From 7790a7277ab9145913187497d1435abbb7adc69a Mon Sep 17 00:00:00 2001
From: Tristan Druyen <tristan@vault81.de>
Date: Mon, 11 Dec 2023 20:47:22 +0100
Subject: [PATCH] WIP: Add nixinate

---
 flake.lock                  | 45 ++++++++++++++++++++++++++++++++-----
 flake.nix                   | 26 +++++++++++++++++++++
 os-mods/network/default.nix | 10 +++++++++
 3 files changed, 76 insertions(+), 5 deletions(-)

diff --git a/flake.lock b/flake.lock
index 0d7379c..04ed3b4 100644
--- a/flake.lock
+++ b/flake.lock
@@ -209,7 +209,7 @@
     "hercules-ci-effects": {
       "inputs": {
         "flake-parts": "flake-parts_2",
-        "nixpkgs": "nixpkgs_3"
+        "nixpkgs": "nixpkgs_4"
       },
       "locked": {
         "lastModified": 1701009247,
@@ -328,6 +328,24 @@
         "type": "github"
       }
     },
+    "nixinate": {
+      "inputs": {
+        "nixpkgs": "nixpkgs_2"
+      },
+      "locked": {
+        "lastModified": 1702325609,
+        "narHash": "sha256-RpiVygpD910wp1QsS6Otav2/De2BCzeOL+NmrMdOuzA=",
+        "ref": "refs/heads/master",
+        "rev": "063d4788334b09191183e34ca819b6c3589f3648",
+        "revCount": 63,
+        "type": "git",
+        "url": "https://git.vlt81.de/tristan/nixinate.git"
+      },
+      "original": {
+        "type": "git",
+        "url": "https://git.vlt81.de/tristan/nixinate.git"
+      }
+    },
     "nixos-unstable": {
       "locked": {
         "lastModified": 1702151865,
@@ -409,6 +427,22 @@
       }
     },
     "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1653060744,
+        "narHash": "sha256-kfRusllRumpt33J1hPV+CeCCylCXEU7e0gn2/cIM7cY=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "dfd82985c273aac6eced03625f454b334daae2e8",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_3": {
       "locked": {
         "lastModified": 1701952659,
         "narHash": "sha256-TJv2srXt6fYPUjxgLAL0cy4nuf1OZD4KuA1TrCiQqg0=",
@@ -424,7 +458,7 @@
         "type": "github"
       }
     },
-    "nixpkgs_3": {
+    "nixpkgs_4": {
       "locked": {
         "lastModified": 1697723726,
         "narHash": "sha256-SaTWPkI8a5xSHX/rrKzUe+/uVNy6zCGMXgoeMb7T9rg=",
@@ -440,7 +474,7 @@
         "type": "github"
       }
     },
-    "nixpkgs_4": {
+    "nixpkgs_5": {
       "locked": {
         "lastModified": 1701718080,
         "narHash": "sha256-6ovz0pG76dE0P170pmmZex1wWcQoeiomUZGggfH9XPs=",
@@ -460,7 +494,7 @@
       "inputs": {
         "flake-parts": "flake-parts",
         "hercules-ci-effects": "hercules-ci-effects",
-        "nixpkgs": "nixpkgs_4",
+        "nixpkgs": "nixpkgs_5",
         "osx-kvm": "osx-kvm"
       },
       "locked": {
@@ -568,8 +602,9 @@
         "nix-index-database": "nix-index-database",
         "nix-ld": "nix-ld",
         "nix-wallpaper": "nix-wallpaper",
+        "nixinate": "nixinate",
         "nixos-unstable": "nixos-unstable",
-        "nixpkgs": "nixpkgs_2",
+        "nixpkgs": "nixpkgs_3",
         "nixpkgs-unstable": "nixpkgs-unstable",
         "nixtheplanet": "nixtheplanet",
         "nur": "nur",
diff --git a/flake.nix b/flake.nix
index 4aefe60..5a48566 100644
--- a/flake.nix
+++ b/flake.nix
@@ -13,6 +13,7 @@
     nixpkgs = {
       url = "github:NixOS/nixpkgs/nixos-23.11";
     };
+    nixinate.url = "git+https://git.vlt81.de/tristan/nixinate.git";
     chaotic = {
       url = "github:chaotic-cx/nyx/nyxpkgs-unstable";
     };
@@ -59,6 +60,7 @@
     , nixpkgs-unstable
     , nixos-unstable
     , nixtheplanet
+    , nixinate
     , home-manager
     , emacs-overlay
     , nur
@@ -116,6 +118,7 @@
       };
     in
     {
+      apps = (nixinate.nixinate.x86_64-linux self);
       formatter = {
         ${system} = pkgs.nixpkgs-fmt;
       };
@@ -125,6 +128,7 @@
       };
       nixosConfigurations = {
         nixos-pulse = nixpkgs.lib.nixosSystem {
+	  system = system;
           specialArgs = args;
           modules =
             [
@@ -139,6 +143,8 @@
             ++ osModules;
         };
         nixos-desk = nixpkgs.lib.nixosSystem {
+	  system = system;
+          specialArgs = args;
           modules =
             [
               ./systems/nixos-desk
@@ -148,10 +154,21 @@
                 home-manager.sharedModules = hmModules;
                 home-manager.extraSpecialArgs = args;
               }
+              {
+                _module.args.nixinate = {
+                  host = "100.64.0.3";
+                  sshUser = "tristand";
+                  buildOn = "remote"; # valid args are "local" or "remote"
+                  substituteOnTarget = false; # if buildOn is "local" then it will substitute on the target, "-s"
+                  hermetic = false;
+                };
+              }
             ]
             ++ osModules;
         };
         nixos-karl-kvm-guest = nixpkgs.lib.nixosSystem {
+	  system = system;
+          specialArgs = args;
           modules =
             [
               ./systems/nixos-karl-kvm-guest
@@ -161,6 +178,15 @@
                 home-manager.sharedModules = hmModules;
                 home-manager.extraSpecialArgs = args;
               }
+              {
+                _module.args.nixinate = {
+                  host = "nixos-karl-kvm-guest.oekonzept.de";
+                  sshUser = "reopen5194";
+                  buildOn = "remote"; # valid args are "local" or "remote"
+                  substituteOnTarget = false; # if buildOn is "local" then it will substitute on the target, "-s"
+                  hermetic = false;
+                };
+              }
             ]
             ++ osModules;
         };
diff --git a/os-mods/network/default.nix b/os-mods/network/default.nix
index 77c524f..62d45a1 100644
--- a/os-mods/network/default.nix
+++ b/os-mods/network/default.nix
@@ -17,7 +17,17 @@
     ];
   };
 
+  # security.wrappers.keybase-redirector = {
+    # setuid = true;
+    # owner = "root";
+    # group = "root";
+    # source = "${pkgs.kbfs}/bin/redirector";
+  # };
+
   services = {
+    keybase.enable = true;
+    kbfs.enable = false;
+    kbfs.enableRedirector = false;
     resolved = {
       enable = true;
       dnssec = "true";