - +**netty (from mac):** ```bash -curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install -git clone https://github.com/harivansh-afk/nix.git ~/Documents/GitHub/nix -cd ~/Documents/GitHub/nix -nix run github:nix-community/home-manager -- switch --flake path:.#linux -b hm-bak -exec zsh -l +nix run github:nix-community/nixos-anywhere -- --flake .#netty --target-host netty --build-on-remote ``` -## Layout +## secrets -- `flake.nix`: top-level flake and host wiring -- `hosts/darwin/default.nix`: macOS nix-darwin host config -- `hosts/linux/default.nix`: standalone Linux Home Manager host config -- `modules/base.nix`: Nix settings and core packages -- `modules/macos.nix`: macOS defaults and host-level settings -- `modules/packages.nix`: system packages and fonts -- `modules/homebrew.nix`: the remaining Homebrew-managed GUI apps -- `home/`: Home Manager modules for shell, editor, CLI tools, and app config -- `home/common.nix`: shared Home Manager imports used by macOS and Linux -- `home/linux.nix`: Linux Home Manager entrypoint -- `home/migration.nix`: transitional cleanup for old `~/dots` symlinks -- `config/`: repo-owned config files consumed by Home Manager +SSH keys and credentials are stored in Bitwarden. After unlocking: +```bash +export BW_SESSION="$(bw unlock --raw)" +just secrets-sync # shell env vars -> ~/.config/secrets/shell.zsh +just secrets-restore-files # SSH keys, AWS, GCloud, Codex, GitHub CLI +``` -## Ownership Boundaries +## layout -- Nix owns packages, dotfiles, shell/editor config, launchd services, and - selected macOS defaults -- Homebrew is retained only for a narrow GUI cask boundary -- Keychain items, TCC/privacy permissions, browser history, and most - `~/Library/Application Support` state are intentionally outside declarative - Nix ownership - -## Bitwarden note: - -- `bw` is installed via Homebrew as `bitwarden-cli` -- `bws` is not currently managed in this repo because I did not find a - supported nixpkgs or Homebrew package for it on macOS during verification -- daily shell secrets are synced from Bitwarden into `~/.config/secrets/shell.zsh` - via `just secrets-sync` -- vault items are currently the source of truth for imported machine secrets and - SSH material +``` +hosts/darwin/ - macOS nix-darwin config +hosts/netty/ - NixOS VPS config (disko + hardware) +modules/ - system-level modules (packages, macos defaults, homebrew) +home/ - Home Manager modules (shell, editor, tools) +lib/ - shared package sets and theme system +config/ - repo-owned config files (nvim, tmux, etc.) +scripts/ - secret management and utility scripts +``` diff --git a/justfile b/justfile index a317f51..e5ab9ca 100644 --- a/justfile +++ b/justfile @@ -30,4 +30,4 @@ secrets-restore-files: ./scripts/restore-bw-files.sh switch-netty: - nixos-rebuild switch --flake path:.#netty --target-host rathi@152.53.195.59 --build-on-remote --use-remote-sudo + ssh rathi@152.53.195.59 "sudo nixos-rebuild switch --flake github:harivansh-afk/nix#netty"