feat(nix): add auto-rebuild

.github/workflows/auto-lint-fixer.yaml

@@ -2,8 +2,6 @@
 # yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
 name: Auto-Lint-Fixer
 
-# this action will trigger PR for fix, if lint fails
-
 on:
   workflow_dispatch: {}
   push:
@@ -13,6 +11,8 @@ on:
 jobs:
   auto-lint-fixer:
     runs-on: ubuntu-latest
+    permissions:
+      contents: write
     steps:
       - name: Generate Token
         uses: actions/create-github-app-token@0d564482f06ca65fa9e77e2510873638c82206f2 # v1
@@ -21,21 +21,19 @@ jobs:
           app-id: ${{ secrets.LAB_ASSISTANT_APP_ID }}
           private-key: ${{ secrets.LAB_ASSISTANT_APP_KEY }}
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+        with:
+          ref: main
+          fetch-depth: 0
       - uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30
       - uses: cachix/cachix-action@ad2ddac53f961de1989924296a1f236fcfbaa4fc # v15
         with:
           name: devenv
       - name: Install devenv.sh
         run: nix profile install nixpkgs#devenv
       - name: Run devenv tests
-        id: devenv-test
         continue-on-error: true
-        run: devenv test
-      - name: Create Pull
-        id: create-pull-request
-        uses: peter-evans/create-pull-request@dd2324fc52d5d43c699a5636bcf19fceaa70c284 # v7
-        with:
-          token: ${{ steps.app-token.outputs.token }}
-          title: "chore(lint): fix linting issues"
-          commit-message: "chore(lint): fix linting issues"
-          delete-branch: true
+        run: devenv test --verbose
+      - name: Auto commit
+        uses: stefanzweifel/git-auto-commit-action@e348103e9026cc0eee72ae06630dbe30c8bf7a79 # v5
+        # with:
+        #  commit_message: "chore(lint): fix linting issues"

.github/workflows/nix-build.yaml

@@ -18,7 +18,11 @@ concurrency:
 
 jobs:
   nix-build:
-    if: github.event.pull_request.draft == false
+    if: |
+      github.event_name == 'pull_request' ||
+      (github.event_name == 'push' &&
+       !(github.event.head_commit.committer.username == 'web-flow' &&
+         github.event.head_commit.author.username == 'web-flow'))
     permissions:
       pull-requests: write
     strategy:
@@ -38,6 +42,7 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
         with:
+          ref: main
           fetch-depth: 0
       - name: Install Nix
         uses: DeterminateSystems/nix-installer-action@e50d5f73bfe71c2dd0aa4218de8f4afa59f8f81d # v16
@@ -118,14 +123,12 @@ jobs:
             <summary> Version changes </summary> <br>
             <pre> ${{ steps.diff.outputs.diff }} </pre>
 
-  nix-build-status:
-    if: ${{ always() }}
+  matrix-status:
+    if: ${{ !cancelled() }}
     needs:
       - nix-build
     runs-on: ubuntu-latest
     steps:
-      - name: Check matrix status
-        run: |
-          if echo "${{ needs.nix-build.result }}" | grep -E 'failure|cancelled'; then
-            exit 1
-          fi
+      - name: Check build matrix status
+        if: ${{ needs.nix-build.result != 'success' }}
+        run: exit 1

.github/workflows/update-nvfetcher.yaml

@@ -16,6 +16,7 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
         with:
+          ref: main
           fetch-depth: 0
       - name: Install Nix
         uses: DeterminateSystems/nix-installer-action@e50d5f73bfe71c2dd0aa4218de8f4afa59f8f81d # v16

archived/services/gatus.nix

@@ -1,7 +1,7 @@
 {
+  config,
   lib,
   pkgs,
-  config,
   ...
 }: let
   cfg = config.modules.services.gatus;

hosts/_modules/nixos/services/homebridge/default.nix → archived/services/homebridge.nix

@@ -1,7 +1,7 @@
 {
+  config,
   lib,
   pkgs,
-  config,
   ...
 }: let
   cfg = config.modules.services.homebridge;

archived/services/music-assistant.nix

@@ -1,7 +1,7 @@
 {
+  config,
   lib,
   pkgs,
-  config,
   ...
 }: let
   cfg = config.modules.services.home-assistant;

archived/services/sgcc-pm2/default.nix

@@ -1,7 +1,7 @@
 {
+  config,
   lib,
   pkgs,
-  config,
   ...
 }: let
   cfg = config.modules.services.home-assistant;

archived/services/syncthing.nix

@@ -1,7 +1,7 @@
 {
+  config,
   lib,
   pkgs,
-  config,
   ...
 }: let
   cfg = config.modules.services.backup.syncthing;

archived/services/tailscale.nix

@@ -1,7 +1,7 @@
 {
+  config,
   lib,
   pkgs,
-  config,
   ...
 }: let
   cfg = config.modules.services.tailscale;

archived/services/talos-pxe/default.nix

@@ -1,7 +1,7 @@
 {
+  config,
   lib,
   pkgs,
-  config,
   ...
 }: let
   cfg = config.modules.services.talos.pxe;

archived/services/zrepl.nix

@@ -1,7 +1,7 @@
 {
+  config,
   lib,
   pkgs,
-  config,
   ...
 }: let
   cfg = config.modules.services.backup.zrepl;

