Initial Commit for mac testing

author: Ryan Schanzenbacher <ryan@rschanz.org> 2026-06-14 23:39:10 -0400
committer: Ryan Schanzenbacher <ryan@rschanz.org> 2026-06-14 23:39:10 -0400
commit: 9e70f144dde840fed8d8b485f9396638139ec310 (patch)
tree: 4473219575651064f213a5bd80cb6eae33b3862f /hosts/RyanMac
1 files changed, 212 insertions, 0 deletions
diff --git a/hosts/RyanMac/configuration.nix b/hosts/RyanMac/configuration.nix
new file mode 100644
index 0000000..572c534
--- /dev/null
+++ b/hosts/RyanMac/configuration.nix
@@ -0,0 +1,212 @@
+{ pkgs, inputs, ... }:
+let
+  username = "ryan";
+  defaultBrowser = "zen";
+  pinnedNixpkgs = pkgs.writeText "flake-registry.json" (builtins.toJSON {
+    version = 2;
+    flakes = [
+      {
+        from = { type = "indirect"; id = "nixpkgs"; };
+        to = {
+          type = "path";
+          path = inputs.nixpkgs.outPath;
+          lastModified = inputs.nixpkgs.lastModified;
+          narHash = inputs.nixpkgs.narHash;
+        };
+      }
+    ];
+  });
+in {
+  # Define the system's user and home dir location
+  users.users."${username}" = {
+    name = "${username}";
+    home = "/Users/${username}";
+  };
+  system.primaryUser = "${username}";
+  # Install the /etc/nix/flake-registry.json file we made above
+  environment.etc."nix/flake-registry.json".source = pinnedNixpkgs;
+  # Install RyanCA Root
+  security.pki.certificateFiles = [
+    ../../files/CACerts/RyanCA.crt
+  ];
+  # Need to disable native nix handling because of Determinate nix
+  determinateNix = {
+    enable = true;
+    customSettings = {
+      flake-registry = "/etc/nix/flake-registry.json";
+    };
+  };
+  # Determines the nix-darwin release compatibility
+  system.stateVersion = 6;
+  # System profile programs
+  programs = {
+        zsh.enable = true;
+  };
+  # Install homebrew casks/apps
+  homebrew = {
+    enable = true;
+    onActivation = {
+      cleanup = "zap";
+      extraFlags = [ "--force-cleanup" ];
+    };
+    casks = [
+      "utm"
+      "ghostty"
+      "zen"
+    ];
+  };
+  # Keyboard shortcuts using skhd
+  services.skhd = {
+    enable = true;
+    skhdConfig = ''
+      alt - d : osascript -e 'tell application "System Events" to key code 49 using {command down}'
+      alt - return : open -na /Applications/Ghostty.app
+    '';
+    };
+  # System configuration
+  time.timeZone = "America/New_York";
+  system.defaults = {
+    NSGlobalDomain = {
+      # 24 hour time
+      AppleICUForce24HourTime = true;
+      # Dark Mode
+      AppleInterfaceStyle = "Dark";
+      # Key repeat rate
+      KeyRepeat = 4;
+      InitialKeyRepeat = 30;
+      # Swap F1-12 to be default
+      "com.apple.keyboard.fnState" = true;
+      # Disable Keyboard bullcrap
+      NSAutomaticCapitalizationEnabled = false;
+      NSAutomaticDashSubstitutionEnabled = false;
+      NSAutomaticPeriodSubstitutionEnabled = false;
+      NSAutomaticQuoteSubstitutionEnabled = false;
+      NSAutomaticSpellingCorrectionEnabled = false;
+      ApplePressAndHoldEnabled = false;
+    };
+    # Control center stuff
+    controlcenter = {
+      BatteryShowPercentage = true;
+    };
+    # Clock settings
+    menuExtraClock = {
