initial setup

flake.nix

@@ -0,0 +1,81 @@
+{
+  description = "jana's server infrastructure";
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/release-25.05";
+    colmena.url = "github:zhaofengli/colmena";
+    flake-utils.url = "github:numtide/flake-utils";
+    sops-nix.url = "github:jdonszelmann/sops-nix";
+  };
+  outputs =
+    {
+      self,
+      nixpkgs,
+      colmena,
+      flake-utils,
+      sops-nix,
+      ...
+    }:
+    let
+      pkgsForSystem =
+        system:
+        import nixpkgs {
+          inherit system;
+          # config.allowUnfree = true;
+          overlays = [ ];
+        };
+    in
+    {
+      colmenaHive = colmena.lib.makeHive self.outputs.colmena;
+
+      colmena = {
+        meta = {
+          nixpkgs = pkgsForSystem "x86_64-linux";
+        };
+
+        fili = {
+          deployment = {
+            targetHost = "donsz.nl";
+            targetPort = 22;
+            replaceUnknownProfiles = false;
+            tags = [ "server" ];
+            # buildOnTarget = true;
+            targetUser = "jana";
+          };
+
+          imports = [
+            ./fili/configuration.nix
+            ./users/users.nix
+            ./default-machine-config.nix
+            sops-nix.nixosModules.sops
+          ];
+        };
+      };
+    }
+    // flake-utils.lib.eachDefaultSystem (
+      system:
+      let
+        pkgs = pkgsForSystem system;
+      in
+      {
+        devShells.default = pkgs.mkShell {
+          buildInputs = with pkgs; [
+            lix
+            colmena.packages.${system}.colmena
+            (pkgs.writeShellScriptBin "apply" ''
+              colmena apply --no-substitute
+            '')
+          ];
+          shellHook = "exec $NIX_BUILD_SHELL";
+        };
+
+        formatter = pkgs.nixfmt-rfc-style;
+      }
+    );
+
+  nixConfig = {
+    extra-substituters = [ "https://jana.cachix.org" ];
+    extra-trusted-public-keys = [
+      "jana.cachix.org-1:LN0lzHx7QH1RBoDn3+psi4HOEAXW3EqRa/u0ncQ1XBE="
+    ];
+  };
+}