.envrc

@@ -0,0 +1,2 @@
+# export SOPS_AGE_KEY_FILE=${HOME}/.config/sops/age/keys.txt
+export SOPS_AGE_KEY_FILE=$(pwd)/.keys.txt

.gitattributes

@@ -0,0 +1 @@
+secrets/** filter=git-crypt diff=git-crypt

.gitignore

@@ -0,0 +1 @@
+.key*

.sops.yaml

@@ -0,0 +1,4 @@
+creation_rules:
+  - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
+    age: >-
+      age1fwwfdh3np846pcwlsre2d8py3a8z5gfltx3jcyghdfx9esn6a40sm60mdj

README.md

@@ -10,8 +10,30 @@ curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix
 /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
 
 # Get repo
-git clone https://github.com/cupcakearmy/nix-macos ~/.config/nix-darwin
+git clone https://github.com/cupcakearmy/nix-macos ~/.config/nix-macos
+
+# Unlock (Given that the base64 key is in your clipboard)
+nix shell nixpkgs#git nixpkgs#git-crypt nixpkgs#coreutils
+pbpaste | base64 --decode > .key
+git-crypt unlock .key
 
 # Installation
-nix run nix-darwin -- switch --flake ~/.config/nix-darwin#mbp
+# Available hosts can be found in the ./hosts directory
+nix run nix-darwin -- switch --flake ~/.config/nix-macos#<host>
+
+# After installation simply use the provided alias to rebuild
+vai
+```
+
+## Crypt
+
+Files under `secrets` are encrypted using `git-crypt`.
+
+```bash
+# Save the key, when the repo is unlocked
+git-crypt export-key - | base64 > .key.b64
+
+# Decode (Given the base64 key is written to .key.b64)
+cat .key.b64 | base64 --decode > .key
+git-crypt unlock .key
 ```

cask.nix

@@ -17,13 +17,13 @@
   "sloth"
   "vscodium"
   "hoppscotch"
-  "tailscale"
   "utm"
+  "balenaetcher"
 
   # Apps
   "figma"
   "arc"
-  "zen-browser"
+  "firefox"
   "bitwarden"
   "spotify"
   "vlc"

darwin.nix

@@ -0,0 +1,72 @@
+{
+  pkgs,
+  host,
+  flake,
+  lib,
+  ...
+}:
+{
+  nix.settings.experimental-features = "nix-command flakes";
+
+  # Set Git commit hash for darwin-version.
+  system.configurationRevision = flake.rev or flake.dirtyRev or null;
+
+  # Used for backwards compatibility, please read the changelog before changing.
+  # $ darwin-rebuild changelog
+  system.stateVersion = 5;
+  nixpkgs.hostPlatform = host.platform;
+  nixpkgs.config.allowUnfree = true;
+
+  # Nix Darwin
+  # https://daiderd.com/nix-darwin/manual/index.html
+
+  # Security
+  system.defaults.screensaver.askForPassword = true;
+  system.defaults.screensaver.askForPasswordDelay = 0;
+  system.defaults.loginwindow.GuestEnabled = false;
+
+  # Dock
+  system.defaults.dock.autohide = true;
+  system.defaults.dock.orientation = "left";
+  system.defaults.dock.show-recents = false;
+  system.defaults.dock.persistent-apps = [
+    "/Applications/Arc.app"
+    "/Applications/Ghostty.app"
+    "/Applications/VSCodium.app"
+    "/Applications/Spotify.app"
+    "/System/Applications/System Settings.app"
+  ];
+  system.defaults.dock.persistent-others = [ ];
+
+  # Input devices
+  system.keyboard.enableKeyMapping = true;
+  system.keyboard.remapCapsLockToEscape = true;
+  system.defaults.NSGlobalDomain.InitialKeyRepeat = 25;
+  system.defaults.NSGlobalDomain.KeyRepeat = 2;
+  system.defaults.NSGlobalDomain."com.apple.mouse.tapBehavior" = 1;
+  system.defaults.NSGlobalDomain."com.apple.trackpad.scaling" = 0.875;
+  system.defaults.trackpad.Dragging = true;
+
+  # Finder
+  system.defaults.finder.AppleShowAllExtensions = true;
