[DO NOT MERGE] Define the initial NixOS configuration of webforge in a flake - with CI

.github/workflows/nix.yml

@@ -0,0 +1,99 @@
+name: Nix
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - '.github/workflows/nix.yml'
+      - 'nix/**'
+      - 'flake.*'
+  pull_request:
+    paths:
+      - '.github/workflows/nix.yml'
+      - 'nix/**'
+      - 'flake.*'
+
+jobs:
+  check:
+    name: Check
+    runs-on: ubuntu-24.04
+    outputs:
+      matrix: ${{ steps.set-matrix.outputs.matrix }}
+    steps:
+      - name: Checkout
+        id: checkout
+        uses: actions/checkout@v4
+
+      - name: Install Nix
+        id: install_nix
+        uses: nixbuild/nix-quick-install-action@v28
+
+      - name: Check Nix Flake
+        id: check
+        run: |
+          nix flake show
+          nix flake check
+
+      - name: Set matrix
+        id: set-matrix
+        run: |
+          # Extract targets from the flake
+          IFS=","
+          target_arr=( $(nix eval --json --apply 'builtins.attrNames' .#nixosConfigurations | sed -r -e 's/\[([^\[]+)\]/\1/' -e 's/"//g') )
+          index=0
+          size=${#target_arr[@]}
+          output="matrix={\"include\":["
+          IFS=" "
+          for target in ${target_arr[@]}; do
+            output+="{\"target\":\"${target}\","
+            output+="\"hostname\":$(nix eval .#nixosConfigurations.${target}.config.networking.hostName),"
+            output+="\"domain\":$(nix eval .#nixosConfigurations.${target}.config.networking.domain)}"
+            if [[ $((index++)) -lt $((size -1)) ]]; then
+              output+=","
+            fi
+          done
+          output+="]}"
+          echo $output
+          echo $output >> $GITHUB_OUTPUT
+
+  build:
+    name: Build
+    runs-on: ubuntu-22.04
+    if: github.event_name == 'pull_request'
+    needs: check
+    strategy:
+      fail-fast: false
+      matrix: ${{fromJson(needs.check.outputs.matrix)}}
+    steps:
+      - name: Checkout
+        id: checkout
+        uses: actions/checkout@v4
+
+      - name: Install Nix
+        id: install_nix
+        uses: nixbuild/nix-quick-install-action@v28
+
+      - name: Restore and cache Nix store ${{ matrix.target }}
+        uses: nix-community/cache-nix-action@v5
+        with:
+          # restore and save a cache using this key
+          primary-key: ${{ runner.os }}-Nix-${{ matrix.target }}-${{ hashFiles('flake.*', 'nix/common/*.nix', 'nix/modules/**.nix', format('nix/hosts/{0}/*.nix', matrix.target)) }}
+          # if there's no cache hit, restore a cache by this prefix
+          restore-prefixes-first-match: ${{ runner.os }}-Nix-${{ matrix.target }}-
+          # collect garbage until Nix store size (in bytes) is at most this number
+          # before trying to save a new cache
+          gc-max-store-size-linux: 1073741824
+          # do purge caches
+          purge: true
+          # purge all versions of the cache
+          purge-prefixes: ${{ runner.os }}-Nix-${{ matrix.target }}-
+          # created more than 0 seconds ago relative to the start of the `Post Restore` phase
+          purge-created: 0
+          # except the version with the `primary-key`, if it exists
+          purge-primary-key: never
+
+      - name: Build nixosConfiguration for ${{ matrix.target }}
+        id: check_target
+        run: |
+          nix build .#nixosConfigurations.${{ matrix.target }}.config.system.build.toplevel

flake.nix

@@ -0,0 +1,23 @@
+{
+  inputs = {
+    # The nixpkgs channels we want to consume
+    nixpkgs-24_11.url = "github:NixOS/nixpkgs/nixos-24.11-small";
+
+    # Some links to the above channels for consistent naming in outputs
+    nixpkgs.follows = "nixpkgs-24_11";
+  };
+  outputs = { self, nixpkgs, ... }@attrs: {
+    # Generate an attrset of nixosConfigurations based on their system name
+    nixosConfigurations = nixpkgs.lib.attrsets.genAttrs [
+      "webforge"
+    ] (sysname: nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        specialArgs = attrs;
+        modules = [
+          { system.name = sysname; }
+          ./nix/hosts/${sysname}/configuration.nix
+        ];
+      }
+    );
+  };
+}

nix/hosts/webforge/configuration.nix

@@ -0,0 +1,16 @@
+{ ... }: {
+  imports = [
+    ./hardware-configuration.nix
+    ./networking.nix # generated at runtime by nixos-infect
+  ];
+
+  boot.tmp.cleanOnBoot = true;
+  zramSwap.enable = true;
+  networking.hostName = "webforge";
+  networking.domain = "";
+  services.openssh.enable = true;
+  users.users.root.openssh.authorizedKeys.keys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJlPneIaRT/mqu13N83ctEftub4O6zAfi6qgzZKerU5o [email protected]"
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIZtWY7t8HVnaz6bluYsrAlzZC3MZtb8g0nO5L5fCQKR [email protected]" ];
+  system.stateVersion = "23.11";
+}

nix/hosts/webforge/hardware-configuration.nix

@@ -0,0 +1,8 @@
+{ modulesPath, ... }:
+{
+  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
+  boot.loader.grub.device = "/dev/sda";
+  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
+  boot.initrd.kernelModules = [ "nvme" ];
+  fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; };
+}

nix/hosts/webforge/networking.nix

@@ -0,0 +1,35 @@
+{ lib, ... }: {
+  # This file was populated at runtime with the networking
+  # details gathered from the active system.
+  networking = {
+    nameservers = [
+      "2a01:4ff:ff00::add:2"
+      "2a01:4ff:ff00::add:1"
+      "185.12.64.1"
+      "185.12.64.2"
+    ];
+    defaultGateway = "172.31.1.1";
+    defaultGateway6 = {
+      address = "fe80::1";
+      interface = "eth0";
+    };
+    dhcpcd.enable = false;
+    usePredictableInterfaceNames = lib.mkForce false;
+    interfaces = {
+      eth0 = {
+        ipv4.addresses = [
+          { address="135.181.155.146"; prefixLength=32; }
+        ];
+        ipv6.addresses = [
+          { address="2a01:4f9:c011:b882::1"; prefixLength=64; }
+          { address="fe80::9400:4ff:fe03:57eb"; prefixLength=64; }
+        ];
+        ipv4.routes = [ { address = "172.31.1.1"; prefixLength = 32; } ];
+        ipv6.routes = [ { address = "fe80::1"; prefixLength = 128; } ];
+      };
+    };
+  };
+  services.udev.extraRules = ''
+    ATTR{address}=="96:00:04:03:57:eb", NAME="eth0"
+  '';
+}