feat: use flake and terranix

this changes not breaking our workflow:
* nix-shell refer to shell.nix
* nix develop refer to flake.nix#devShells
* TODO: rewrite *.tf to .nix

Author: r17x

.envrc.example

@@ -1,5 +1,9 @@
+# legacy nix
 use_nix
 
+# 👇 uncomment when you want to use flake
+# use flake
+
 export TF_VAR_do_token=
 export TF_VAR_linode_token=
 export TF_VAR_namecheap_username=

.gitignore

@@ -6,7 +6,9 @@ terraform.tfstate.*
 # Edit at https://www.toptal.com/developers/gitignore?templates=direnv
 
 ### direnv ###
-.direnv
 .envrc
+.direnv
 
 # End of https://www.toptal.com/developers/gitignore/api/direnv
+result
+config.tf.json

flake.lock

@@ -0,0 +1,72 @@
+{
+  inputs = {
+    nixpkgs.url = "github:nixos/nixpkgs";
+
+    # terranix modules
+    terranix = {
+      url = "github:terranix/terranix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
+    # Other sources / nix utilities
+    flake-compat = { url = "github:edolstra/flake-compat"; flake = false; };
+    flake-utils.url = "github:numtide/flake-utils";
+  };
+
+  outputs = { self, nixpkgs, flake-utils, terranix, flake-compat }:
+    flake-utils.lib.eachDefaultSystem (system:
+      let
+        pkgs = nixpkgs.legacyPackages.${system};
+        terraform = pkgs.terraform;
+        terraformConfiguration = terranix.lib.terranixConfiguration {
+          inherit system;
+          modules = [
+            # TODO rewrite *.tf to .nix 
+            # see https://terranix.org/documentation/terranix-vs-hcl/
+          ];
+        };
+      in
+      {
+        defaultPackage = terraformConfiguration;
+
+        # nix develop
+        devShell = pkgs.mkShell {
+          buildInputs = with pkgs;[
+            terraform
+            terranix.defaultPackage.${system}
+
+            tfsec
+            terrascan
+
+            ripgrep
+            bat
+          ];
+        };
+
+        # nix run ".#apply"
+        apps.apply = {
+          type = "app";
+          program = toString (pkgs.writers.writeBash "apply" ''
+            if [[ -e config.tf.json ]]; then rm -f config.tf.json; fi
+            cp ${terraformConfiguration} config.tf.json \
+              && ${terraform}/bin/terraform init \
+              && ${terraform}/bin/terraform apply
+          '');
+        };
+
+        # nix run ".#destroy"
+        apps.destroy = {
+          type = "app";
+          program = toString (pkgs.writers.writeBash "destroy" ''
+            if [[ -e config.tf.json ]]; then rm -f config.tf.json; fi
+            cp ${terraformConfiguration} config.tf.json \
+              && ${terraform}/bin/terraform init \
+              && ${terraform}/bin/terraform destroy
+          '');
+        };
+
+        # nix run
+        # every run will be generated config.tf.json
+        defaultApp = self.apps.${system}.apply;
+      });
+}

flake.nix

@@ -1,13 +1,14 @@
-with import <nixpkgs> {};
-
-pkgs.mkShell {
-  name = "area13";
-
-  buildInputs = [
-    terraform
-    tfsec
-    terrascan
-    ripgrep
-    bat
-  ];
-}
+# See https://nixos.wiki/wiki/Flakes#Using_flakes_project_from_a_legacy_Nix
+(import
+  (
+    let
+      lock = builtins.fromJSON (builtins.readFile ./flake.lock);
+    in
+    fetchTarball {
+      url = "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz";
+      sha256 = lock.nodes.flake-compat.locked.narHash;
+    }
+  )
+  {
+    src = ./.;
+  }).shellNix