From 2cdc097ebe57d437c13a3220b54c48675c090d91 Mon Sep 17 00:00:00 2001 From: Mike Splain Date: Wed, 1 Apr 2026 12:10:43 -0400 Subject: [PATCH 1/4] Refactor Darwin flake targets --- .github/workflows/nix-test.yaml | 7 +++---- .gitignore | 3 ++- README.md | 27 ++++++++++++++++++++------- darwin/homebrew.nix | 1 - darwin/local-flake-target.example | 8 ++++++++ flake.nix | 20 ++++++++------------ home/default.nix | 1 - home/git.nix | 1 - home/shell.nix | 29 +++++++++++++++++++++++++++-- 9 files changed, 68 insertions(+), 29 deletions(-) create mode 100644 darwin/local-flake-target.example diff --git a/.github/workflows/nix-test.yaml b/.github/workflows/nix-test.yaml index d115f68c..70f3ccaa 100644 --- a/.github/workflows/nix-test.yaml +++ b/.github/workflows/nix-test.yaml @@ -20,7 +20,7 @@ jobs: contents: read id-token: write env: - CI_HOSTNAME: ci-${{ matrix.os.name }} + CI_FLAKE_TARGET: ci runs-on: ${{ matrix.os.name }} strategy: fail-fast: false @@ -47,7 +47,6 @@ jobs: use-gha-cache: enabled - name: Setup run: | - sed -i '' "s/defaultHostname/${CI_HOSTNAME}/g" flake.nix sed -i '' "s/defaultSystem/${{matrix.os.arch}}/g" flake.nix sed -i '' "s/defaultVersion/$(sw_vers --productVersion | cut -d. -f1)/g" flake.nix @@ -71,7 +70,7 @@ jobs: env: NIX_CONFIG: "access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}" run: | - sudo -E nix run nix-darwin/master#darwin-rebuild --extra-experimental-features "nix-command flakes" -- switch --flake .#${CI_HOSTNAME} + sudo -E nix run nix-darwin/master#darwin-rebuild --extra-experimental-features "nix-command flakes" -- switch --flake .#${CI_FLAKE_TARGET} - name: Test - Switch # See https://github.com/actions/runner-images/issues/264 @@ -79,7 +78,7 @@ jobs: env: NIX_CONFIG: "access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}" run: | - sudo -E darwin-rebuild switch --flake .#${CI_HOSTNAME} + sudo -E darwin-rebuild switch --flake .#${CI_FLAKE_TARGET} # - name: Test - bashrc # run: bash -c "source ~/.bashrc" diff --git a/.gitignore b/.gitignore index cfbccdf7..0c5b16b1 100644 --- a/.gitignore +++ b/.gitignore @@ -5,6 +5,7 @@ ssh/known_hosts ssh/google* ssh/*Github secrets +darwin/local-flake-target rbenv/*/ .DS_Store @@ -13,4 +14,4 @@ gitconfig-user .direnv .pre-commit-config.yaml -.prettierignore \ No newline at end of file +.prettierignore diff --git a/README.md b/README.md index 10f16df7..cb460264 100644 --- a/README.md +++ b/README.md @@ -19,19 +19,30 @@ Opinionated `nix-darwin` and Home Manager configuration for bringing a clean mac cd ~/.dotfiles ``` -3. Perform the first system activation with the same command CI runs: +3. Perform the first system activation with the public flake target that matches your machine: ```bash - nix run nix-darwin/master#darwin-rebuild --extra-experimental-features "nix-command flakes" -- switch --flake . + nix run nix-darwin/master#darwin-rebuild --extra-experimental-features "nix-command flakes" -- switch --flake .#darwin-arm64 ``` -4. For day-to-day updates after the initial activation: + Use `darwin-arm64` for Apple Silicon machines and `darwin-x86_64` for Intel machines. + +4. Optionally set a private default target on each machine so the `switch` shell helper can stay host-agnostic: + + ```bash + cp darwin/local-flake-target.example darwin/local-flake-target + $EDITOR darwin/local-flake-target + ``` + +5. For day-to-day updates after the initial activation: ```bash - darwin-rebuild switch --flake . + switch ``` -5. Drop into the development shell whenever you need project tooling (`nixfmt`, `prettier`, git hooks, etc.): + You can also continue to use `darwin-rebuild switch --flake .#darwin-arm64` explicitly. + +6. Drop into the development shell whenever you need project tooling (`nixfmt`, `prettier`, git hooks, etc.): ```bash nix develop @@ -60,14 +71,16 @@ bootstrap.sh # Convenience script for bootstrapping fresh machines ## Everyday Commands -- `darwin-rebuild switch --flake .