dotfiles

Nix-based system config for macOS, NixOS VM, and WSL

What's Included

NixOS in VM, security hardened and straight outta r/unixporn

Niri and Noctalia with autotheming based on wallpaper, greetd, Ghostty, foot

Dev Tools

Neovim (LazyVim), Doom Emacs, tmux, Rust, Go, Python, and Node. Deep Niri window management integrations for editors including edge-navigation passthrough and buffer-to-window tearing.

AI Agents

Claude Code, OpenCode, 20+ agents via llm-agents.nix

Secrets

sops-nix + sopsidy with Bitwarden/rbw backend. No "I keep my encrypted secrets in a public repo". Minimal exposure to SOPS, no secret value gets commited, most secrets handled by EU-hosted BitWarden.

Clipboard

Uniclip: encrypted clipboard sharing between macOS and a Linux VM — patched Uniclip over an SSH tunnel wrapped in a systemd unit, working around VMware’s lack of Wayland clipboard support.

Networking

Tailscale, VMware NAT with static DHCP, SSH tunnels

macOS — Fresh MacBook Setup

Installs Xcode CLT, Homebrew, Nix, clones this repo, and applies the full nix-darwin config.

$ curl -sL https://smallstepman.github.io/macbook.sh | tee ~/whatbootstrappedme.sh | sh

After install, use niks to rebuild the darwin config (which lives in ~/.config/nix).

To install NixOS in VM:

$ vm bootstrap

NixOS VM — VMware Fusion

If you just want the VM, and no nix-darwin, run this:

$ curl -sL https://smallstepman.github.io/vm.sh | tee ~/whatbootstrappedvm.sh | sh

It downloads VMware Fusion if needed, downloads NixOS ISO and creates an aarch64 VM, then finally installs via shared folder.

Nix config lives in /nixos-config.

vm commands

Command	Description
`vm bootstrap [--redo]`	Full setup from scratch. `--redo` destroys existing VM first.
`vm switch`	Apply config changes (nixos-rebuild switch)
`vm up`	Start the VM
`vm down`	Graceful shutdown
`vm ssh [cmd]`	SSH into the VM, or run a remote command
`vm ip`	Print the VM's current IP
`vm refresh-secrets`	Regenerate sops age keys and re-encrypt secrets

WSL — Windows

PowerShell (as Administrator):

PS> iex (iwr -useb https://smallstepman.github.io/wsl.ps1)

Shell Aliases

Alias	Description
`niks`	Rebuild & switch the system config (macOS or NixOS-in-VM)
`nikt`	Build & test without switching
`vm <cmd>`	NixOS VM management (macOS only)

nix-darwin NixOS home-manager flakes VMware Fusion aarch64 sops-nix WSL