HN

Need help?
<- Back
Going immutable on macOS, using Nix-Darwin

Going immutable on macOS, using Nix-Darwin

weird_trousers

Comments (43)

  • pedrozieg
    A useful way to frame this isn’t “is it worth tens of hours to avoid a future reinstall” but “where do I want my entropy to live”. You’re going to invest time somewhere: either in a slowly-accumulating pile of invisible state (brew, manual configs, random installers) or in a config that you can diff, review and roll back. The former feels free until you hit some cursed PATH/SSL/toolchain issue at 11pm and realize you’ve been paying that tax all along, just in tiny, forgotten increments.I think where Nix shines isn’t “one laptop every 6 years” but when your environment needs to be shared or recreated: multiple machines, a team, or a project with nasty native deps. At that point, nix-darwin + dev shells becomes infrastructure, not a hobby. You don’t have to go all-in on “my whole Mac is Nix” either: keep GUI apps and casual tools imperative, and treat Nix as the source of truth for the stuff that actually blocks you from doing work. That hybrid model matches what the article hints at and tends to give you most of the upside without turning your personal laptop into a second job.
  • JulianWasTaken
    I've tried nix-darwin a time or two in the past. Every few years when homebrew makes a "hostile" change and I get upset I consider trying it again (now most recently with changes to gatekeeper). I think I'll get to doing so in the next year or so.But I think just in fairness, the comparison here for flakes should be to Homebrew bundles. My packages are managed in a bundle: https://github.com/Julian/dotfiles/blob/main/Brewfile and then locked by a lockfile: https://github.com/Julian/dotfiles/blob/main/Brewfile.lock.j... and installing is just `brew bundle install`. All native Homebrew functionality. In practice I have never had an issue with non-reproducible builds across my machines (partly because the tendency on macOS is to run the latest versions of things and stay up to date).(But again I do find nix-darwin interesting to try for other reasons.)
  • otikik
    I see this:> The consequence is me, spending a few hours debugging my environment instead of writing code.But then I also see this:> I’ve spent a lot of time recently moving my entire workflow into a declarative system using nix.I can see how this can be beneficial for someone who switches systems very often, reinstalls their OS from scratch very often, or just derives a lot of pleasure/peace of mind knowing that their dev env is immutable.I change computers once every 6 years or so, maybe more. To me this looks like exchanging a couple (hypothetical) hours of debugging 6 years in the future by tens of (guaranteed) hours trying to climb up the nix learning cliff.I am happy that it works for the author though, and knowing that it's possible is good in case my particular development circumstances change.
  • ncrmro
    The real game changer after I went full nix OS on all my machines and using it on a a few Mac’s is indeed devshells which seemed so annoying to learn but really really are a game changer
  • bryceneal
    I do this too. It's not for everyone. At this point it's easily been positive ROI for me, but that's after about two years now of maintaining my configs through multiple machines and MacOS upgrades.I would recommend it only if this type of thing naturally interests you. I can't imagine powering through the initial learning curve if it felt like a frustrating chore.That said, if having (most of) your machine defined declaratively in a git repository sounds exciting/useful/comfy, then I would encourage you to give it a try. You can start small by just configuring a few programs or options and see how you like it.I wrote more about my experience here where I also link to my configs: https://bryce.is/writing/code/fully-nix-pilled
  • CraigJPerry
    only thing i'd add is mas for mac app store apps you want to ensure are installed but otherwise i run pretty much the same setup.When i install a fresh macos i have two commands to run - install nix using the determinate systems installer, then apply my nix config.It's not quite as streamlined as nixos but good enough.My biggest remaining pain point is dev envs - i've been leaning into adding a flake in each project, so for example i have a single project that's written in scala 2.13, when i cd into that project dir, the correct jvm version, sbt, intellij etc are installed, some useful env vars and shell aliases etc. - that's all great (i haven't felt the need to adopt denenv.sh or flox yet) but i do find myself wanting a devcontainer sandbox workflow more often these days (blame cli coding "agents"), i lean on vscode for that rather than nix so far. In python (where i spend a lot more time) uv loses a lot of value in nix and i don't like that.
  • zero0529
    I did this for a while but MacOS updates broke Nix often enough that I usually would spent some time every week reinstalling it. I still use Nix for dev environments because it is great but Nix still breaks sometimes.I also really wanted to like the declarative homebrew configuration but it also often didn’t work as expected for some configurations and had a lot of leaky abstractions that straight up just broke sometimes.If I ever go back to managing my Mac with nix I would probably just do a home-manager setup and just install most of the applications imperatively.Given this was using an intel based machine around the time when the switch to arm came so a lot of breakage also stemmed from that.I still use nix to handle my homelab.My setup up on my Mac is as follows:- Orbstack- NixOS machine run in orbstack- My whole dev environment is run from this container and is very transportable- GUI apps are installed on my Mac using the App Store or homebrew etc. but I try to reduce the amount of installed applications- if I have to install something that I don’t want to install but have to, I try to do it in a UTM machine.
  • marliechiller
    Ive been using nix-darwin for over a year now after using nixos with flakes for a bit. I now have a singular repo with multiple machine configurations. Nixos for my home server, nix darwin on a macbook air and a nix darwin with a work config. This allows me to have common programs on all machines but also overlay some specialised packages and programs in certain environments. After climbing the initial mountain, its been very satisfying and things just work. My work laptop died recently and I was able to be fully up to speed in a fraction of the time it would have taken me otherwise.
  • turtleyacht
    It would be nice to set up immutable config down to the granularity of a git commit, sharing it as a single file, and be able to reproduce that setup on anyone's machine. Instant onboarding and mirrored production (barring secrets).
  • exitb
    How well does nix-darwin survive macOS updates?
  • fredrikaverpil
    I’m using nix to set up both my dev laptop (macOS) but also my self-hosting/homelab (NixOS). It works really well, and nice to have one way to set stuff up. And they are both synced up with the stuff I want to be mirrored across systems.
  • pjmlp
    I see these kind of posts like using Gentoo, cool that some people are having fun, not for me, using computers the mid-80's I have better yaks to shave.
  • dsfdsfdd
    So I will be doing configuraions instead of work. Thanks but no thanks.This is just procrastination.
  • KingMob
    I tried nix-darwin for half a year, and ran into endless problems: poor docs, huge default disk usage, non-trivial to customize, etc. After 6 months, I eventually went back to a mix of Homebrew and mise, which does most of what I need for <1% of the hassle.I still believe something like nix is the future of building software, I'm just not sure it'll be nix itself.
  • undeveloper
    Interesting, and good luck to OP. I feel a little clickbaited, cause I was hoping for a port of stateless infra (although it may be of little use on a (dev machine :p) [1]1: https://grahamc.com/blog/erase-your-darlings/