Merge pull request 'develop' (#1 ) from develop into main

Reviewed-on: #1
remove markdown-preview plugin, re-enable Pi builds in CI
2026-03-14 15:21:30 +01:00 · 2026-03-14 15:12:24 +01:00 · 2026-03-14 15:08:35 +01:00 · 2026-03-14 15:04:29 +01:00 · 2026-03-14 14:56:10 +01:00 · 2026-03-14 14:52:30 +01:00
11 changed files with 78 additions and 158 deletions
--- a/.forgejo/workflows/ci.yml
+++ b/.forgejo/workflows/ci.yml
@ -23,4 +23,4 @@ jobs:
        run: nix build .#nixosConfigurations.cryodev-main.config.system.build.toplevel --impure
      - name: Build cryodev-pi
-        run: nix build .#nixosConfigurations.cryodev-pi.config.system.build.toplevel --impure
+        run: nix build .#nixosConfigurations.cryodev-pi.config.system.build.toplevel --impure --extra-platforms aarch64-linux
--- a/.forgejo/workflows/deploy.yml
+++ b/.forgejo/workflows/deploy.yml
@ -26,10 +26,10 @@ jobs:
        run: nix build .#nixosConfigurations.cryodev-main.config.system.build.toplevel --impure
      - name: Build cryodev-pi
-        run: nix build .#nixosConfigurations.cryodev-pi.config.system.build.toplevel --impure
+        run: nix build .#nixosConfigurations.cryodev-pi.config.system.build.toplevel --impure --extra-platforms aarch64-linux
  build-pi-images:
-    needs: flake-check
+    needs: build-hosts
    runs-on: host
    strategy:
      matrix:
--- a/AGENTS.md
+++ b/AGENTS.md
@ -27,7 +27,7 @@ nix build .#nixosConfigurations.cryodev-pi.config.system.build.sdImage
 # Format code (required before committing)
 nix fmt
-# Run all checks (lint, formatting, deploy-rs validation)
+# Run all checks (lint, formatting)
 nix flake check
 # Quick evaluation test (faster than full build)
@ -46,14 +46,17 @@ nix develop
 # Deploy all hosts via deploy app (uses deploy.json)
 nix run .#deploy
-# Deploy to cryodev-main via deploy-rs
+# Deploy a specific host
-nix run github:serokell/deploy-rs -- .#cryodev-main
+nix run .#deploy -- -n cryodev-main
 # Manual deployment via SSH
 NIX_SSHOPTS="-p 2299" nixos-rebuild switch --flake .#<hostname> \
  --target-host <user>@<ip> --sudo --ask-sudo-password
 ```
 > **Note:** Both hosts use Comin for automatic pull-based deployment.
 > Manual deployment is only needed for the initial setup or emergencies.
 ### Apps
 ```bash
@ -200,7 +203,7 @@ services.nginx.enable = lib.mkDefault true;
 | Host | Strategy | Trigger |
 |------|----------|---------|
-| `cryodev-main` | Push via deploy-rs | Forgejo Actions on push to main |
+| `cryodev-main` | Pull via Comin | Automatic polling |
 | `cryodev-pi` | Pull via Comin | Automatic polling |
 | SD Images | Built in CI | Push to main (for Pi hosts) |
--- a/README.md
+++ b/README.md
@ -6,8 +6,8 @@ Declarative NixOS infrastructure for the **cryodev** environment, managed with N
 ```bash
 # Clone repository
-git clone https://git.cryodev.xyz/steffen/cryodev-server.git
+git clone https://git.cryodev.xyz/steffen/cryodev.git
-cd cryodev-server
+cd cryodev
 # Check configuration
 nix flake check
@ -20,7 +20,7 @@ nix build .#nixosConfigurations.cryodev-main.config.system.build.toplevel
 | Host | Architecture | Deployment | Description |
 |------|--------------|------------|-------------|
-| `cryodev-main` | x86_64 | Push (deploy-rs) | Main server |
+| `cryodev-main` | x86_64 | Pull (Comin) | Main server |
 | `cryodev-pi` | aarch64 | Pull (Comin) | Raspberry Pi client |
 ## Services
@ -37,7 +37,7 @@ nix build .#nixosConfigurations.cryodev-main.config.system.build.toplevel
 SD card images for Raspberry Pi clients are **built automatically** on every push to `main`.