+  system.defaults.finder.ShowPathbar = true;
+
+  # Other
+  system.startup.chime = false;
+
+  users.users.${host.username} = {
+    home = "/Users/${host.username}";
+    shell = pkgs.fish;
+  };
+  programs.fish.enable = true;
+
+  homebrew = {
+    enable = true;
+    casks = (import ./cask.nix) ++ (lib.attrByPath [ "extras" "casks" ] [ ] host);
+    taps = [ "lihaoyun6/tap" ];
+    onActivation = {
+      autoUpdate = true;
+      cleanup = "zap";
+    };
+  };
+}

files/git/gitconfig

@@ -10,12 +10,6 @@
 [commit]
 	gpgsign = false
 
-[includeIf "gitdir:/Users/nicco/"]
-	path = "~/.dotfiles/files/git/config.personal"
-
-[includeIf "gitdir:/Users/niccoloborgioli/"]
-	path = "~/.dotfiles/files/git/config.work"
-
 [pull]
 	rebase = false
 
@@ -25,3 +19,6 @@
 	sort = -committerdate
 [alias]
 	fpush = push --force-with-lease
+
+[include]
+    path = ~/.gitconfig.local

flake.lock

@@ -7,11 +7,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1737461688,
-        "narHash": "sha256-zQCFe5FcSSGzY3qauAAHZcPt7Ej4WSGo78ShSTCSBvU=",
+        "lastModified": 1741543064,
+        "narHash": "sha256-AjXyS3ACxWAd+h3NSkrflN+uC0Tq1XFqox472RF6yh0=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "bb14224f51ae4caed12a7b26f245d042c8cf8553",
+        "rev": "db4386d686fb0b2788e7422e6a2299deace9c4b1",
         "type": "github"
       },
       "original": {
@@ -27,11 +27,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1737423230,
-        "narHash": "sha256-WEOiNmkcmlaeXy2HGW1PYxYmCPiHdsI7a7SpjhBYxRg=",
+        "lastModified": 1741229100,
+        "narHash": "sha256-0HwrTDXp9buEwal/1ymK9uQmzUD5ozIA7CJGqnT/gLs=",
         "owner": "LnL7",
         "repo": "nix-darwin",
-        "rev": "46d0fa4ded0a7532f19870f9bbedaf62269fe3f7",
+        "rev": "adf5c88ba1fe21af5c083b4d655004431f20c5ab",
         "type": "github"
       },
       "original": {
@@ -42,11 +42,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1737370608,
-        "narHash": "sha256-hFA6SmioeqvGW/XvZa9bxniAeulksCOcj3kokdNT/YE=",
+        "lastModified": 1741402956,
+        "narHash": "sha256-y2hByvBM03s9T2fpeLjW6iprbxnhV9mJMmSwCHc41ZQ=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "300081d0cc72df578b02d914df941b8ec62240e6",
+        "rev": "ed0b1881565c1ffef490c10d663d4f542031dad3",
         "type": "github"
       },
       "original": {

flake.nix

@@ -1,5 +1,5 @@
 {
-  description = "Example nix-darwin system flake";
+  description = "Personal Nix configuration";
 
   inputs = {
     nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
@@ -12,97 +12,37 @@
   };
 
   outputs =
-    inputs@{
+    {
       self,
       nix-darwin,
       nixpkgs,
       home-manager,
     }:
     let
-      configuration =
-        { pkgs, ... }:
-        {
-          nix.settings.experimental-features = "nix-command flakes";
-
-          # Set Git commit hash for darwin-version.
-          system.configurationRevision = self.rev or self.dirtyRev or null;
-
-          # Used for backwards compatibility, please read the changelog before changing.
-          # $ darwin-rebuild changelog
-          system.stateVersion = 5;
-          nixpkgs.hostPlatform = "aarch64-darwin";
-          nixpkgs.config.allowUnfree = true;
-
-          # Nix Darwin
-          # https://daiderd.com/nix-darwin/manual/index.html
