These are my dotfiles.
Name machine first — hostname is used by nix-darwin and chezmoi templating
./hostname.shThen install Nix, Homebrew, and chezmoi
./bootstrap.shConfigure /etc/nix/nix.custom.conf (Determinate Nix preserves this across upgrades):
echo 'trusted-users = oliver' | sudo tee -a /etc/nix/nix.custom.conf
echo 'extra-substituters = https://nixos-raspberrypi.cachix.org' | sudo tee -a /etc/nix/nix.custom.conf
echo 'extra-trusted-public-keys = nixos-raspberrypi.cachix.org-1:4iMO9LXa8BqhU+Rpg6LQKiGa2lsNh/j2oiYLNOQ5sPI=' | sudo tee -a /etc/nix/nix.custom.conf
sudo launchctl kickstart -k system/systems.determinate.nix-daemonCreate the machine-local identity file (name, email, SSH key, timezone — never committed):
task nix-setup-localOnce the nix-darwin flake is set up, apply it with
sudo nix run nix-darwin -- switch --flake "~/nix#$(hostname -s)"Subsequent runs use
task nix-maxSetup 1Password and sync the vaults, then initialize chezmoi
chezmoi init oschrenk/dotfiles
Certain files require age decryption. You will be asked a few questions.
These answers are stored in 1Password under
- "Chezmoi / Age / Key" and
- "Meli / Personal / Oauth"
Age identity file location?
Age public key?
...
Personal Google OAuth Client ID?
Pull binary assets
chezmoi cd
git lfs pull
Apply
chezmoi apply
Follow the on-screen instructions. You will sometimes be asked for a password. Downloading and compiling all the various applications and packages will take roughly 1 hour.
After casks are installed you can already start important apps and configure them
- App Store
- log into iCloud if needed
- 1Password
- Security > Touch Id
- Security > Apple Watch.
- Developer > Use the SSH Agent
- Developer > Enable Biometric Unlock
- Ghostty
- SystemSettings > "Privacy & Security > Full disk access..." Allow for ...
- Arc
- open profiles, and log into services
- Atuin
atuin login
- Karabiner Elements.
- Open. Read "System Extensions Blocked" popup. Click on "Open Security Preferences" and press "Allow".
- IntelliJ.
- Configure plugins.
- AutoDarkMode
- Harpooner
- Hocon
- Ideavim
- Key Promoter
- Kotlin
- Scala
- Change settings
- Don't send statistics
- Configure plugins.
- Photos
- Open to synchronize data
- Spotify
- download "Liked Songs"
- sketchybar
brew services start sketchybar
Login:
- Discord
- Slack
Link device:
- Signal
- Telegram
Setup all git projects
- requires ssh key (via 1Password)
- requires
arbol
mkdir ~/Projects
arbol sync
task brewInstall taps/brews/appstask cargoInstall cratestask extensionsInstall Arc Browser extensionstask goInstall go appstask iconsInstall iconstask luaInstall lua rockstask nodeInstall node toolstask ollamaInstall ollama models
nix/local.nix has an empty blob staged via --intent-to-add that disagrees with the working tree, blocking autostash. Unguard it, rebase, then guard again:
task nix-unguard-local
git rebase --interactive HEAD~N
task nix-guard-localBinary caches defined in a flake's nixConfig are ignored unless the invoking user is trusted and accept-flake-config is set. The fix is to add the cache directly to /etc/nix/nix.custom.conf (which Determinate Nix preserves across upgrades) and restart the daemon:
echo 'extra-substituters = https://example.cachix.org' | sudo tee -a /etc/nix/nix.custom.conf
echo 'extra-trusted-public-keys = example.cachix.org-1:...' | sudo tee -a /etc/nix/nix.custom.conf
sudo launchctl kickstart -k system/systems.determinate.nix-daemonbrew install steam
Steam is the last application (I use) not offering a native arm variant for macOS
# install rosetta 2
# system_profiler SPApplicationsDataType -json | jq -r '.SPApplicationsDataType[] | select (.arch_kind == "arch_i64") | ._name ' | sort
#
# needed for
# Steam
# Steam Helper
softwareupdate --install-rosetta --agree-to-license