` — Apply configuration changes to the current machine. +- `switch [target]` — Apply configuration changes using a private local default or an explicit public target. +- `darwin-rebuild switch --flake .#darwin-arm64` — Apply the Apple Silicon configuration explicitly. +- `darwin-rebuild switch --flake .#darwin-x86_64` — Apply the Intel configuration explicitly. - `nix develop` — Enter the dev shell with formatters and pre-commit hooks configured. - `pre-commit run --all-files` — Lint and format Nix and text assets to match CI. - `nix flake update` — Refresh inputs and rewrite `flake.lock` when bumping dependencies. ## Validation & Testing -- Run `darwin-rebuild switch --flake .` (or the CI command from Quick Start) after edits to confirm the macOS build succeeds. +- Run `switch` or `darwin-rebuild switch --flake .#` after edits to confirm the macOS build succeeds. - Use `nix flake check` to evaluate Home Manager modules on both `aarch64-darwin` and `x86_64-darwin`. - Source the interactive shell with `zsh -vc "source ~/.zshrc"` to ensure the login environment stays clean. diff --git a/darwin/homebrew.nix b/darwin/homebrew.nix index 24b6fa4d..f67e6ae3 100644 --- a/darwin/homebrew.nix +++ b/darwin/homebrew.nix @@ -2,7 +2,6 @@ inputs, lib, user, - hostname, osVersion, platform, ... diff --git a/darwin/local-flake-target.example b/darwin/local-flake-target.example new file mode 100644 index 00000000..c3559949 --- /dev/null +++ b/darwin/local-flake-target.example @@ -0,0 +1,8 @@ +# Copy this file to darwin/local-flake-target on each machine and keep the +# selected target private. +# +# Valid public targets: +# - darwin-arm64 +# - darwin-x86_64 + +darwin-arm64 diff --git a/flake.nix b/flake.nix index 447f3aec..a91e1eeb 100644 --- a/flake.nix +++ b/flake.nix @@ -60,7 +60,6 @@ mkDarwinSystem = { system, - hostname, osVersion, username, }: @@ -109,7 +108,6 @@ specialArgs = { inherit inputs - hostname osVersion platform system @@ -131,7 +129,6 @@ extraSpecialArgs = { inherit inputs - hostname platform ; user = user; @@ -146,31 +143,30 @@ } ]; }; - in - { - darwinConfigurations = { - "MSPLAIN-M-CH4Y" = mkDarwinSystem { + + publicDarwinConfigurations = { + darwin-arm64 = mkDarwinSystem { system = "aarch64-darwin"; - hostname = "MSPLAIN-M-CH4Y"; osVersion = "26"; username = "msplain"; }; - "Mikes-MBP-16" = mkDarwinSystem { + darwin-x86_64 = mkDarwinSystem { system = "x86_64-darwin"; - hostname = "Mikes-MBP-16"; osVersion = "26"; username = "mike"; }; # For CI and testing - "defaultHostname" = mkDarwinSystem { + ci = mkDarwinSystem { system = "defaultSystem"; - hostname = "defaultHostname"; osVersion = "defaultVersion"; username = "runner"; }; }; + in + { + darwinConfigurations = publicDarwinConfigurations; # Import devShells from devshell.nix inherit (import ./devshell.nix { inherit inputs; }) devShells; diff --git a/home/default.nix b/home/default.nix index 806f8497..b5513914 100644 --- a/home/default.nix +++ b/home/default.nix @@ -3,7 +3,6 @@ user, system, config, - hostname, ... }: let diff --git a/home/git.nix b/home/git.nix index 8ee94eea..f41b92f9 100644 --- a/home/git.nix +++ b/home/git.nix @@ -1,7 +1,6 @@ { inputs, pkgs, - hostname, ... }: { diff --git a/home/shell.nix b/home/shell.nix index e1443fe6..3f810e81 100644 --- a/home/shell.nix +++ b/home/shell.nix @@ -72,7 +72,7 @@ High-level help Show this list dot, dotfiles cd $HOME/.dotfiles - switch darwin-rebuild switch --flake . + switch [target] darwin-rebuild switch --flake .# update_flake_from_pr Approve + merge latest successful flake update PR and pull w windsurf . c cursor . @@ -137,9 +137,34 @@ eval "$(mise activate zsh)" + darwin_flake_target() { + local target="$1" + local repo_dir="${"2:-$HOME/.dotfiles"}" + local target_file="$repo_dir/darwin/local-flake-target" + + if [[ -n "$target" ]]; then + print -r -- "$target" + return 0 + fi + + if [[ -f "$target_file" ]]; then + target=$(grep -Ev '^[[:space:]]*(#|$)' "$target_file" | head -n 1) + if [[ -n "$target" ]]; then + print -r -- "$target" + return 0 + fi + fi + + echo "No default Darwin flake target configured." >&2 + echo "Pass a target like 'switch darwin-arm64' or create $target_file." >&2 + return 1 + } + # Switch to the current flake switch() { - sudo darwin-rebuild switch --flake . + local target + target=$(darwin_flake_target "$1") || return 1 + sudo darwin-rebuild switch --flake ".