devenv.nix

@@ -1,7 +1,7 @@
 {
+  config,
   lib,
   pkgs,
-  config,
   ...
 }: {
   # replace pre-commit and various linters
@@ -13,9 +13,6 @@
         files = "github\/workflows\/.*\.ya?ml$";
       };
       alejandra.enable = true;
-      check-added-large-files.enable = true;
-      check-merge-conflicts.enable = true;
-      check-executables-have-shebangs.enable = true;
       prettier = {
         enable = true;
         settings = {

docs/apps.md

@@ -16,7 +16,7 @@
 - main program use nixos version, integrations using podman containers for compatibliaty;
 - integrations using mDNS/avahi have random ports >32768;
 - during tests, ui-lovelace use storage mode;
-- homebridge use avahi-daemon for mdns, without random high ports, so cant use with haas-stack and local-avahi;
+- homebridge/samba-avahi dont have random high ports, so cant use with hass-stack;
 
 ## K8S-related
 
@@ -28,6 +28,7 @@
 ## Netbox
 
 - add group `netbox` to caddy-user, disable `ProtectHome` from caddy;
+- run `netbox-manage migrate` after plugins enable / disable, netbox upgrade;
 - run `netbox-manage createsuperuser` to create superuser;
 
 ## Ports

docs/notes.md

@@ -4,8 +4,7 @@
 - atuin-key should be base64 format
 - change iterm2/ghostty theme to "catppuccin-mocha"
 - change iterm2/ghostty font to "MonaspiceKr Nerd Font Mono", size=12, thicken=true
-- caddy-custom, [ref](https://github.com/Ramblurr/nixos-caddy);
-- tailscale for k8s nodes, easytier for everything else; when gitops stable, tailscale can be removed;
+- auto rebuild nixos by service "auto-rebuild";
 
 ```shell
 # install req. incl. cachix & nvd

homes/_modules/deployment/nix/default.nix

@@ -1,7 +1,7 @@
 {
-  pkgs,
-  lib,
   config,
+  lib,
+  pkgs,
   ...
 }: let
   cfg = config.modules.deployment.nix;

homes/_modules/editor/nvim/default.nix

@@ -1,7 +1,7 @@
 {
-  pkgs,
-  lib,
   config,
+  lib,
+  pkgs,
   ...
 }: let
   cfg = config.modules.editor.nvim;

homes/_modules/editor/vscode/default.nix

@@ -1,7 +1,7 @@
 {
-  pkgs,
-  lib,
   config,
+  lib,
+  pkgs,
   ...
 }: let
   inherit (pkgs.stdenv.hostPlatform) isDarwin;

homes/_modules/security/1password_cli/default.nix

@@ -1,7 +1,7 @@
 {
-  pkgs,
   config,
   lib,
+  pkgs,
   ...
 }: let
   cfg = config.modules.security._1password-cli;

homes/_modules/security/gnugpg/default.nix

@@ -1,7 +1,7 @@
 {
-  pkgs,
   config,
   lib,
+  pkgs,
   ...
 }: let
   inherit (pkgs.stdenv.hostPlatform) isDarwin isLinux;

homes/_modules/shell/atuin/default.nix

@@ -1,7 +1,7 @@
 {
   config,
-  pkgs,
   lib,
+  pkgs,
   ...
 }: let
   cfg = config.modules.shell.atuin;

homes/_modules/shell/fish/default.nix

@@ -1,7 +1,7 @@
 {
-  pkgs,
-  lib,
   config,
+  lib,
+  pkgs,
   ...
 }: let
   inherit (pkgs.stdenv.hostPlatform) isDarwin;

homes/_modules/shell/git/default.nix

@@ -1,7 +1,7 @@
 {
-  pkgs,
   config,
   lib,
+  pkgs,
   ...
 }: let
   cfg = config.modules.shell.git;

homes/_modules/shell/go-task/default.nix

@@ -1,7 +1,7 @@
 {
-  pkgs,
   config,
   lib,
+  pkgs,
   ...
 }: let
   cfg = config.modules.shell.go-task;

homes/_modules/themes/catppuccin/default.nix

@@ -1,7 +1,7 @@
 {
-  pkgs,
   config,
   lib,
+  pkgs,
   ...
 }: let
   cfg = config.modules.themes.catppuccin;

homes/soulwhisper/default.nix

@@ -1,9 +1,9 @@
 {
-  pkgs,
-  lib,
   config,
-  inputs,
   hostname,
+  inputs,
+  lib,
+  pkgs,
   ...
 }: {
   imports = [

homes/soulwhisper/secrets/default.nix

@@ -1,6 +1,6 @@
 {
-  pkgs,
   config,
+  pkgs,
   ...
 }: let
   ageKeyFile = "${config.xdg.configHome}/age/keys.txt";
@@ -12,13 +12,10 @@ in {
     ];
 
     sops = {
-      defaultSopsFile = ./secrets.sops.yaml;
       age.keyFile = ageKeyFile;
       age.generateKey = true;
 
-      secrets = {
-        atuin_key = {};
-      };
+      secrets.atuin_key.sopsFile = ./secrets.sops.yaml;
     };
 
     home.sessionVariables = {

hosts/_modules/common/pkgs.nix

@@ -1,7 +1,7 @@
 {
+  config,
   lib,
   pkgs,
-  config,
   ...
 }: {
   config = {

hosts/_modules/darwin/sops.nix

@@ -1,7 +1,7 @@
 {
+  config,
   inputs,
   lib,
-  config,
   ...
 }: {
   imports = [