diff --git a/nix/.envrc b/nix/.envrc
new file mode 100644
index 0000000..a5dbbcb
--- /dev/null
+++ b/nix/.envrc
@@ -0,0 +1 @@
+use flake .
diff --git a/nix/.gitignore b/nix/.gitignore
new file mode 100644
index 0000000..a552332
--- /dev/null
+++ b/nix/.gitignore
@@ -0,0 +1,2 @@
+/.direnv
+/.pre-commit-config.yaml
diff --git a/nix/flake.nix b/nix/flake.nix
new file mode 100644
index 0000000..8344394
--- /dev/null
+++ b/nix/flake.nix
@@ -0,0 +1,73 @@
+{
+  description = "Template for Nix project";
+
+  inputs = {
+    nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable";
+    pre-commit.url = "github:cachix/git-hooks.nix";
+    treefmt.url = "github:numtide/treefmt-nix";
+    systems.url = "github:nix-systems/x86_64-linux";
+    utils = {
+      url = "github:numtide/flake-utils";
+      inputs.systems.follows = "systems";
+    };
+  };
+
+  outputs =
+    {
+      self,
+      nixpkgs,
+      utils,
+      pre-commit,
+      treefmt,
+      ...
+    }:
+    utils.lib.eachDefaultSystem (
+      system:
+      let
+        pkgs = import nixpkgs { inherit system; };
+        treefmtEval = treefmt.lib.evalModule pkgs ./treefmt.nix;
+      in
+      {
+        checks = {
+          pre-commit-check = pre-commit.lib.${system}.run {
+            src = ./.;
+            hooks = {
+              gitleaks = {
+                name = "gitleaks";
+                enable = true;
+                entry = "${pkgs.gitleaks}/bin/gitleaks detect";
+                stages = [ "pre-commit" ];
+              };
+
+              treefmt = {
+                enable = true;
+                packageOverrides.treefmt = treefmtEval.config.build.wrapper;
+              };
+
+              statix.enable = true;
+              deadnix.enable = true;
+              nil.enable = true;
+            };
+          };
+
+          # just check formatting is ok without changing anything
+          formatting = treefmtEval.config.build.check self;
+        };
+
+        # for `nix fmt`
+        formatter = treefmtEval.config.build.wrapper;
+
+        devShells.default = pkgs.mkShell {
+          inherit (self.checks.${system}.pre-commit-check) shellHook;
+          buildInputs =
+            with pkgs;
+            self.checks.${system}.pre-commit-check.enabledPackages
+            ++ [
+              nil
+              nixfmt-rfc-style
+            ];
+        };
+      }
+    );
+
+}
diff --git a/nix/treefmt.nix b/nix/treefmt.nix
new file mode 100644
index 0000000..4ad95fc
--- /dev/null
+++ b/nix/treefmt.nix
@@ -0,0 +1,7 @@
+_: {
+  projectRootFile = "flake.nix";
+
+  programs = {
+    nixfmt.enable = true;
+  };
+}