add CI images to repo

.forgejo/workflows/check.yml

@@ -0,0 +1,12 @@
+on:
+  push:
+    branches: [main]
+jobs:
+  check:
+    runs-on: nix-upstream-latest
+    steps:
+      - run: echo "experimental-features = nix-command flakes" >> /etc/nix/nix.conf
+      - run: nix-env -i nodejs
+      - uses: actions/checkout@v4
+      - name: nix flake check
+        run: nix flake check

.forgejo/workflows/main.yml

@@ -1,33 +0,0 @@
-name: build
-
-on:
-  push:
-    branches:
-      - main
-jobs:
-  build:
-    runs-on: nix-latest
-    strategy:
-      matrix:
-        package_name: ["nvim"]
-    steps:
-      - uses: actions/checkout@v4
-      - uses: DeterminateSystems/nix-installer-action@main
-      - name: check
-        run: nix flake check
-      - name: Run `nix bundle`
-        if: github.ref == 'refs/heads/main'
-        id: build
-        run: |
-          nix bundle \
-              -o ${{ matrix.package_name }}.AppImage \
-              --bundler github:ralismark/nix-appimage \
-              --extra-experimental-features nix-command \
-              --extra-experimental-features flakes .#${{ matrix.package_name }}
-          echo "Done building AppImage for ${{ matrix.package_name }}"
-      - name: Upload bundle to release
-        if: github.ref == 'refs/heads/main'
-        uses: https://data.forgejo.org/forgejo/upload-artifact@v4
-        with:
-          path: "${{ matrix.package_name }}.AppImage"
-          name: "${{ matrix.package_name }}-x86_64-linux.AppImage"

.forgejo/workflows/nvim-bundle.yml

@@ -0,0 +1,23 @@
+on:
+  push:
+    paths:
+      - 'pkgs/nvim/**'
+jobs:
+  nvim-bundle:
+    runs-on: nix-upstream-latest
+    needs:
+      - check
+    if: github.ref == 'refs/heads/main'
+    steps:
+      - run: echo "experimental-features = nix-command flakes" >> /etc/nix/nix.conf
+      - run: nix-env -i nodejs
+      - uses: actions/checkout@v4
+      - name: Run `nix bundle`
+        run: |
+          path="${{ matrix.package_name }}.AppImage"
+          nix bundle --bundler github:ralismark/nix-appimage \
+            -o "$path" \
+            .#${{ matrix.package_name }}
+          curl --user "${{ secrets.FJ_USER }}:${{ secrets.FJ_PASS }}" \
+            --upload-file "$path" \
+            "${{ forge.api_url }}/packages/${{ secrets.FJ_USER }}/generic/${{ matrix.package_name }}/latest/$path"

nixos/consensus/configuration.nix

@@ -22,7 +22,7 @@
     docker-compose
     tmux
   ];
-  system-net.openssh.ports = [2022];
+  machine.net.openssh.ports = [2022];
   systemd.services.k3s = {
     preStart = ''
       until ${pkgs.tailscale}/bin/tailscale status; do
@@ -107,7 +107,7 @@
       ];
     };
   };
-  system-sys = {
+  machine.sys = {
     zram = false;
     swapSize = 16;
   };

nixos/modules/net.nix

@@ -1,6 +1,6 @@
 { host, pkgs, config, lib, ...}:
-let cfg = config.system-net; in {
+let cfg = config.machine.net; in {
-  options.system-net = {
+  options.machine.net = {
     enable = lib.mkOption {
       type = lib.types.bool;
       default = true;

nixos/modules/nix.nix

@@ -1,6 +1,6 @@
 { host, pkgs, config, lib, ...}:
-let cfg = config.system-nix; in {
+let cfg = config.machine.nix; in {
-  options.system-nix = {
+  options.machine.nix = {
     enable = lib.mkOption {
       type = lib.types.bool;
       default = true;

nixos/modules/pkgs.nix

@@ -1,6 +1,6 @@
 { pkgs, config, lib, ...}:
-let cfg = config.system-pkgs; in {
+let cfg = config.machine.pkgs; in {
-  options.system-pkgs = {
+  options.machine.pkgs = {
     enable = lib.mkOption {
       type = lib.types.bool;
       default = true;

nixos/modules/system.nix

@@ -5,10 +5,10 @@
   ...
 }:
 let
-  cfg = config.system-sys;
+  cfg = config.machine.sys;
 in
 {
-  options.system-sys = {
+  options.machine.sys = {
     enable = lib.mkOption {
       type = lib.types.bool;
       default = true;

nixos/oracle/configuration.nix

@@ -8,7 +8,7 @@
     "net.ipv4.ip_forward" = 1;
     "net.ipv6.conf.all.forwarding" = 1;
   };
-  system-net.openssh.ports = [22 2022];
+  machine.net.openssh.ports = [22 2022];
   networking = {
     hostId = "00238132";
     firewall = {

nixos/t14/configuration.nix

@@ -83,10 +83,10 @@ in
       ];
     };
   };
-  system-net.nfs = true;
+  machine.net.nfs = true;
-  system-sys.zram = true;
+  machine.sys.zram = true;
-  system-sys.swap = false;
+  machine.sys.swap = false;
-  system-sys.documentation = true;
+  machine.sys.documentation = true;
   hardware = {
     graphics = {
       enable = true;

nixos/zen/configuration.nix

@@ -1,4 +1,9 @@
-{ host, config, pkgs, ... }:
+{
+  host,
+  config,
+  pkgs,
+  ...
+}:
 {
   imports = [
     ./hardware-configuration.nix
@@ -11,7 +16,7 @@
       sopsFile = ../../secrets/forgejo-runner.yaml;
     };
   };
-  system-sys.zram = false;
+  machine.sys.zram = false;
   networking = {
     hostId = "81238132";
     firewall = {
@@ -21,17 +26,32 @@
         25565 # mc
         25566 # mc
       ];
+      interfaces."podman+" = {
+        allowedTCPPorts = [ 33393 ];
       };
     };
-  virtualisation.docker = {
+  };
+  virtualisation.podman = {
     enable = true;
-    extraOptions = "--dns 1.1.1.1";
   };
   services.gitea-actions-runner = {
     package = pkgs.forgejo-runner;
     instances.default = {
       enable = true;
       name = host.hostName;
+      settings = {
+        runner = {
+          capacity = 3;
+        };
+        cache = {
+          enable = true;
+          host = "host.containers.internal";
+          port = 33393;
+        };
+        container = {
+          force_pull = true;
+        };
+      };
       url = "https://git.10110110.xyz";
       tokenFile = config.sops.secrets.forgejo-runner.path;
       labels = [