-          environment.systemPackages = [ ];
-
-          # Security
-          system.defaults.screensaver.askForPassword = true;
-          system.defaults.screensaver.askForPasswordDelay = 0;
-          system.defaults.loginwindow.GuestEnabled = false;
-
-          # Dock
-          system.defaults.dock.autohide = true;
-          system.defaults.dock.orientation = "left";
-          system.defaults.dock.show-recents = false;
-          system.defaults.dock.persistent-apps = [
-            "/Applications/Arc.app"
-            "/Applications/Ghostty.app"
-            "/Applications/VSCodium.app"
-            "/Applications/Spotify.app"
-            "/System/Applications/System Settings.app"
-          ];
-          system.defaults.dock.persistent-others = [ ];
-
-          # Input devices
-          system.keyboard.enableKeyMapping = true;
-          system.keyboard.remapCapsLockToEscape = true;
-          system.defaults.NSGlobalDomain.InitialKeyRepeat = 25;
-          system.defaults.NSGlobalDomain.KeyRepeat = 2;
-          system.defaults.NSGlobalDomain."com.apple.mouse.tapBehavior" = 1;
-          system.defaults.NSGlobalDomain."com.apple.trackpad.scaling" = 0.875;
-          system.defaults.trackpad.Dragging = true;
-
-          # Finder
-          system.defaults.finder.AppleShowAllExtensions = true;
-          system.defaults.finder.ShowPathbar = true;
-
-          # Other
-          system.startup.chime = false;
-
-          users.users."niccoloborgioli" = {
-            home = "/Users/niccoloborgioli";
-            shell = pkgs.fish;
-          };
-          programs.fish.enable = true;
-
-          homebrew.enable = true;
-          homebrew.casks = import ./cask.nix;
-          homebrew.taps = [ "lihaoyun6/tap" ];
-          homebrew.onActivation.autoUpdate = true;
-          homebrew.onActivation.cleanup = "zap";
-
-          # Home Manager
-          home-manager.backupFileExtension = "backup";
-        };
+      hosts = import ./hosts;
+      inherit (builtins) listToAttrs;
     in
     {
-      # Build darwin flake using:
-      # $ darwin-rebuild build --flake .#Niccolo-Borgioli-s-MacBook-Pro
-      darwinConfigurations."mbp" = nix-darwin.lib.darwinSystem {
-        modules = [
-          configuration
-          home-manager.darwinModules.home-manager
-          {
-            home-manager.useGlobalPkgs = true;
-            home-manager.useUserPackages = true;
-            home-manager.users.niccoloborgioli = import ./home.nix;
-          }
-        ];
-      };
-
-      # Expose the package set, including overlays, for convenience.
-      darwinPackages = self.darwinConfigurations."mbp".pkgs;
+      darwinConfigurations = listToAttrs (
+        map (host: {
+          name = host.hostName;
+          value = nix-darwin.lib.darwinSystem {
+            specialArgs = {
+              inherit host;
+              flake = self;
+            };
+            modules = [
+              (import ./darwin.nix)
+              home-manager.darwinModules.home-manager
+              {
+                home-manager.backupFileExtension = "backup";
+                home-manager.useGlobalPkgs = true;
+                home-manager.useUserPackages = true;
+                home-manager.users.${host.username} = import ./home/home.nix { inherit host; };
+              }
+            ];
