calcite,weilite: use comin to auto update

.github/workflows/eval.yaml

@@ -1,10 +1,8 @@
 name: Eval NixOS Configurations
 
 on:
-  push:
-    branches:
-      - deploy
-  workflow_dispatch:
+  check_suite:
+    types: [completed]
 
 permissions:
   contents: write

flake.nix

@@ -113,6 +113,7 @@
       sharedNixosModules = [
         self.nixosModules.default
         sops-nix.nixosModules.sops
+        comin.nixosModules.comin
       ];
       nodeNixosModules = {
         calcite = [
@@ -120,7 +121,6 @@
           catppuccin.nixosModules.catppuccin
           machines/calcite/configuration.nix
           (mkHome "xin" "calcite")
-          comin.nixosModules.comin
         ];
         hk-00 = [
           ./machines/dolomite/claw.nix

machines/calcite/configuration.nix

@@ -15,23 +15,12 @@ in
     ../sops.nix
   ];
 
-  services.comin = {
-    enable = true;
-    remotes = [
-      {
-        name = "origin";
-        url = "https://github.com/xinyangli/nixos-config.git";
-        branches.main.name = "deploy-comin-eval";
-      }
-    ];
-    hostname = config.networking.hostName;
-  };
-
   commonSettings = {
     # auth.enable = true;
     nix = {
       signing.enable = true;
     };
+    comin.enable = true;
   };
 
   # Bootloader.

machines/weilite/default.nix

@@ -19,6 +19,7 @@
       nix = {
         enable = true;
       };
+      comin.enable = true;
     };
 
     boot = {
@@ -38,7 +39,10 @@
 
     nixpkgs.config.allowUnfree = true;
 
-    environment.systemPackages = [ pkgs.virtiofsd ];
+    environment.systemPackages = [
+      pkgs.virtiofsd
+      pkgs.intel-gpu-tools
+    ];
 
     sops = {
       defaultSopsFile = ./secrets.yaml;
@@ -94,15 +98,32 @@
         options = "rw,nodev,nosuid";
         wantedBy = [ "restic-rest-server.service" ];
       }
+      # {
+      #   what = "ocis";
+      #   where = "/var/lib/ocis";
+      #   type = "virtiofs";
+      #   options = "rw,nodev,nosuid";
+      #   wantedBy = [ "ocis.service" ];
+      # }
       {
-        what = "ocis";
-        where = "/var/lib/ocis";
+        what = "media";
+        where = "/var/lib/jellyfin/media";
         type = "virtiofs";
         options = "rw,nodev,nosuid";
-        wantedBy = [ "ocis.service" ];
       }
     ];
 
+    hardware.graphics = {
+      enable = true;
+      extraPackages = with pkgs; [
+        intel-media-driver
+        intel-vaapi-driver
+        vaapiVdpau
+        intel-compute-runtime # OpenCL filter support (hardware tonemapping and subtitle burn-in)
+        intel-media-sdk # QSV up to 11th gen
+      ];
+    };
+
     services.openssh.ports = [
       22
       2222

machines/weilite/services/default.nix

@@ -4,5 +4,6 @@
     ./restic.nix
     ./media-download.nix
     ./immich.nix
+    ./jellyfin.nix
   ];
 }

machines/weilite/services/jellyfin.nix

@@ -0,0 +1,15 @@
+{ config, pkgs, ... }:
+{
+  services.jellyfin.enable = true;
+
+  environment.systemPackages = with pkgs; [
+    jellyfin
+    jellyfin-web
+    jellyfin-ffmpeg
+  ];
+  services.caddy.virtualHosts."https://weilite.coho-tet.ts.net:8920".extraConfig = ''
+    reverse_proxy 127.0.0.1:8096
+  '';
+  networking.firewall.allowedTCPPorts = [ 8920 ]; # allow on lan
+  users.users.jellyfin.extraGroups = [ "render" ];
+}

modules/nixos/default.nix

@@ -2,6 +2,7 @@
   imports = [
     ./common-settings/auth.nix
     ./common-settings/autoupgrade.nix
+    ./common-settings/comin.nix
     ./common-settings/nix-conf.nix
     ./common-settings/proxy-server.nix
     ./common-settings/mainland.nix