ci: fix recursive job trigger

.github/workflows/eval.yaml

@@ -0,0 +1,60 @@
+name: Eval NixOS Configurations
+
+on:
+  check_suite:
+    types: [completed]
+
+permissions:
+  contents: write
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          ref: deploy
+
+      - name: Install Nix
+        uses: cachix/install-nix-action@v25
+        with:
+          extra_nix_conf: |
+            extra-trusted-public-keys = cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=
+            extra-substituters = https://cache.garnix.io
+
+      - name: Configure Git
+        run: |
+          git config --global user.name "GitHub Actions Bot"
+          git config --global user.email "actions@github.com"
+
+      - name: Process Configurations
+        run: |
+          git checkout -b deploy-comin-eval
+          mkdir -p eval
+          hosts=$(nix flake show --json | jq -r '.nixosConfigurations | keys[]')
+          echo "Found hosts: $hosts"
+
+          failed_hosts=""
+          for host in $hosts; do
+            echo "Eval derivation for $host"
+            if ! nix derivation show ".#nixosConfigurations.$host.config.system.build.toplevel" > "eval/$host.json"; then
+              echo "❌ Failed to evaluate $host"
+              failed_hosts+="$host "
+              rm "eval/$host.json"
+            else
+              echo "✅ Successfully evaluated $host"
+            fi
+          done
+
+          echo "Failed hosts: $failed_hosts" 
+          
+          git add eval/
+          git commit -m "Update deployment configurations for all hosts"
+          
+          git push -f origin deploy-comin-eval
+
+          # After success, reset deploy-comin to new deploy
+          git checkout -b deploy-comin 
+          git reset --hard deploy
+          git push -f origin deploy-comin

flake.lock

@@ -39,6 +39,26 @@
         "type": "github"
       }
     },
+    "comin": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1734693645,
+        "narHash": "sha256-Vw3YpuQxwBse5JiTGBH5MSPmqXOXFI4ROs7IF3tRc7k=",
+        "owner": "xinyangli",
+        "repo": "comin",
+        "rev": "c8a66bbd129e88ad916cac59f1ad9f45d39b3190",
+        "type": "github"
+      },
+      "original": {
+        "owner": "xinyangli",
+        "repo": "comin",
+        "type": "github"
+      }
+    },
     "devshell": {
       "inputs": {
         "nixpkgs": [
@@ -382,11 +402,11 @@
         "rev": "a3709a89797ea094f82d38edeb4a538c07c8c3fa",
         "revCount": 20,
         "type": "git",
-        "url": "https://git.xinyang.life/xin/nixvim"
+        "url": "https://git.xiny.li/xin/nixvim"
       },
       "original": {
         "type": "git",
-        "url": "https://git.xinyang.life/xin/nixvim"
+        "url": "https://git.xiny.li/xin/nixvim"
       }
     },
     "nix-darwin": {
@@ -642,6 +662,7 @@
       "inputs": {
         "catppuccin": "catppuccin",
         "colmena": "colmena",
+        "comin": "comin",
         "disko": "disko",
         "flake-utils": "flake-utils_2",
         "home-manager": "home-manager",

flake.nix

@@ -43,7 +43,7 @@
     };
 
     my-nixvim = {
-      url = "git+https://git.xinyang.life/xin/nixvim";
+      url = "git+https://git.xiny.li/xin/nixvim";
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
@@ -55,6 +55,11 @@
       url = "github:nix-community/disko";
       inputs.nixpkgs.follows = "nixpkgs";
     };
+
+    comin = {
+      url = "github:xinyangli/comin";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
   };
 
