This config exists because I was tired of:
- Opening a new laptop/machine and spending a whole day setting it up
- Having different versions of dotfiles scattered everywhere
- Forgetting what I installed or changed on my machine
- Trying to remember "what was that package again?"
- Making things work on one machine but break on another
- Having my work and personal setups drift apart
So I made this. It's basically my entire system written in Nix - one config that:
- Sets up everything the same way, every time
- Works on all my Macs (it's Darwin/macOS focused, but you can tweak it for other systems)
- Keeps my work and personal setups in sync, but separate when needed
- 🛠 Development environments for multiple languages
- 💻 Go, Python, Rust, Lua, PHP, Node.js, Nix
- 📝 Extensive Neovim configuration with LSP support (NixVim)
- 🐟 Fish shell with custom configuration
- 🔐 Secure secret management with sops-nix
- 📦 Reproducible package management
- 🖥️ Cross-machine configuration (work/personal)
- 🪟 macOS window management with Yabai and SKHD
- 🎨 Custom status bar with SketchyBar WIP
cosmic/
├── lib/ # Helper functions
│ ├── default.nix # Library entry point
│ └── utils.nix # Utility functions
├── nix/ # Core configuration
│ ├── darwin/ # Darwin-specific settings
│ │ ├── services/ # System services (yabai, skhd, etc.)
│ │ └── system.nix # System configuration
│ ├── devShells/ # Development environments
│ ├── home-manager/ # Home Manager configuration
│ │ └── modules/ # Home Manager modules
├── nixvim/ # Neovim configuration
│ └── config/ # NixVim modules
├── overlays/ # Custom package overlays
│ └── pkgs/ # Custom packages
└── secrets/ # Encrypted secrets
This command installs the Nix package manager based on the DeterminateSystem/nix-installer, based on the explanation by the Zero to Nix, it gives better error messages, an installation plan (like Terraform), and other cool features that bring a better installation experience for you.
Just follow the step by step of the installation flow and everything will be fine.
curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- installAfter installation, restart your terminal.
Create or edit ~/.config/nix/nix.conf:
experimental-features = nix-command flakesgit clone https://github.com/Ervan0707/cosmic.git
cd cosmicWhen using SSH keys to generate age keys, only Ed25519 keys are supported. RSA or other key types are not compatible.
Generate a new age key (Option 1):
# Create directory for age keys
mkdir -p ~/.config/sops/age
# Generate new key
nix shell nixpkgs#age -c age-keygen -o ~/.config/sops/age/keys.txtGenerate from existing SSH key (Option 2 - Only for Ed25519):
# Ensure you're using an Ed25519 key
# Your SSH key should look like this when you cat it:
# -----BEGIN OPENSSH PRIVATE KEY-----
# ... (key contents)
# -----END OPENSSH PRIVATE KEY-----
# The public key should start with 'ssh-ed25519'
# Convert Ed25519 SSH key to age key
nix run nixpkgs#ssh-to-age -- -private-key -i ~/.ssh/id_ed25519 > ~/.config/sops/age/keys.txt
# If you don't have an Ed25519 key, create one:
ssh-keygen -t ed25519 -C "[email protected]"Get the public key for .sops.yaml:
nix shell nixpkgs#age -c age-keygen -y ~/.config/sops/age/keys.txtThe output will look something like:
age1xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Update .sops.yaml with your public key:
keys:
- &personal age1xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx # your public key hereTest your setup:
# Try to view encrypted secrets (Note: You won't be able to decrypt existing secrets)
SOPS_AGE_KEY_FILE=~/.config/sops/age/keys.txt sops -d secrets/personal.yaml
# Create new encrypted secrets with your key
SOPS_AGE_KEY_FILE=~/.config/sops/age/keys.txt sops secrets/personal.yamlThe existing encrypted secrets in this repository are encrypted with a different key, so you'll need to create your own encrypted secrets. The default template includes:
github_token: "your-github-token"
codestats_api_key: "your-codestats-api-key"
email: "your-email"
username: "your-username"After saving, your secrets will be encrypted with your key and can be safely committed to the repository.