+          };
+        }) hosts
+      );
     };
 }

home.nix

@@ -1,132 +0,0 @@
-{ config, pkgs, ... }:
-
-{
-  # https://nix-community.github.io/home-manager
-  home.stateVersion = "24.11"; # Please read the comment before changing.
-  programs.home-manager.enable = true;
-
-  home.username = "niccoloborgioli";
-  home.homeDirectory = "/Users/niccoloborgioli";
-
-  home.packages = [
-    pkgs.tmux
-    pkgs.oh-my-posh
-    pkgs.git
-    pkgs.git-lfs
-    pkgs.git-crypt
-    pkgs.bfg-repo-cleaner
-    pkgs.gnutar
-    pkgs.gnupg
-    pkgs.htop
-    pkgs.rclone
-    pkgs.rename
-    pkgs.tmux
-    pkgs.tree
-    pkgs.wget
-    pkgs.woff2
-    pkgs.bat
-    pkgs.rsync
-    pkgs.direnv
-    pkgs.zoxide
-    pkgs.devenv
-    #pkgs.bitwarden-cli
-
-    # Editor
-    pkgs.neovim
-    pkgs.fzf
-    pkgs.lazygit
-    pkgs.lua
-    pkgs.luajitPackages.luarocks
-    pkgs.ast-grep
-    pkgs.ripgrep
-
-    # Language specific
-    pkgs.nixfmt-rfc-style
-    pkgs.fnm
-    pkgs.bun
-    pkgs.deno
-    pkgs.zig
-    pkgs.uv
-    pkgs.ruff
-    pkgs.tectonic
-    pkgs.tex-fmt
-    pkgs.rustup
-
-    # Codding
-    pkgs.nixpacks
-
-    # sflx
-    pkgs.vault
-    pkgs.cocoapods
-    pkgs.phrase-cli
-    pkgs.boundary
-
-    pkgs.nerd-fonts.jetbrains-mono
-  ];
-
-  fonts.fontconfig.enable = true;
-
-  home.sessionVariables = {
-    EDITOR = "nvim";
-  };
-
-  home.file = {
-    ".config/omp/config.yaml".source = ./files/omp/config.yaml;
-    ".config/ghostty/config".source = ./files/ghostty/config;
-    ".gitconfig".source = ./files/git/gitconfig;
-    ".gitignore_global".source = ./files/git/gitignore_global;
-    ".config/nvim".source = ./files/nvim;
-  };
-
-  home.shellAliases = {
-    l = "ls -hal";
-    dc = "docker compose";
-    rsync = "rsync -az --info=progress2";
-    t = "tmux new-session -A -s main";
-    e = "nvim";
-    hms = "home-manager switch --flake ~/nix#root -b backup";
-    snd = "darwin-rebuild switch --flake ~/.config/nix-darwin#mbp";
-  };
-
-  programs.fish = {
-    enable = true;
-    interactiveShellInit = ''
-      if type -q oh-my-posh
-        oh-my-posh init fish --config ~/.config/omp/config.yaml | source
-      end
-      if type -q fnm
-        fnm env --use-on-cd | source
-      end
-      if type -q direnv
-        direnv hook fish | source
-      end
-      if type -q zoxide
-        zoxide init fish | source
-      end
-    '';
-  };
-  programs.bash = {
-    enable = true;
-  };
-  programs.tmux = {
-    enable = true;
-    clock24 = true;
-    mouse = true;
-    extraConfig = ''
-      # switch panes using Alt-arrow without prefix
-      bind -n M-Left select-pane -L
-      bind -n M-Right select-pane -R
-      bind -n M-Up select-pane -U
-      bind -n M-Down select-pane -D
-
-      # switch panes using jkhl
-      bind h select-pane -L
-      bind l select-pane -R
-      bind j select-pane -U
-      bind k select-pane -D
-    '';
-    shell = "${pkgs.fish}/bin/fish";
-    terminal = "tmux-256color";
-  };
-
-}

home/home.nix

@@ -0,0 +1,91 @@
+{ host }:
+{
+  pkgs,
+  lib,
+  config,
+  sops-nix,
+  ...
+}:
+{
+  # https://nix-community.github.io/home-manager
+  home.stateVersion = "25.05";
+  programs.home-manager.enable = true;
+
+  home.username = host.username;
+  home.homeDirectory = "/Users/${host.username}";
+
+  home.packages =