+      Show24Hour = true;
+      ShowDate = 1; # Always
+      ShowDayOfWeek = true;
+      ShowSeconds = true;
+    };
+    # Screen capture settings
+    screencapture = {
+      target = "clipboard";
+      type = "png";
+    };
+    # finder good settings
+    finder = {
+      AppleShowAllExtensions = true;
+      AppleShowAllFiles = true;
+      ShowPathbar = true;
+      FXEnableExtensionChangeWarning = false;
+      _FXShowPosixPathInTitle = true;
+      NewWindowTarget = "Home";
+      ShowExternalHardDrivesOnDesktop = false;
+      ShowHardDrivesOnDesktop = false;
+      ShowMountedServersOnDesktop = false;
+      ShowRemovableMediaOnDesktop = false;
+      ShowStatusBar = true;
+    };
+    # Login Window Settings
+    loginwindow = {
+      GuestEnabled = false;
+      DisableConsoleAccess = true;
+    };
+    # dock settings
+    dock = {
+      magnification = true;
+      largesize = 96;
+      tilesize = 32;
+      minimize-to-application = false;
+      orientation = "bottom";
+      autohide = true;
+      persistent-apps = [
+        { app = "/Applications/Zen.app"; }
+        #{ app = "/System/Applications/Launchpad.app"; }
+        { app = "/System/Applications/Messages.app"; }
+        { app = "/System/Applications/Facetime.app"; }
+        { app = "/System/Applications/Calendar.app"; }
+        { app = "/System/Applications/App Store.app"; }
+        { app = "/System/Applications/System Settings.app"; }
+        { app = "/Applications/UTM.app"; }
+      ];
+      persistent-others = [
+        { folder = { path = "/Users/${username}/Downloads"; showas = "grid"; arrangement = "date-created"; }; }
+        { folder = { path = "/Applications"; showas = "grid"; arrangement = "name"; }; }
+      ];
+      show-recents = false;
+    };
+    # Custom preferences
+    CustomUserPreferences = {
+      NSGlobalDomain = {
+        # Always show menu bar
+        AppleMenuBarVisibleInFullscreen = true;
+      };
+      "com.apple.symbolichotkeys" = {
+        AppleSymbolicHotKeys = {
+          "64" = {
+            enabled = true; # skhd needs this for its shortcut
+          };
+        };
+      };
+    };
+  };
+  # Post-Activation scripts
+  system.activationScripts.postActivation.text = ''
+    echo "Configuring NTP servers..."
+    systemsetup -setnetworktimeserver pool.ntp.org > /dev/null 2>&1 || true
+    systemsetup -setusingnetworktime on > /dev/null 2>&1 || true
+    ryancasum="$(${pkgs.openssl}/bin/openssl x509 -in "${../../files/CACerts/RyanCA.crt}" -noout -fingerprint -sha1 | sed 's/.*=//; s/://g')"
+    if ! /usr/bin/security find-certificate -a -Z "/Library/Keychains/System.keychain" | tr -d ':' | grep -iq "$ryancasum"; then
+      echo "Installing RyanCA Certificate..."
+      /usr/bin/security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ${../../files/CACerts/RyanCA.crt}
+    fi
+    echo "Reloading Preferences DB..."
+    /System/Library/PrivateFrameworks/SystemAdministration.framework/Resources/activateSettings -u
+    echo "Setting default browser"
+    ${pkgs.defaultbrowser}/bin/defaultbrowser ${defaultBrowser}
+    # this is fragile so it goes at the bottom
+    echo "Reloading skhd..."