Remember to create both personal.yaml and work.yaml if you're using both configurations.
Edit the following files according to your needs:
lib/utils.nix: Update system configurationssecrets/personal.yaml: Personal secretssecrets/work.yaml: Work-related secrets
This includes both nix-darwin (system configuration) and home-manager:
# For work setup
nix build .#darwinConfigurations.work.system
./result/sw/bin/darwin-rebuild switch --flake .#work
# For personal setup
nix build .#darwinConfigurations.personal.system
./result/sw/bin/darwin-rebuild switch --flake .#personalAfter the initial build, you can use the shorter form:
darwin-rebuild switch --flake .#work # or .#personalIf you only want to manage user-level configuration without system modifications:
# For work setup
nix build .#homeConfigurations.work.activationPackage
./result/activate
# For personal setup
nix build .#homeConfigurations.personal.activationPackage
./result/activateNote: Using nix-darwin (Option A) is recommended for macOS as it provides:
- System-level configuration (keyboard, dock, etc.)
- Window management with Yabai
- Custom status bar with SketchyBar
- Keyboard shortcuts with SKHD
- Touch ID integration
- System-wide package management
Choose Option B if you:
- Only need user-level configuration
- Are using a non-macOS system
- Don't want to modify system settings
- Need a more portable configuration
Enter different development environments:
# Full development environment
nix develop .
# Language-specific environments
nix develop .#go
nix develop .#python
nix develop .#rust
nix develop .#lua
nix develop .#php
nix develop .#node
nix develop .#nixThe Neovim configuration includes:
- LSP support for multiple languages
- Code completion with nvim-cmp
- Telescope for fuzzy finding
- Git integration with gitsigns
- File explorer with nvim-tree
- Beautiful UI with Gruvbox themes
- Custom keybindings with which-key
Access Neovim:
# Use the configured Neovim
nix run .#nixvimUpdate Nix flake inputs:
nix flake updateRun configurations directly from GitHub without cloning:
# Run Neovim configuration
nix run github:Ervan0707/cosmic#nixvim
# Build and activate complete configuration (includes both nix-darwin and home-manager)
nix build github:Ervan0707/cosmic#darwinConfigurations.work.system
./result/sw/bin/darwin-rebuild switch --flake github:Ervan0707/cosmic#work
nix build github:Ervan0707/cosmic#darwinConfigurations.personal.system
./result/sw/bin/darwin-rebuild switch --flake github:Ervan0707/cosmic#personal
# For non-macOS systems only: build home-manager configuration
nix build github:Ervan0707/cosmic#homeConfigurations.work.activationPackage
nix build github:Ervan0707/cosmic#homeConfigurations.personal.activationPackageNote: For macOS users, use the nix-darwin configurations as they automatically include home-manager settings. The home-manager only configurations are provided separately for non-macOS systems or special use cases.
Note: After activating nix-darwin and home-manager configurations, your system will inherit:
System Level (nix-darwin):
- 🪟 Yabai window management
- ⌨️ SKHD keyboard shortcuts
- 📊 SketchyBar
- 🔒 Touch ID for sudo authentication
- ⚡️ System-wide keyboard settings
- 🖥️ macOS system preferences
User Level (home-manager):
- 🐟 Fish shell with custom configuration
- 🔐 Decrypted secrets as environment variables
- 🔧 Git with separate work/personal profiles
- 📝 Development tools and language servers
- ⌨️ Tmux with custom configuration
- 🚀 Neovim with full IDE setup
- 📦 User-specific packages
Development Environments:
- 💻 Language-specific toolchains
- 🛠️ Project-specific dependencies
- 🔍 LSP and debugging tools
- 📚 Documentation tools
- 🧪 Testing frameworks