   outputs =
@@ -72,6 +77,7 @@
       colmena,
       nix-index-database,
       disko,
+      comin,
       ...
     }:
     let
@@ -107,6 +113,7 @@
       sharedNixosModules = [
         self.nixosModules.default
         sops-nix.nixosModules.sops
+        comin.nixosModules.comin
       ];
       nodeNixosModules = {
         calcite = [
@@ -286,16 +293,22 @@
           {
             imports = nodeNixosModules.biotite ++ sharedColmenaModules;
           };
+
+        osmium =
+          { ... }:
+          {
+            deployment = {
+              targetHost = "osmium.coho-tet.ts.net";
+              buildOnTarget = false;
+            };
+            imports = nodeNixosModules.osmium ++ sharedColmenaModules;
+          };
       };
 
       nixosConfigurations = {
         calcite = mkNixos {
           hostname = "calcite";
         };
-
-        osmium = mkNixos {
-          hostname = "osmium";
-        };
       } // self.colmenaHive.nodes;
 
     }
@@ -305,7 +318,7 @@
         pkgs = nixpkgs.legacyPackages.${system};
 
         mkHomeConfiguration = user: host: {
-          name = user;
+          name = "${user}-${host}";
           value = home-manager.lib.homeManagerConfiguration {
             inherit pkgs;
             modules = [

garnix.yaml

@@ -7,4 +7,4 @@ builds:
     - homeConfigurations.aarch64-linux.*
     - darwinConfigurations.*
     - nixosConfigurations.*
-
+  branch: deploy

home/default.nix

@@ -1,5 +1,6 @@
 {
   xin = {
     calcite = import ./xin/calcite.nix;
+    gold = import ./xin/gold;
   };
 }

home/xin/calcite.nix

@@ -108,10 +108,12 @@ in
 
   xdg.systemDirs.data = [
     "/usr/share"
-    "/var/lib/flatpak/exports/share"
-    "${homeDirectory}/.local/share/flatpak/exports/share"
   ];
 
+  xdg.configFile."distrobox/distrobox.conf".text = ''
+    container_additional_volumes="/nix/store:/nix/store:ro /etc/profiles/per-user:/etc/profiles/per-user:ro"
+  '';
+
   programs.man.generateCaches = false;
 
   programs.atuin = {

home/xin/raspite/default.nix

@@ -1,25 +0,0 @@
-{ config, pkgs, ... }:
-{
-  imports = [ ../common ];
-
-  home.username = "xin";
-  home.homeDirectory = "/home/xin";
-  home.stateVersion = "23.05";
-
-  # Let Home Manager install and manage itself.
-  programs.home-manager.enable = true;
-
-  accounts.email.accounts.gmail = {
-    primary = true;
-    address = "lixinyang411@gmail.com";
-    flavor = "gmail.com";
-  };
-
-  accounts.email.accounts.whu = {
-    address = "lixinyang411@whu.edu.cn";
-  };
-
-  accounts.email.accounts.foxmail = {
-    address = "lixinyang411@foxmail.com";
-  };
-}

machines/calcite/configuration.nix

@@ -20,6 +20,7 @@ in
     nix = {
       signing.enable = true;
     };
+    comin.enable = true;
   };
 
   # Bootloader.
@@ -176,7 +177,7 @@ in
         ];
         settings = {
           main = {
-            capslock = "overload(control, esc)";
+            leftcontrol = "overload(control, esc)";
           };
         };
       };

machines/weilite/default.nix

@@ -19,6 +19,7 @@
       nix = {
         enable = true;
       };
+      comin.enable = true;
     };
 
     boot = {
@@ -38,7 +39,10 @@
 
     nixpkgs.config.allowUnfree = true;
 
-    environment.systemPackages = [ pkgs.virtiofsd ];
+    environment.systemPackages = [
+      pkgs.virtiofsd
+      pkgs.intel-gpu-tools
+    ];
 
     sops = {
       defaultSopsFile = ./secrets.yaml;
@@ -94,15 +98,32 @@
         options = "rw,nodev,nosuid";
         wantedBy = [ "restic-rest-server.service" ];
       }
+      # {
+      #   what = "ocis";
+      #   where = "/var/lib/ocis";
+      #   type = "virtiofs";
+      #   options = "rw,nodev,nosuid";
+      #   wantedBy = [ "ocis.service" ];
+      # }
       {
-        what = "ocis";
+        what = "media";
-        where = "/var/lib/ocis";
+        where = "/var/lib/jellyfin/media";
         type = "virtiofs";
         options = "rw,nodev,nosuid";
-        wantedBy = [ "ocis.service" ];
       }
     ];
 
