1 files changed, 87 insertions, 0 deletions

diff --git a/flake.nix b/flake.nix
new file mode 100644
index 0000000..f898318
--- /dev/null
+++ b/flake.nix
@@ -0,0 +1,87 @@
+{
+  inputs.nixpkgs-stable.url = "github:NixOS/nixpkgs/25.05";
+  inputs.nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
+  inputs.disko.url = "github:nix-community/disko";
+  inputs.disko.inputs.nixpkgs.follows = "nixpkgs-stable";
+  inputs.nixos-facter-modules.url = "github:numtide/nixos-facter-modules";
+  inputs.sops-nix.url = "github:Mic92/sops-nix";
+  inputs.sops-nix.inputs.nixpkgs.follows = "nixpkgs-stable";
+  inputs.nixos-anywhere.url = "github:nix-community/nixos-anywhere";
+  inputs.nixos-anywhere.inputs.nixpkgs.follows = "nixpkgs-stable";
+
+  outputs =
+    {
+      nixpkgs-stable,
+      nixpkgs-unstable,
+      disko,
+      nixos-facter-modules,
+      sops-nix,
+      nixos-anywhere,
+      ...
+    }:
+    let
+      systems = [
+        "x86_64-linux"
+        "x86_64-darwin"
+        "aarch64-linux"
+        "aarch64-darwin"
+      ];
+    in
+    {
+      nixosConfigurations.kj-laptop01 = nixpkgs-unstable.lib.nixosSystem {
+        system = "x86_64-linux";
+        modules = [
+          disko.nixosModules.disko
+          ./kj-laptop01/configuration.nix
+          nixos-facter-modules.nixosModules.facter
+          sops-nix.nixosModules.sops
+          {
+            config.facter.reportPath = ./kj-laptop01/facter.json;
+          }
+        ];
+      };
+
+      formatter = nixpkgs-stable.lib.genAttrs systems (
+        system: nixpkgs-stable.legacyPackages.${system}.nixfmt-tree
+      );
+
+      apps = nixpkgs-stable.lib.genAttrs systems (system:
+        let
+          pkgs = nixpkgs-stable.legacyPackages.${system};
+
+          install-script = pkgs.writers.writeRubyBin "install" {
+            libraries = [];
+          } /* ruby */ ''
+            require 'tmpdir'
+            require 'open3'
+            require 'json'
+            require 'fileutils'
+
+            system_flake = ARGV[0]
+            ENV['SOPS_AGE_KEY_FILE'] ||= File.expand_path("~/.config/sops/age/keys.txt")
+            sops_exe = "${pkgs.sops}/bin/sops"
+            nixos_anywhere_exe = "${pkgs.nixos-anywhere}/bin/nixos-anywhere"
+
+            secret_data_raw, status = Open3.capture2(sops_exe, "decrypt", "--output-type", "json", "#{system_flake}/secrets.yaml")
+            raise "Failed to decrypt secrets.yaml" unless status.success?
+            secret_data = JSON.parse(secret_data_raw)
+
+            Dir.mktmpdir("secrets") do |secret_dir|
+                FileUtils.mkdir_p(File.join(secret_dir, 'copy_dir/etc/ssh'))
+                File.write(File.join(secret_dir, 'copy_dir/etc/ssh/ssh_host_ed25519_key'), secret_data["ssh_host_key_ed25519"])
+                File.write(File.join(secret_dir, 'luks_passphrase'), secret_data["luks_passphrase"])
+
+                system nixos_anywhere_exe, "--disk-encryption-keys", File.join(secret_dir, 'luks_passphrase'),
+                    "--extra-files", File.join(secret_dir, 'copy_dir'), "--flake", ".##{system_flake}", *ARGV[1..-1],
+                    exception: true
+            end
+          '';
+        in
+        {
+          install = {
+            type = "app";
+            program = "${install-script}/bin/install";
+          };
+        });
+    };
+}