+    (import ./pkgs.nix { inherit pkgs; })
+    ++ ((lib.attrByPath [ "extras" "pkgs" ] (pkgs: [ ]) host) pkgs);
+
+  fonts.fontconfig.enable = true;
+
+  home = {
+    sessionVariables = {
+      EDITOR = "nvim";
+    };
+
+    file = {
+      ".config/omp/config.yaml".source = ../files/omp/config.yaml;
+      ".config/ghostty/config".source = ../files/ghostty/config;
+      ".gitconfig".source = ../files/git/gitconfig;
+      ".gitignore_global".source = ../files/git/gitignore_global;
+      ".gitconfig.local".source = ../files/git/config.work;
+      ".config/nvim".source = ../files/nvim;
+
+      # Secrets
+      ".ssh/config".source = ../secrets/ssh/config;
+    };
+
+    shellAliases = {
+      l = "ls -hal";
+      dc = "docker compose";
+      rsync = "rsync -az --info=progress2";
+      t = "tmux new-session -A -s main";
+      e = "nvim";
+      g = "lazygit";
+      d = "lazydocker";
+      vai = "darwin-rebuild switch --flake ~/.config/nix-macos#${host.hostName}";
+    };
+  };
+
+  programs = {
+    direnv.enable = true;
+    zoxide.enable = true;
+
+    fish = {
+      enable = true;
+      interactiveShellInit = ''
+        if type -q oh-my-posh
+          oh-my-posh init fish --config ~/.config/omp/config.yaml | source
+        end
+        if type -q fnm
+          fnm env --use-on-cd | source
+        end
+      '';
+    };
+    bash = {
+      enable = true;
+    };
+    tmux = {
+      enable = true;
+      clock24 = true;
+      mouse = true;
+      extraConfig = ''
+        # switch panes using Alt-arrow without prefix
+        bind -n M-Left select-pane -L
+        bind -n M-Right select-pane -R
+        bind -n M-Up select-pane -U
+        bind -n M-Down select-pane -D
+
+        # switch panes using jkhl
+        bind h select-pane -L
+        bind l select-pane -R
+        bind j select-pane -U
+        bind k select-pane -D
+      '';
+      shell = "${pkgs.fish}/bin/fish";
+      terminal = "tmux-256color";
+    };
+  };
+}

home/pkgs.nix

@@ -0,0 +1,61 @@
+{ pkgs }:
+with pkgs;
+[
+  # Base
+  tmux
+  oh-my-posh
+  git
+  git-lfs
+  git-crypt
+  gh
+  bfg-repo-cleaner
+  gnutar
+  gnupg
+  htop
+  btop
+  rclone
+  rename
+  tmux
+  tree
+  wget
+  woff2
+  bat
+  rsync
+  sops
+
+  # Dev
+  devenv
+  nixpacks
+  ollama
+  colima
+  lazydocker
+  exercism
+
+  # Editor
+  neovim
+  fzf
+  lazygit
+  lua
+  luajitPackages.luarocks
+  ast-grep
+  ripgrep
+
+  # Language specific
+  nixfmt-rfc-style
+  fnm
+  bun
+  deno
+  zig
+  uv
+  ruff
+  tectonic
+  tex-fmt
+  rustup
+  shfmt
+  ruby
+  ruby-lsp
+  rubyPackages.prism
+
+  # Fonts
+  nerd-fonts.jetbrains-mono
+]

hosts/default.nix

@@ -0,0 +1,4 @@
+[
+  (import ./mac14.nix)
+  (import ./mac16.nix)
+]

hosts/mac14.nix

@@ -0,0 +1,5 @@
+{
+  username = "cupcakearmy";
+  hostName = "mac14";
+  platform = "aarch64-darwin";
+}

hosts/mac16.nix

@@ -0,0 +1,27 @@
+{
+  username = "niccoloborgioli";
+  hostName = "mac16";
+  platform = "aarch64-darwin";
+
+  extras = {
+    casks = [
+      "phpstorm"
+      "datagrip"
+      "tailscale"
+      "android-studio"
+    ];
+    pkgs =
+      pkgs: with pkgs; [
+        vault
+        cocoapods
+        phrase-cli
+        boundary
+        awscli2
+        fastlane
+        jdk
+        android-tools
+        sdkmanager
+        _1password-cli
+      ];
+  };
+}