+    sudo -iu ${username} ${pkgs.skhd}/bin/skhd -r
+  '';
+}
author	Ryan Schanzenbacher <ryan@rschanz.org>	2026-06-14 23:39:10 -0400
committer	Ryan Schanzenbacher <ryan@rschanz.org>	2026-06-14 23:39:10 -0400
commit	9e70f144dde840fed8d8b485f9396638139ec310 (patch)
tree	4473219575651064f213a5bd80cb6eae33b3862f /hosts/RyanMac

diff --git a/hosts/RyanMac/configuration.nix b/hosts/RyanMac/configuration.nix new file mode 100644 index 0000000..572c534 --- /dev/null +++ b/hosts/RyanMac/configuration.nix
@@ -0,0 +1,212 @@
	1	{ pkgs, inputs, ... }:
	2	let
	3	username = "ryan";
	4
	5	defaultBrowser = "zen";
	6
	7	pinnedNixpkgs = pkgs.writeText "flake-registry.json" (builtins.toJSON {
	8	version = 2;
	9	flakes = [
	10	{
	11	from = { type = "indirect"; id = "nixpkgs"; };
	12	to = {
	13	type = "path";
	14	path = inputs.nixpkgs.outPath;
	15	lastModified = inputs.nixpkgs.lastModified;
	16	narHash = inputs.nixpkgs.narHash;
	17	};
	18	}
	19	];
	20	});
	21
	22	in {
	23	# Define the system's user and home dir location
	24	users.users."${username}" = {
	25	name = "${username}";
	26	home = "/Users/${username}";
	27	};
	28
	29	system.primaryUser = "${username}";
	30
	31	# Install the /etc/nix/flake-registry.json file we made above
	32	environment.etc."nix/flake-registry.json".source = pinnedNixpkgs;
	33
	34	# Install RyanCA Root
	35	security.pki.certificateFiles = [
	36	../../files/CACerts/RyanCA.crt
	37	];
	38
	39	# Need to disable native nix handling because of Determinate nix
	40	determinateNix = {
	41	enable = true;
	42	customSettings = {
	43	flake-registry = "/etc/nix/flake-registry.json";
	44	};
	45	};
	46
	47	# Determines the nix-darwin release compatibility
	48	system.stateVersion = 6;
	49
	50	# System profile programs
	51	programs = {
	52	zsh.enable = true;
	53	};
	54
	55	# Install homebrew casks/apps
	56	homebrew = {
	57	enable = true;
	58
	59	onActivation = {
	60	cleanup = "zap";
	61	extraFlags = [ "--force-cleanup" ];
	62	};
	63
	64	casks = [
	65	"utm"
	66	"ghostty"
	67	"zen"
	68	];
	69	};
	70
	71	# Keyboard shortcuts using skhd
	72	services.skhd = {
	73	enable = true;
	74	skhdConfig = ''
	75	alt - d : osascript -e 'tell application "System Events" to key code 49 using {command down}'
	76	alt - return : open -na /Applications/Ghostty.app
	77	'';
	78	};
	79
	80	# System configuration
	81	time.timeZone = "America/New_York";
	82
	83	system.defaults = {
	84	NSGlobalDomain = {
	85	# 24 hour time
	86	AppleICUForce24HourTime = true;
	87
	88	# Dark Mode
	89	AppleInterfaceStyle = "Dark";
	90
	91	# Key repeat rate
	92	KeyRepeat = 4;
	93	InitialKeyRepeat = 30;
	94
	95	# Swap F1-12 to be default
	96	"com.apple.keyboard.fnState" = true;
	97
	98	# Disable Keyboard bullcrap
	99	NSAutomaticCapitalizationEnabled = false;
	100	NSAutomaticDashSubstitutionEnabled = false;
	101	NSAutomaticPeriodSubstitutionEnabled = false;
	102	NSAutomaticQuoteSubstitutionEnabled = false;
	103	NSAutomaticSpellingCorrectionEnabled = false;
	104	ApplePressAndHoldEnabled = false;
	105	};
	106
	107	# Control center stuff
	108	controlcenter = {
	109	BatteryShowPercentage = true;
	110	};
	111
	112	# Clock settings
	113	menuExtraClock = {
	114	Show24Hour = true;
