Using Nix Flakes as a Package Manager on macOS & Yubikey SSH Usage Memo

Nix Flakes

After reading fernvenue’s recent article Play with Nix Flakes, I decided to fully embrace Nix on my Mac, moving away from brew and Xcode. By discarding these bulky tools, I can easily install only what I need.

Recently, I treated myself to an old M1 Max for my birthday, as I still rely on Logic Pro and Final Cut Pro. After all, I can’t resist Apple’s accurate color displays. So, even though Debian can replace many tools, I still need to use macOS.

macOS doesn’t come with Xcode pre-installed. When you use the git command, it aggressively prompts you to install Xcode, even if you have installed git with Flakes. Frustrated, I installed Debian on my MacBook. When I returned to macOS to solve this issue, I found git was successfully working. So, if something installed with Nix Flake isn’t working immediately:

Try restarting your device; it will likely work then, provided the package is compatible with macOS.

Configuration

The configuration for Nix Flakes on macOS is the same as on Debian:

1
2

mkdir ~/.config/nix
echo "experimental-features = nix-command flakes" > ~/.config/nix/nix.conf

Common Commands

• Install an application: nix profile install nixpkgs#application
• Uninstall an application: nix profile remove application
• List installed applications: nix profile list
• Upgrade an application: nix profile upgrade application
• Upgrade all applications: nix profile upgrade --all
• Clean cache: nix-collect-garbage -d

Yubikey SSH Usage Memo

Recently, I finally mastered all operations of Yubikey SSH, although the usage on macOS is slightly different.

To avoid using Xcode, we directly install openssh with Nix Flakes. Although macOS has ssh, it seems to be a simplified version and cannot use ssh-keygen -K to import key pairs stored on Yubikey.

1

nix profile install nixpkgs#openssh

After successful installation, you can import the keys. I recommend using normal user permissions to import the keys into the ~/.ssh directory.

1
2
3

mkdir ~/.ssh & cd ~/.ssh

ssh-keygen -K

Follow the prompts to complete the process.

As a novice, I rarely used ssh keys to log into servers or use git, only using the simple operations on Termius. So, I didn’t understand the purpose and basic configuration of the ~/.ssh/config file.

Here is my ssh configuration for using git:

1
2
3
4

$ cat ~/.ssh/config
Host github.com
	user git
	IdentityFile ~/.ssh/id_ed25519_sk_rk_yubikey5cnfc

Then upload your public key to your GitHub account. For details, see the official documentation Connecting to GitHub with SSH.

After completion, test it:

1
2
3
4
5
6

$ ssh -T [email protected]
Confirm user presence for key ED25519-SK SHA256:mT3AmUTy4eQUnhuiGzRCFegResZgsWkN+r9CibXkeYQ
Enter PIN for ED25519-SK key /Users/bdim404/.ssh/id_ed25519_sk_rk_yubikey5cnfc: 
Confirm user presence for key ED25519-SK SHA256:mT3AmUTy4eQUnhuiGzRCFegResZgsWkN+r9CibXkeYQ
User presence confirmed
Hi bdim404! You've successfully authenticated, but GitHub does not provide shell access.

Everything seems to be working fine.

Reference Links:

https://blog.fernvenue.com/archives/play-with-nix-flakes/

https://docs.github.com/en/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account

https://developers.yubico.com/SSH/