Initial commit

Signed-off-by: Christoph Heiss <christoph@c8h4.io>

.editorconfig

@@ -0,0 +1,18 @@
+root = true
+
+[*]
+end_of_line = lf
+insert_final_newline = true
+charset = utf-8
+indent_style = space
+indent_size = 4
+trim_trailing_whitespace = true
+
+[*.nix]
+indent_size = 2
+
+[*.md]
+trim_trailing_whitespace = false
+
+[Makefile]
+indent_style = tab

.git-crypt/.gitattributes

@@ -0,0 +1,4 @@
+# Do not edit this file.  To specify the files to encrypt, create your own
+# .gitattributes file in the directory where your files are.
+* !filter !diff
+*.gpg binary

.gitignore

@@ -0,0 +1,3 @@
+result
+*.qcow2
+*.tar.xz

LICENSE

@@ -0,0 +1,24 @@
+This is free and unencumbered software released into the public domain.
+
+Anyone is free to copy, modify, publish, use, compile, sell, or
+distribute this software, either in source code form or as a compiled
+binary, for any purpose, commercial or non-commercial, and by any
+means.
+
+In jurisdictions that recognize copyright laws, the author or authors
+of this software dedicate any and all copyright interest in the
+software to the public domain. We make this dedication for the benefit
+of the public at large and to the detriment of our heirs and
+successors. We intend this dedication to be an overt act of
+relinquishment in perpetuity of all present and future rights to this
+software under copyright law.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
+OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
+ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+OTHER DEALINGS IN THE SOFTWARE.
+
+For more information, please refer to <https://unlicense.org>

Makefile

@@ -0,0 +1,31 @@
+export MAKEFLAGS :=
+
+MORPH := nix run nixpkgs\#morph --
+
+.PHONY: format
+
+all:
+	@echo "no default action, use one of 'format', 'build', 'deploy' or 'upload-secrets'" 2>&1
+	@exit 1
+
+format:
+	nix-shell -p nixfmt --run "find . -type f -name '*.nix' -exec nixfmt {} +"
+
+upload-secrets-all:
+	$(MORPH) upload-secrets --passwd ./default.nix
+
+build:
+	@if [ -z $(M) ]; then echo 'no machine specified using M=' 2>&1; exit 1; fi
+	$(MORPH) build --on $(M) ./default.nix
+
+deploy:
+	@if [ -z $(M) ]; then echo 'no machine specified using M=' 2>&1; exit 1; fi
+	$(MORPH) deploy --passwd --on $(M) ./default.nix switch
+
+deploy-full:
+	@if [ -z $(M) ]; then echo 'no machine specified using M=' 2>&1; exit 1; fi
+	$(MORPH) deploy --passwd --upload-secrets --on $(M) ./default.nix switch
+
+upload-secrets:
+	@if [ -z $(M) ]; then echo 'no machine specified using M=' 2>&1; exit 1; fi
+	$(MORPH) upload-secrets --passwd --on $(M) ./default.nix

README.md

@@ -0,0 +1,18 @@
+# nixOS configuration
+
+## Structure
+
+* `common`: Contains configuration that should be applied on every machine.
+
+* `extra`: Non-Nix files, e.g. configuration files for other applications.
+
+* `machines`: Host-specific configuration.
+
+* `pkgs`: Custom packages.
+
+* `secrets`: Secrects encrypted using [git-crypt](https://github.com/AGWA/git-crypt).
+
+* `services`: Configuration for bigger service deployments, e.g. nginx.
+
+* `system`: Configurations describing "classes" of machines, like servers or desktops.
+

secrets/.gitattributes

@@ -0,0 +1,2 @@
+* filter=git-crypt diff=git-crypt
+.gitattributes !filter !diff