	115	ShowDate = 1; # Always
	116	ShowDayOfWeek = true;
	117	ShowSeconds = true;
	118	};
	119
	120	# Screen capture settings
	121	screencapture = {
	122	target = "clipboard";
	123	type = "png";
	124	};
	125
	126	# finder good settings
	127	finder = {
	128	AppleShowAllExtensions = true;
	129	AppleShowAllFiles = true;
	130	ShowPathbar = true;
	131	FXEnableExtensionChangeWarning = false;
	132	_FXShowPosixPathInTitle = true;
	133	NewWindowTarget = "Home";
	134	ShowExternalHardDrivesOnDesktop = false;
	135	ShowHardDrivesOnDesktop = false;
	136	ShowMountedServersOnDesktop = false;
	137	ShowRemovableMediaOnDesktop = false;
	138	ShowStatusBar = true;
	139	};
	140
	141	# Login Window Settings
	142	loginwindow = {
	143	GuestEnabled = false;
	144	DisableConsoleAccess = true;
	145	};
	146
	147	# dock settings
	148	dock = {
	149	magnification = true;
	150	largesize = 96;
	151	tilesize = 32;
	152	minimize-to-application = false;
	153	orientation = "bottom";
	154	autohide = true;
	155	persistent-apps = [
	156	{ app = "/Applications/Zen.app"; }
	157	#{ app = "/System/Applications/Launchpad.app"; }
	158	{ app = "/System/Applications/Messages.app"; }
	159	{ app = "/System/Applications/Facetime.app"; }
	160	{ app = "/System/Applications/Calendar.app"; }
	161	{ app = "/System/Applications/App Store.app"; }
	162	{ app = "/System/Applications/System Settings.app"; }
	163	{ app = "/Applications/UTM.app"; }
	164	];
	165	persistent-others = [
	166	{ folder = { path = "/Users/${username}/Downloads"; showas = "grid"; arrangement = "date-created"; }; }
	167	{ folder = { path = "/Applications"; showas = "grid"; arrangement = "name"; }; }
	168	];
	169	show-recents = false;
	170	};
	171
	172	# Custom preferences
	173	CustomUserPreferences = {
	174	NSGlobalDomain = {
	175	# Always show menu bar
	176	AppleMenuBarVisibleInFullscreen = true;
	177	};
	178
	179	"com.apple.symbolichotkeys" = {
	180	AppleSymbolicHotKeys = {
	181	"64" = {
	182	enabled = true; # skhd needs this for its shortcut
	183	};
	184	};
	185	};
	186	};
	187	};
	188
	189	# Post-Activation scripts
	190	system.activationScripts.postActivation.text = ''
	191	echo "Configuring NTP servers..."
	192	systemsetup -setnetworktimeserver pool.ntp.org > /dev/null 2>&1 \|\| true
	193	systemsetup -setusingnetworktime on > /dev/null 2>&1 \|\| true
	194
	195	ryancasum="$(${pkgs.openssl}/bin/openssl x509 -in "${../../files/CACerts/RyanCA.crt}" -noout -fingerprint -sha1 \| sed 's/.*=//; s/://g')"
	196	if ! /usr/bin/security find-certificate -a -Z "/Library/Keychains/System.keychain" \| tr -d ':' \| grep -iq "$ryancasum"; then
	197	echo "Installing RyanCA Certificate..."
	198	/usr/bin/security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ${../../files/CACerts/RyanCA.crt}
	199	fi
	200
	201	echo "Reloading Preferences DB..."
	202	/System/Library/PrivateFrameworks/SystemAdministration.framework/Resources/activateSettings -u
	203
	204	echo "Setting default browser"
	205	${pkgs.defaultbrowser}/bin/defaultbrowser ${defaultBrowser}
	206
	207	# this is fragile so it goes at the bottom
	208	echo "Reloading skhd..."
	209	sudo -iu ${username} ${pkgs.skhd}/bin/skhd -r
	210	'';
	211
	212	}