-Download from: [Releases](https://git.cryodev.xyz/steffen/cryodev-server/releases)
+Download from: [Releases](https://git.cryodev.xyz/steffen/cryodev/releases)
 ```bash
 # Flash to SD card
--- a/docs/deployment/cd.md
+++ b/docs/deployment/cd.md
@ -1,121 +1,38 @@
 # Continuous Deployment
-The cryodev infrastructure uses two deployment strategies optimized for different host types.
+All hosts use **Comin** (pull-based) for automatic deployment.
 ## Overview
 | Host | Strategy | Tool | Trigger |
 |------|----------|------|---------|
-| `cryodev-main` | Push-based | deploy-rs | Git push via Forgejo Actions |
+| `cryodev-main` | Pull-based | Comin | Automatic polling |
-| `cryodev-pi` | Pull-based | Comin | Periodic polling |
+| `cryodev-pi` | Pull-based | Comin | Automatic polling |
-## Push-based Deployment (cryodev-main)
+## How It Works
 ### How It Works
 1. Developer pushes to `main` branch
-2. Forgejo Actions workflow triggers
+2. CI (Forgejo Actions) runs flake-check and builds all hosts
-3. `deploy-rs` connects via SSH and deploys
+3. Comin on each host periodically polls the Git repository
 4. On changes, Comin builds and activates the new configuration
-### Setup
+## Configuration
 #### 1. Generate Deploy Key
 ```bash
 ssh-keygen -t ed25519 -f deploy_key -C "forgejo-actions"
 ```
 #### 2. Add Public Key to Server
 On `cryodev-main`:
 ```bash
 echo "PUBLIC_KEY_CONTENT" >> /root/.ssh/authorized_keys
 ```
 #### 3. Add Private Key to Forgejo
 1. Go to Repository Settings > Secrets
 2. Add secret named `DEPLOY_SSH_KEY`
 3. Paste the private key content
 #### 4. Workflow Configuration
 `.forgejo/workflows/deploy.yaml`:
 ```yaml
 name: Deploy
 on:
  push:
    branches: [main]
 jobs:
  check:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: cachix/install-nix-action@v24
      - run: nix flake check
  deploy:
    needs: check
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: cachix/install-nix-action@v24
      - name: Setup SSH
        env:
          SSH_PRIVATE_KEY: ${{ secrets.DEPLOY_SSH_KEY }}
        run: |
          mkdir -p ~/.ssh
          echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_ed25519
          chmod 600 ~/.ssh/id_ed25519
          ssh-keyscan cryodev-main >> ~/.ssh/known_hosts
      - name: Deploy
        run: nix run github:serokell/deploy-rs -- .#cryodev-main
 ```
 ### Rollback
 deploy-rs automatically rolls back if the new configuration fails health checks.
 Manual rollback:
 ```bash
 # List generations
 sudo nix-env -p /nix/var/nix/profiles/system --list-generations
 # Rollback to previous
 sudo nixos-rebuild switch --rollback
 ```
 ## Pull-based Deployment (cryodev-pi)
 ### How It Works
 1. Comin periodically polls the Git repository
 2. On changes, it builds and activates the new configuration
 3. Works through NAT without incoming connections
 ### Configuration
 ```nix
-# hosts/cryodev-pi/services/comin.nix
+# hosts/<hostname>/services/comin.nix
 {
  services.comin = {
    enable = true;
    remotes = [{
      name = "origin";
-      url = "https://git.cryodev.xyz/steffen/cryodev-server.git";
+      url = "https://git.cryodev.xyz/steffen/cryodev.git";
      branches.main.name = "main";
    }];
  };
 }
 ```
-### Monitoring
+## Monitoring
 Check Comin status:
@ -130,7 +47,7 @@ Force immediate update:
 sudo systemctl restart comin
 ```
-### Troubleshooting
+## Troubleshooting
