Dotfiles

My personal dotfiles for macOS.

Key Tools & Configurations

• System Management: Nix-Darwin (declarative macOS settings + packages)
• Package Management: Homebrew (managed via Nix-Darwin)
• Dotfiles Management: Chezmoi
• Secrets Management: Bitwarden via rbw (hash-based caching)
• Language/Environment Management: Mise
• Window Management: Aerospace (tiling WM), Sketchybar (status bar)
• File Manager: Yazi
• Terminal: Ghostty
• Shell: Zsh with Starship prompt (transient), Atuin (shell history)
• Editor: Neovim (LazyVim)
• Multiplexer: Tmux with Sesh session management
• Version Control: Git worktrees with Treekanga CLI, Delta pager, Lazygit TUI
• Keyboard: Kanata (laptop remapping), custom zmk layouts for Glove80 & Corne (external keyboards)

Bootstrap New Mac (Apple Silicon)

Click to expand bootstrap instructions

Step 1: System setup (Nix + nix-darwin)

Installs Nix package manager, nix-darwin system configuration, and Homebrew packages:

curl -fsSL https://raw.githubusercontent.com/gnohj/dotfiles/main/system-setup.sh | bash

This will:

• Install Nix package manager (Determinate Systems installer)
• Clone dotfiles repository via Chezmoi
• Install nix-darwin for declarative macOS configuration
• Install all packages defined in ~/.nix/ (Nix packages + Homebrew apps)

Note: You'll be prompted for your password once at the start for sudo access.

Step 2: User setup (dotfiles + development tools)

Applies dotfiles and installs language runtimes via mise:

curl -fsSL https://raw.githubusercontent.com/gnohj/dotfiles/main/user-setup.sh | bash -s -- your_bitwarden_email@example.com

This will:

• Fetch GH SSH key from Bitwarden (requires master password)
• Apply all dotfiles via Chezmoi (~/.config/, ~/.zshrc, etc.)
• Install language runtimes via mise (Node, Python, Go, Rust, etc.)
• Set up environment secrets from Bitwarden (API keys, tokens)
• Set up shell configuration

Update Existing Mac (Apple Silicon)

Click to expand update instructions

1. Nix-Darwin (System Management)

Understanding Package Pinning

This setup uses a hybrid approach for reproducibility:

• Nix packages (CLI dev tools): Pinned via flake.lock

  • ✅ Reproducible across machines and time
  • ✅ Same versions until you explicitly update

• Homebrew packages (macOS apps + utilities): Floating versions

  • ⚠️ Gets latest from Homebrew on install/update
  • ⚠️ Not reproducible, but always up-to-date

Rebuild without updating packages

Uses existing pinned versions from flake.lock:

darwin-rebuild switch --flake ~/.nix

Update Nix packages to latest

Updates flake.lock to newest nixpkgs snapshot:

# Update all flake inputs (nixpkgs + nix-darwin)
nix flake update ~/.nix
darwin-rebuild switch --flake ~/.nix

# Or update only nixpkgs
nix flake update ~/.nix nixpkgs
darwin-rebuild switch --flake ~/.nix

Update Homebrew packages

Currently onActivation.upgrade = false, so manual updates:

# Update specific package
brew upgrade ghostty
brew upgrade --cask brave-browser

# Update all packages
brew upgrade
brew upgrade --cask

Clean up old generations:

nix-collect-garbage -d

2. Chezmoi (Dotfiles Management)

Apply latest dotfiles:

chezmoi apply

Update from remote and apply:

chezmoi update

Refresh secrets from Bitwarden:

Secrets are automatically refreshed when the secret list changes. To force a refresh after changing a password value:

rbw sync && chezmoi apply --force

3. Mise (Language/Environment Management)

List outdated languages:

mise outdated

Install/update all languages from config:

mise install

Upgrade a specific language runtime:

mise upgrade node@20.2.0
mise upgrade python

Upgrade all language runtimes to latest versions:

mise upgrade

4. Mac App Store (mas)

List outdated apps:

mas outdated

Upgrade all App Store apps:

mas upgrade

Upgrade a specific app:

mas upgrade <app-id>