#${target}" } # Approve + merge latest successful flake update PR and pull locally. From c5581b81f4db5b3309563c7b30316aebd810a9d0 Mon Sep 17 00:00:00 2001 From: Mike Splain Date: Wed, 1 Apr 2026 10:39:33 -0400 Subject: [PATCH 2/4] Escape flake target shell expansions --- home/shell.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/home/shell.nix b/home/shell.nix index 3f810e81..1417b1a0 100644 --- a/home/shell.nix +++ b/home/shell.nix @@ -139,7 +139,7 @@ darwin_flake_target() { local target="$1" - local repo_dir="${"2:-$HOME/.dotfiles"}" + local repo_dir="''${2:-$HOME/.dotfiles}" local target_file="$repo_dir/darwin/local-flake-target" if [[ -n "$target" ]]; then @@ -164,7 +164,7 @@ switch() { local target target=$(darwin_flake_target "$1") || return 1 - sudo darwin-rebuild switch --flake ".#${target}" + sudo darwin-rebuild switch --flake ".#''${target}" } # Approve + merge latest successful flake update PR and pull locally. From 1e947cfce4e512047830292c753e7d566522d01c Mon Sep 17 00:00:00 2001 From: Mike Splain Date: Wed, 1 Apr 2026 11:26:59 -0400 Subject: [PATCH 3/4] Make Homebrew activation more resilient --- darwin/homebrew.nix | 25 +++++++------------------ 1 file changed, 7 insertions(+), 18 deletions(-) diff --git a/darwin/homebrew.nix b/darwin/homebrew.nix index f67e6ae3..0aef3b5e 100644 --- a/darwin/homebrew.nix +++ b/darwin/homebrew.nix @@ -23,8 +23,10 @@ in homebrew = { enable = true; onActivation = { - autoUpdate = true; - upgrade = true; + # Keep rebuilds idempotent and avoid getting blocked on flaky GUI app + # upgrade/install behavior during system activation. + autoUpdate = false; + upgrade = false; }; brews = [ "awscli" @@ -70,25 +72,12 @@ in "vagrant" "virtualbox" "visual-studio-code" - "zen" ]; # Mac App Store apps - # These app IDs are from using the mas CLI app (mac app store) - # $ nix shell nixpkgs#mas - # $ mas search - masApps = - if user.name != "runner" then - { - "GoodLinks" = 1474335294; - "TestFlight" = 899247664; - "The Unarchiver" = 425424353; - "Things" = 904280696; - "Velja" = 1607635845; - "WireGuard" = 1451685025; - } - else - { }; + # Keep App Store installs out of activation. `mas` sign-in and purchase state + # are not reliably idempotent, which can block unrelated rebuilds. + masApps = { }; }; # Nix-homebrew configuration From 9f8b65c25a5e231a12b04f09249a4af4a3bae071 Mon Sep 17 00:00:00 2001 From: Mike Splain Date: Wed, 1 Apr 2026 12:04:32 -0400 Subject: [PATCH 4/4] Tune Homebrew activation behavior --- darwin/homebrew.nix | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/darwin/homebrew.nix b/darwin/homebrew.nix index 0aef3b5e..1eaa3b21 100644 --- a/darwin/homebrew.nix +++ b/darwin/homebrew.nix @@ -23,10 +23,10 @@ in homebrew = { enable = true; onActivation = { - # Keep rebuilds idempotent and avoid getting blocked on flaky GUI app - # upgrade/install behavior during system activation. + # Avoid Homebrew self-updating on every rebuild while still allowing + # managed formula and cask upgrades during activation. autoUpdate = false; - upgrade = false; + upgrade = true; }; brews = [ "awscli" @@ -75,9 +75,21 @@ in ]; # Mac App Store apps - # Keep App Store installs out of activation. `mas` sign-in and purchase state - # are not reliably idempotent, which can block unrelated rebuilds. - masApps = { }; + # These app IDs are from using the mas CLI app (mac app store) + # $ nix shell nixpkgs#mas + # $ mas search + masApps = + if user.name != "runner" then + { + "GoodLinks" = 1474335294; + "TestFlight" = 899247664; + "The Unarchiver" = 425424353; + "Things" = 904280696; + "Velja" = 1607635845; + "WireGuard" = 1451685025; + } + else + { }; }; # Nix-homebrew configuration