 If Comin fails to build:
@ -140,23 +57,30 @@ sudo journalctl -u comin --since "1 hour ago"
 # Manual build test
 cd /var/lib/comin/repo
-nix build .#nixosConfigurations.cryodev-pi.config.system.build.toplevel
+nix build .#nixosConfigurations.<hostname>.config.system.build.toplevel
 ```
 ## Rollback
 ```bash
 # List generations
 sudo nix-env -p /nix/var/nix/profiles/system --list-generations
 # Rollback to previous
 sudo nixos-rebuild switch --rollback
 ```
 ## Manual Deployment
-For hosts not using automated deployment:
+For initial setup or emergencies:
 ```bash
-# Build locally
+# Using the deploy app
-nix build .#nixosConfigurations.<hostname>.config.system.build.toplevel
+nix run .#deploy -- -n <hostname>
-# Deploy with nixos-rebuild
+# Or manually with nixos-rebuild
 NIX_SSHOPTS="-p 2299" nixos-rebuild switch --flake .#<hostname> \
  --target-host <user>@<hostname> --sudo --ask-sudo-password
 # Or using deploy-rs
 nix run github:serokell/deploy-rs -- .#<hostname>
 ```
 ## Testing Changes
--- a/docs/index.md
+++ b/docs/index.md
@ -90,5 +90,5 @@ Für Raspberry Pi: [SD-Image Referenz](getting-started/sd-image.md)
 | Host | Strategie | Tool | Beschreibung |
 |------|-----------|------|--------------|
-| `cryodev-main` | Push-basiert | deploy-rs via Forgejo Actions | Sofortige Updates bei Push |
+| `cryodev-main` | Pull-basiert | Comin | Pollt Repository auf Aenderungen |
-| `cryodev-pi` | Pull-basiert | Comin | Pollt Repository auf Änderungen |
+| `cryodev-pi` | Pull-basiert | Comin | Pollt Repository auf Aenderungen |
--- a/docs/services/forgejo.md
+++ b/docs/services/forgejo.md
@ -75,44 +75,23 @@ forgejo-runner:
 ## CI/CD Workflows
-### deploy-rs Workflow
+CI runs on every push to `main` via Forgejo Actions:
-`.forgejo/workflows/deploy.yaml`:
+1. **flake-check** -- validates the flake
 2. **build-hosts** -- builds all host configurations
-```yaml
+Deployment is handled by **Comin** (pull-based), not by CI.
-name: Deploy
+See [CD documentation](../deployment/cd.md) for details.
 on:
  push:
    branches: [main]
 jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Install Nix
        uses: cachix/install-nix-action@v24
      - name: Deploy
        env:
          SSH_PRIVATE_KEY: ${{ secrets.DEPLOY_SSH_KEY }}
        run: |
          mkdir -p ~/.ssh
          echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_ed25519
          chmod 600 ~/.ssh/id_ed25519
          nix run .#deploy
 ```
 ## Administration
 ### Create Admin User
 ```bash
-sudo -u forgejo forgejo admin user create \
+forgejo admin user create \
-  --username admin \
+  --username <benutzername> \
-  --password changeme \
+  --email <email>@<domain> \
-  --email admin@cryodev.xyz \
+  --password <passwort> \
  --admin
 ```
--- a/hosts/cryodev-pi/hardware.nix
+++ b/hosts/cryodev-pi/hardware.nix
@ -3,11 +3,15 @@
 {
  boot = {
    kernelPackages = pkgs.linuxKernel.packages.linux_rpi4;
-    initrd.availableKernelModules = [
+    initrd = {
-      "xhci_pci"
+      availableKernelModules = [
-      "usbhid"
+        "xhci_pci"
-      "usb_storage"
+        "usbhid"
-    ];
+        "usb_storage"
      ];
      # Disable default x86 modules that don't exist in the Pi kernel (e.g. dw-hdmi)
      includeDefaultModules = false;
    };
  };
  fileSystems = {
--- a/hosts/cryodev-pi/sd-image.nix
+++ b/hosts/cryodev-pi/sd-image.nix
@ -27,4 +27,12 @@
    "vfat"
    "ext4"
  ];