+    hardware.graphics = {
+      enable = true;
+      extraPackages = with pkgs; [
+        intel-media-driver
+        intel-vaapi-driver
+        vaapiVdpau
+        intel-compute-runtime # OpenCL filter support (hardware tonemapping and subtitle burn-in)
+        intel-media-sdk # QSV up to 11th gen
+      ];
+    };
+
     services.openssh.ports = [
       22
       2222

machines/weilite/services/default.nix

@@ -4,5 +4,6 @@
     ./restic.nix
     ./media-download.nix
     ./immich.nix
+    ./jellyfin.nix
   ];
 }

machines/weilite/services/jellyfin.nix

@@ -0,0 +1,15 @@
+{ config, pkgs, ... }:
+{
+  services.jellyfin.enable = true;
+
+  environment.systemPackages = with pkgs; [
+    jellyfin
+    jellyfin-web
+    jellyfin-ffmpeg
+  ];
+  services.caddy.virtualHosts."https://weilite.coho-tet.ts.net:8920".extraConfig = ''
+    reverse_proxy 127.0.0.1:8096
+  '';
+  networking.firewall.allowedTCPPorts = [ 8920 ]; # allow on lan
+  users.users.jellyfin.extraGroups = [ "render" ];
+}

modules/home-manager/gui/themes.nix

@@ -13,6 +13,10 @@
         name = "Catppuccin-GTK-Dark";
         package = pkgs.magnetic-catppuccin-gtk;
       };
+      iconTheme = {
+        name = "Qogir";
+        package = pkgs.qogir-icon-theme;
+      };
       gtk2.configLocation = "${config.xdg.configHome}/gtk-2.0/gtkrc";
     };
   };

modules/home-manager/gui/waybar.nix

@@ -44,8 +44,6 @@ in
           modules-right = [
             "network#speed"
             "custom/separator"
-            "network#if"
-            "custom/separator"
             "pulseaudio"
             "custom/separator"
             "memory"
@@ -121,22 +119,6 @@ in
             format = "  {percentage}%";
           };
 
-          "network#if" = {
-            format = "{ifname}";
-            format-disconnected = "󰌙";
-            format-ethernet = "󰌘";
-            format-linked = "{ifname} (No IP)  󰈁";
-            format-wifi = "{icon}";
-            format-icons = [
-              "󰤯"
-              "󰤟"
-              "󰤢"
-              "󰤥"
-              "󰤨"
-            ];
-            interval = 10;
-          };
-
           "network#speed" = {
             format = "{ifname}";
             format-disconnected = "󰌙";

modules/nixos/common-settings/comin.nix

@@ -0,0 +1,32 @@
+{
+  config,
+  lib,
+  ...
+}:
+let
+  inherit (lib)
+    mkEnableOption
+    mkIf
+    ;
+
+  cfg = config.commonSettings.comin;
+in
+{
+  options.commonSettings.comin = {
+    enable = mkEnableOption "auto updater with comin";
+  };
+
+  config = {
+    services.comin = mkIf cfg.enable {
+      enable = true;
+      remotes = [
+        {
+          name = "origin";
+          url = "https://github.com/xinyangli/nixos-config.git";
+          branches.main.name = "deploy-comin";
+        }
+      ];
+      hostname = config.networking.hostName;
+    };
+  };
+}

modules/nixos/default.nix

@@ -2,6 +2,7 @@
   imports = [
     ./common-settings/auth.nix
     ./common-settings/autoupgrade.nix
+    ./common-settings/comin.nix
     ./common-settings/nix-conf.nix
     ./common-settings/proxy-server.nix
     ./common-settings/mainland.nix