From 0636c614386a1dbcdc785b2628bb4004b4f75c19 Mon Sep 17 00:00:00 2001
From: kalipso <kalipso@c3d2.de>
Date: Tue, 4 Oct 2022 14:08:04 +0200
Subject: [PATCH] initial commit

---
 .envrc                     |  1 +
 flake.nix                  | 22 ++++++++++++++++++++
 machines/configuration.nix | 42 ++++++++++++++++++++++++++++++++++++++
 outputs.nix                | 24 ++++++++++++++++++++++
 shell.nix                  | 20 ++++++++++++++++++
 5 files changed, 109 insertions(+)
 create mode 100644 .envrc
 create mode 100644 flake.nix
 create mode 100644 machines/configuration.nix
 create mode 100644 outputs.nix
 create mode 100644 shell.nix

diff --git a/.envrc b/.envrc
new file mode 100644
index 0000000..3550a30
--- /dev/null
+++ b/.envrc
@@ -0,0 +1 @@
+use flake
diff --git a/flake.nix b/flake.nix
new file mode 100644
index 0000000..8d15f4c
--- /dev/null
+++ b/flake.nix
@@ -0,0 +1,22 @@
+{
+  description = "malobeo infrastructure";
+
+  inputs = {
+    utils.url = "github:numtide/flake-utils";
+    nixos-hardware.url = "github:NixOS/nixos-hardware/master";
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.05";
+    nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
+    sops-nix.url = "github:Mic92/sops-nix";
+    sops-nix.inputs.nixpkgs.follows = "nixpkgs";
+    mfsync.url = "github:k4lipso/mfsync";
+
+    home-manager-stable = {
+      url = "github:nix-community/home-manager/release-22.05";
+      inputs = {
+        nixpkgs.follows = "nixpkgs-stable";
+      };
+    };
+  };
+
+  outputs = { ... } @ args: import ./outputs.nix args;
+}
diff --git a/machines/configuration.nix b/machines/configuration.nix
new file mode 100644
index 0000000..f81f611
--- /dev/null
+++ b/machines/configuration.nix
@@ -0,0 +1,42 @@
+{ self
+, nixpkgs-unstable
+, nixpkgs
+, sops-nix
+, inputs
+, nixos-hardware
+, home-manager
+, home-manager-stable
+, simple-nixos-mailserver
+, ...
+}:
+let
+  nixosSystem = nixpkgs.lib.makeOverridable nixpkgs-unstable.lib.nixosSystem;
+  nixosSystemUnstable = nixpkgs-unstable.lib.makeOverridable nixpkgs-unstable.lib.nixosSystem;
+
+  baseModules = [
+    # make flake inputs accessiable in NixOS
+    { _module.args.inputs = inputs; }
+    {
+      imports = [
+        ({ pkgs, ... }: {
+          nix.extraOptions = ''
+            experimental-features = nix-command flakes
+          '';
+        })
+
+        sops-nix.nixosModules.sops
+      ];
+    }
+  ];
+  defaultModules = baseModules;
+in
+{
+  moderatio = nixosSystem {
+    system = "x86_64-linux";
+    specialArgs.inputs = inputs;
+    modules = defaultModules ++ [
+      #nixos-hardware.nixosModules.lenovo-thinkpad-t480s
+      ./moderatio/configuration.nix
+    ];
+  };
+}
diff --git a/outputs.nix b/outputs.nix
new file mode 100644
index 0000000..75d5c75
--- /dev/null
+++ b/outputs.nix
@@ -0,0 +1,24 @@
+{ self
+, utils
+, nixpkgs
+, nixpkgs-unstable
+, sops-nix
+, ...
+} @inputs:
+
+# filter i686-liux from defaultSystem to run nix flake check successfully
+let filter_system = name: if name == utils.lib.system.i686-linux then false else true;
+in (utils.lib.eachSystem (builtins.filter filter_system utils.lib.defaultSystems) ( system:
+  let
+    pkgs-unstable = nixpkgs-unstable.legacyPackages."${system}";
+    pkgs = nixpkgs.legacyPackages."${system}";
+  in
+  {
+    devShells.default = pkgs.callPackage ./shell.nix {
+      inherit (sops-nix.packages."${pkgs.system}") sops-import-keys-hook ssh-to-pgp sops-init-gpg-key;
+    };
+  })) // {
+    nixosConfigurations = import ./machines/configuration.nix (inputs // {
+      inherit inputs;
+    });
+}
diff --git a/shell.nix b/shell.nix
new file mode 100644
index 0000000..068df44
--- /dev/null
+++ b/shell.nix
@@ -0,0 +1,20 @@
+{ mkShell
+, sops-import-keys-hook
+, ssh-to-pgp
+, sops-init-gpg-key
+, sops
+}:
+
+mkShell {
+  sopsPGPKeyDirs = [
+    "./machines/secrets/keys/hosts"
+    "./machines/secrets/keys/users"
+  ];
+
+  nativeBuildInputs = [
+    ssh-to-pgp
+    sops-import-keys-hook
+    sops-init-gpg-key
+    sops
+  ];
+}