commit 0441714c65432c7b797ba14d1ab7620998c8b18d
Author: Christoph Heiss <christoph@c8h4.io>
Date:   Sat Apr 1 12:15:22 2023 +0200

    Initial commit
    
    Signed-off-by: Christoph Heiss <christoph@c8h4.io>

diff --git a/.editorconfig b/.editorconfig
new file mode 100644
index 0000000..5975bfa
--- /dev/null
+++ b/.editorconfig
@@ -0,0 +1,18 @@
+root = true
+
+[*]
+end_of_line = lf
+insert_final_newline = true
+charset = utf-8
+indent_style = space
+indent_size = 4
+trim_trailing_whitespace = true
+
+[*.nix]
+indent_size = 2
+
+[*.md]
+trim_trailing_whitespace = false
+
+[Makefile]
+indent_style = tab
diff --git a/.git-crypt/.gitattributes b/.git-crypt/.gitattributes
new file mode 100644
index 0000000..665b10e
--- /dev/null
+++ b/.git-crypt/.gitattributes
@@ -0,0 +1,4 @@
+# Do not edit this file.  To specify the files to encrypt, create your own
+# .gitattributes file in the directory where your files are.
+* !filter !diff
+*.gpg binary
diff --git a/.git-crypt/keys/default/0/9C561D6430B28D6BDCBC9CEB73D5E7FDEE3DE49A.gpg b/.git-crypt/keys/default/0/9C561D6430B28D6BDCBC9CEB73D5E7FDEE3DE49A.gpg
new file mode 100644
index 0000000..1337568
Binary files /dev/null and b/.git-crypt/keys/default/0/9C561D6430B28D6BDCBC9CEB73D5E7FDEE3DE49A.gpg differ
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..2a23e46
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,3 @@
+result
+*.qcow2
+*.tar.xz
diff --git a/LICENSE b/LICENSE
new file mode 100644
index 0000000..fdddb29
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,24 @@
+This is free and unencumbered software released into the public domain.
+
+Anyone is free to copy, modify, publish, use, compile, sell, or
+distribute this software, either in source code form or as a compiled
+binary, for any purpose, commercial or non-commercial, and by any
+means.
+
+In jurisdictions that recognize copyright laws, the author or authors
+of this software dedicate any and all copyright interest in the
+software to the public domain. We make this dedication for the benefit
+of the public at large and to the detriment of our heirs and
+successors. We intend this dedication to be an overt act of
+relinquishment in perpetuity of all present and future rights to this
+software under copyright law.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
+OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
+ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+OTHER DEALINGS IN THE SOFTWARE.
+
+For more information, please refer to <https://unlicense.org>
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..0dd5dfd
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,31 @@
+export MAKEFLAGS :=
+
+MORPH := nix run nixpkgs\#morph --
+
+.PHONY: format
+
+all:
+	@echo "no default action, use one of 'format', 'build', 'deploy' or 'upload-secrets'" 2>&1
+	@exit 1
+
+format:
+	nix-shell -p nixfmt --run "find . -type f -name '*.nix' -exec nixfmt {} +"
+
+upload-secrets-all:
+	$(MORPH) upload-secrets --passwd ./default.nix
+
+build:
+	@if [ -z $(M) ]; then echo 'no machine specified using M=' 2>&1; exit 1; fi
+	$(MORPH) build --on $(M) ./default.nix
+
+deploy:
+	@if [ -z $(M) ]; then echo 'no machine specified using M=' 2>&1; exit 1; fi
+	$(MORPH) deploy --passwd --on $(M) ./default.nix switch
+
+deploy-full:
+	@if [ -z $(M) ]; then echo 'no machine specified using M=' 2>&1; exit 1; fi
+	$(MORPH) deploy --passwd --upload-secrets --on $(M) ./default.nix switch
+
+upload-secrets:
+	@if [ -z $(M) ]; then echo 'no machine specified using M=' 2>&1; exit 1; fi
+	$(MORPH) upload-secrets --passwd --on $(M) ./default.nix
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..73f70a1
--- /dev/null
+++ b/README.md
@@ -0,0 +1,18 @@
+# nixOS configuration
+
+## Structure
+
+* `common`: Contains configuration that should be applied on every machine.
+
+* `extra`: Non-Nix files, e.g. configuration files for other applications.
+
+* `machines`: Host-specific configuration.
+
+* `pkgs`: Custom packages.
+
+* `secrets`: Secrects encrypted using [git-crypt](https://github.com/AGWA/git-crypt).
+
+* `services`: Configuration for bigger service deployments, e.g. nginx.
+
+* `system`: Configurations describing "classes" of machines, like servers or desktops.
+
diff --git a/secrets/.gitattributes b/secrets/.gitattributes
new file mode 100644
index 0000000..5ccf582
--- /dev/null
+++ b/secrets/.gitattributes
@@ -0,0 +1,2 @@
+* filter=git-crypt diff=git-crypt
+.gitattributes !filter !diff