Because "it works on my machine" should mean it works on every machine. Deterministic builds, reproducible environments, and the smug satisfaction of knowing exactly what's installed.
A flakes-only nix-darwin configuration for M4 Max MacBook Pro. Manages system packages, macOS settings, dotfiles, and AI CLI tools - all declaratively.
Think of it as infrastructure-as-code, but for your laptop. Fully automated with Dependabot and AI-reviewed updates.
# Rebuild after config changes (use the sa-drs alias)
sa-drs
# Search for a package
nix search nixpkgs <name>
# Rollback if something breaks
sudo darwin-rebuild --rollbackThe sa-drs alias handles system activation automatically. See RUNBOOK.md for detailed procedures.
.
├── flake.nix # Main entry point
├── hosts/ # Host-specific configurations
│ └── macbook-m4/ # Active M4 Max MacBook Pro
├── modules/ # Reusable configuration modules
│ ├── common/ # Cross-platform packages
│ ├── darwin/ # macOS system settings
│ └── home-manager/ # User environment (shell, git, AI CLIs)
├── shells/ # Development environment templates
└── lib/ # Shared configuration variables
Full details in ARCHITECTURE.md.
| Component | What It Does |
|---|---|
| Determinate Nix | Manages Nix itself - daemon, updates, core config |
| nix-darwin | macOS packages, system settings, homebrew integration |
| home-manager | User config - shell, aliases, dotfiles, AI CLIs |
| mac-app-util | Stable app trampolines to preserve TCC permissions |
Key Rule: Use nixpkgs for everything. Homebrew is fallback only.
| Category | Examples |
|---|---|
| CLI Tools | bat, delta, eza, fd, fzf, ripgrep, jq, htop |
| Development | nodejs, gh, claude-code, gemini-cli |
| GUI Apps | VS Code, Obsidian, Raycast, Bitwarden |
| macOS Settings | Dock, Finder, keyboard, trackpad, hot corners |
| AI CLI Permissions | 280+ auto-approved commands with security tiers |
Project-specific environments without polluting global state:
nix develop ~/.config/nix#python # Python + pip + venv
nix develop ~/.config/nix#python-data # + pandas, numpy, jupyter
nix develop ~/.config/nix#js # Node.js + npm/yarn/pnpm
nix develop ~/.config/nix#go # Go + gopls + delve
nix develop ~/.config/nix#terraform # Terraform/OpenTofuSee shells/README.md for all available shells.
| File | Purpose |
|---|---|
| RUNBOOK.md | Step-by-step operational procedures |
| ARCHITECTURE.md | Detailed structure and module relationships |
| TROUBLESHOOTING.md | Common issues and solutions |
| CLAUDE.md | AI agent instructions |
| docs/ANTHROPIC-ECOSYSTEM.md | Claude Code integration reference |
| docs/MONITORING.md | Auto-Claude monitoring and observability setup |
Contributions welcome. See CONTRIBUTING.md for details. The short version: open a PR, follow existing patterns, and I'll probably merge it.
Apache 2.0 - Use it, modify it, just keep the attribution.
Built by a human, refined by AI, used by both.