Embracing Immutable Infrastructure on macOS: A Practical Guide

The author details their transition from a traditional, mutable macOS environment to an immutable infrastructure model. This shift was driven by a desire for reproducibility and declarative system management, principles commonly found in cloud and server environments but rare on personal workstations. By leveraging tools like Nix and Home Manager, the author was able to define their entire system configuration—from packages to settings—in code. This approach eliminates manual configuration drift and allows for easy replication of the setup across multiple machines. The article outlines the practical steps taken, the challenges faced during the learning curve of the Nix language, and the significant benefits gained, such as atomic updates and reliable rollbacks. It serves as a practical guide for those looking to bring infrastructure-as-code principles to their personal macOS experience.

Traditional macOS management is inherently mutable. Every manual installation, configuration change, or script execution alters the system state directly. Over time, this leads to a phenomenon known as configuration drift, where the actual state of the machine deviates from its intended state. The author highlights the difficulty in tracking these changes, making it nearly impossible to replicate a setup exactly on a new machine or to recover from a corrupted state with confidence. This manual, imperative approach lacks a "single source of truth" for the system's configuration.

The core issues with this traditional model include:

• Lack of reproducibility across machines.
• Inability to easily rollback changes.
• Difficulty in tracking what is installed and configured.
• Manual effort required to sync configurations between devices.

The author found the solution in the Nix package manager. Unlike traditional package managers, Nix uses a purely functional deployment model. Packages are built in isolated environments, and the entire system configuration is described in a declarative manner using the Nix language. This means you define what you want on your system, not how to get it. Home Manager is then used on top of Nix to manage user-specific configurations, such as dotfiles and application settings, with the same declarative approach.

The key components of this new workflow are:

• Nix Darwin: Allows managing macOS system configuration (e.g., system defaults, services) with Nix.
• Home Manager: Manages user environments, packages, and dotfiles.
• Flakes: A feature for reproducible builds and managing dependencies, providing a single flake.nix file as the entry point for the entire configuration.

Implementing this system requires an initial investment in learning the Nix language. The author describes the process of setting up Nix on macOS and gradually migrating existing tools and scripts into the Nix ecosystem. The configuration is stored in a Git repository, providing version control for the entire system state. A simple command like nix run nix-darwin --extra-experimental-features "nix-command flakes" -- switch --flake .# becomes the new way to apply system-wide changes.

The new workflow looks like this:

1. Edit the flake.nix file to add a package or change a setting.
2. Run the darwin-rebuild command.
3. Nix calculates the new system generation and applies it atomically.

This process ensures that the system is always in a known, reproducible state, directly derived from the configuration file.

The benefits of this immutable approach are substantial. The author emphasizes the peace of mind that comes with knowing the entire system is defined in code. Rollbacks are trivial; if an update introduces a bug, reverting to the previous generation is a single command away. Sharing the setup across multiple Macs is seamless—just clone the repository and run the install. This methodology effectively brings the reliability and discipline of infrastructure-as-code to the personal computing environment.

In conclusion, while the initial learning curve for Nix is steep, the long-term gains in system stability, reproducibility, and maintainability make it a compelling choice for power users. The author successfully transformed their macOS machine into a declaratively managed, immutable system, proving that these powerful infrastructure concepts can and should be applied to personal workstations.