  # sd-image.nix imports all-hardware.nix which adds x86 modules like dw-hdmi
  # that don't exist in the RPi4 kernel. Filter them out.
  boot.initrd.availableKernelModules = lib.mkForce [
    "xhci_pci"
    "usbhid"
    "usb_storage"
  ];
 }
--- a/modules/nixos/nixvim/plugins/default.nix
+++ b/modules/nixos/nixvim/plugins/default.nix
@ -11,8 +11,6 @@
  ];
  config.programs.nixvim.plugins = {
    markdown-preview.enable = lib.mkDefault true;
    # warning: Nixvim: `plugins.web-devicons` was enabled automatically because the following plugins are enabled. This behaviour is deprecated. Please explicitly define `plugins.web-devicons.enable`
    web-devicons.enable = true;
  };
 }
--- a/templates/raspberry-pi/hardware.nix
+++ b/templates/raspberry-pi/hardware.nix
@ -3,11 +3,15 @@
 {
  boot = {
    kernelPackages = pkgs.linuxKernel.packages.linux_rpi4;
-    initrd.availableKernelModules = [
+    initrd = {
-      "xhci_pci"
+      availableKernelModules = [
-      "usbhid"
+        "xhci_pci"
-      "usb_storage"
+        "usbhid"
-    ];
+        "usb_storage"
      ];
      # Disable default x86 modules that don't exist in the Pi kernel (e.g. dw-hdmi)
      includeDefaultModules = false;
    };
  };
  fileSystems = {
Author	SHA1	Message	Date
steffen	badf970041	Merge pull request 'develop' (#1 ) from develop into main Some checks failed Deploy / flake-check (push) Successful in 30s Details Deploy / build-hosts (push) Successful in 37s Details Deploy / build-pi-images (cryodev-pi) (push) Failing after 13m49s Details Deploy / create-release (push) Has been skipped Details Reviewed-on: #1	2026-03-14 15:21:30 +01:00
steffen	c81b43530a	remove markdown-preview plugin, re-enable Pi builds in CI All checks were successful CI / flake-check (pull_request) Successful in 35s Details CI / build-hosts (pull_request) Successful in 6m51s Details markdown-preview.nvim runs yarn install with native Node.js binaries that crash under QEMU aarch64 emulation. The plugin is also useless on headless servers (requires a browser). Removing it allows the Pi build to succeed in CI again. Re-enabled Pi build and SD image jobs in both ci.yml and deploy.yml.	2026-03-14 15:12:24 +01:00
steffen	2a418868e6	disable Pi builds in CI: QEMU crashes on aarch64 Node.js packages markdown-preview.nvim runs yarn install which compiles native binaries. Under QEMU aarch64 emulation on x86_64 this causes 'Illegal instruction' crashes. Pi images must be built locally or on a native aarch64 runner. Pi deployment still works via Comin (builds locally on the Pi itself).	2026-03-14 15:08:35 +01:00
steffen	2155f4073f	fix Pi build: force initrd modules to exclude x86 hardware Some checks failed CI / flake-check (pull_request) Successful in 31s Details CI / build-hosts (pull_request) Failing after 1m23s Details sd-image.nix imports all-hardware.nix which adds modules like dw-hdmi that don't exist in the RPi4 kernel. mkForce the availableKernelModules list to only include Pi-relevant modules.	2026-03-14 15:04:29 +01:00
steffen	6ad46e7452	fix Pi build and CI pipeline ordering Some checks failed CI / flake-check (pull_request) Successful in 33s Details CI / build-hosts (pull_request) Failing after 47s Details - Fix Pi kernel build: disable includeDefaultModules in initrd. NixOS all-hardware.nix includes dw-hdmi which doesn't exist in the RPi4 kernel 6.12, causing module-shrunk to fail. - Fix CI: SD image build now depends on build-hosts instead of flake-check, so it won't run if the Pi build fails. - Apply same fix to raspberry-pi template.	2026-03-14 14:56:10 +01:00
steffen	4e36cca637	remove all deploy-rs references from docs and config - Update README, AGENTS.md, docs/index.md, docs/deployment/cd.md, docs/services/forgejo.md: replace deploy-rs with Comin everywhere - Fix repo URL references (cryodev-server -> cryodev) - Fix forgejo admin create command to use shell alias - Rewrite cd.md for Comin-only deployment	2026-03-14 14:52:30 +01:00