Merge pull request #96 from ryan4yin/darwin-eval-tests

feat(tests): add eval tests for darwin systems

.github/workflows/flake_check.yml

@@ -1,24 +0,0 @@
-name: Nix Flake Check
-
-on: [push, pull_request, workflow_dispatch]
-
-jobs:
-  checks:
-    name: Check expressions
-    runs-on: ubuntu-latest
-
-    steps:
-      # - name: Checkout repository
-      #   uses: actions/checkout@v4
-      # - name: Install nix
-      #   uses: cachix/install-nix-action@v24
-      #   with:
-      #     install_url: https://nixos.org/nix/install
-      #     extra_nix_config: |
-      #       access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
-      #       experimental-features = nix-command flakes
-
-      - name: Run Nix Flake Check
-        run: |
-          echo 'TODO: nix flake check'
-          # nix flake check

.github/workflows/flake_evaltests.yml

@@ -0,0 +1,40 @@
+name: Nix Flake Eval Tests
+
+on:
+  push:
+    branches:
+      - main
+    paths-ignore:
+      - "scripts/**"
+      - "**.md"
+      - "**.nu"
+      - 'Justfile'
+  pull_request:
+    branches:
+      - main
+    paths-ignore:
+      - "scripts/**"
+      - "**.md"
+      - "**.nu"
+      - 'Justfile'
+
+jobs:
+  checks:
+    name: Check expressions
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+      - name: Install nix
+        uses: cachix/install-nix-action@v24
+        with:
+          install_url: https://nixos.org/nix/install
+          extra_nix_config: |
+            access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
+            experimental-features = nix-command flakes
+
+      - name: Run Nix Flake Eval Tests
+        run: |
+          echo 'Flake Eval Tests'
+          nix eval .#evalTests --show-trace --print-build-logs --verbose

.github/workflows/mirror_to_gitee.yml

@@ -1,7 +1,11 @@
 name: Mirror this repo to Gitee
 on:
-  workflow_dispatch: {}
-  push: {}
+  push:
+    branches:
+      - main
+    tags:
+      - '*'
+
 jobs:
   mirror:
     runs-on: ubuntu-latest
@@ -26,4 +30,3 @@ jobs:
           export GIT_SSH_COMMAND="ssh -v -i ~/.ssh/id_rsa -o StrictHostKeyChecking=no"
           git remote add mirror "$INPUT_TARGET_REPO_URL"
           git push --tags --force --prune mirror "refs/remotes/origin/*:refs/heads/*"
-

Justfile

@@ -119,6 +119,10 @@ aqua:
 ruby:
   colmena apply --on '@ruby' --verbose --show-trace
 
+ruby-local mode="default":
+  use utils.nu *; \
+  nixos-switch ruby {{mode}}
+
 kana:
   colmena apply --on '@kana' --verbose --show-trace
 

home/base/core/core.nix

@@ -4,8 +4,7 @@
   nur-ryan4yin,
   ...
 }: {
-  home.packages = with pkgs;
-    [
+  home.packages = with pkgs; [
     # Misc
     tldr
     cowsay
@@ -35,7 +34,6 @@
     doggo # DNS client for humans
     duf # Disk Usage/Free Utility - a better 'df' alternative
     du-dust # A more intuitive version of `du` in rust
-      ncdu # analyzer your disk usage Interactively, via TUI(replacement of `du`)
     gdu # disk usage analyzer(replacement of `du`)
 
     # nix related
@@ -54,9 +52,10 @@
     # productivity
     caddy # A webserver with automatic HTTPS via Let's Encrypt(replacement of nginx)
     croc # File transfer between computers securely and easily
-    ]
     # self-hosted nix cache server
-    ++ lib.optionals pkgs.stdenv.isLinux [attic.packages.${pkgs.system}.attic-client];
+    attic.packages.${pkgs.system}.attic-client
+    ncdu # analyzer your disk usage Interactively, via TUI(replacement of `du`)
+  ];
 
   programs = {
     # A modern replacement for ‘ls’

home/base/desktop/cloud/default.nix

@@ -1,37 +0,0 @@
-{
-  lib,
-  pkgs,
-  ...
-}: {
-  home.packages = with pkgs;
-    [
-      # infrastructure as code
-      # pulumi
-      # pulumictl
-      # tf2pulumi
-      # crd2pulumi
-      # pulumiPackages.pulumi-random
-      # pulumiPackages.pulumi-command
-      # pulumiPackages.pulumi-aws-native
-      # pulumiPackages.pulumi-language-go
-      # pulumiPackages.pulumi-language-python
-      # pulumiPackages.pulumi-language-nodejs
-
-      # aws
-      awscli2
-      ssm-session-manager-plugin # Amazon SSM Session Manager Plugin
-      aws-iam-authenticator
-      eksctl
-
-      # aliyun
-      aliyun-cli
-    ]
-    ++ (
-      lib.optionals pkgs.stdenv.isLinux [
-        # cloud tools that nix do not have cache for.
-        terraform
-        terraformer # generate terraform configs from existing cloud resources
-        packer # machine image builder
-      ]
-    );
-}

home/base/desktop/dev-tools.nix

@@ -1,71 +0,0 @@
-{
-  pkgs,
-  pkgs-unstable,
-  ...
-}: {
-  #############################################################
-  #
-  #  Basic settings for development environment
-  #
-  #  Please avoid to install language specific packages here(globally),
-  #  instead, install them:
-  #     1. per IDE, such as `programs.neovim.extraPackages`
-  #     2. per-project, using https://github.com/the-nix-way/dev-templates
-  #
-  #############################################################
-
-  home.packages = with pkgs;
-    [
-      colmena # nixos's remote deployment tool
-
-      # db related
-      dbeaver
-      mycli
-      pgcli
-      mongosh
-      sqlite
-
-      # embedded development
-      minicom
-
-      # ai related
-      python311Packages.huggingface-hub # huggingface-cli
-
-      # misc
-      pkgs-unstable.devbox
-      bfg-repo-cleaner # remove large files from git history
-      k6 # load testing tool
-      protobuf # protocol buffer compiler
-
-      # solve coding extercises - learn by doing
-      exercism
-    ]
-    ++ (
-      lib.optionals pkgs.stdenv.isLinux [
-        # Automatically trims your branches whose tracking remote refs are merged or gone
-        # It's really useful when you work on a project for a long time.
-        git-trim
-
-        # need to run `conda-install` before using it
-        # need to run `conda-shell` before using command `conda`
-        # conda is not available for MacOS
-        conda
-
-        mitmproxy # http/https proxy tool
-        insomnia # REST client
-        wireshark # network analyzer
-        ventoy # create bootable usb
-      ]
-    );
-
-  programs = {
-    direnv = {
-      enable = true;
-      nix-direnv.enable = true;
-
-      enableZshIntegration = true;
-      enableBashIntegration = true;
-      enableNushellIntegration = true;
-    };
-  };
-}

home/base/desktop/editors/packages.nix

@@ -1,138 +0,0 @@
-{pkgs, ...}: {
-  nixpkgs.config = {
-    programs.npm.npmrc = ''
-      prefix = ''${HOME}/.npm-global
-    '';
-  };
-
-  home.packages = with pkgs;
-    [
-      #-- c/c++
-      cmake
-      cmake-language-server
-      gnumake
-      checkmake
-      # c/c++ compiler, required by nvim-treesitter!
-      gcc
-      # c/c++ tools with clang-tools, the unwrapped version won't
-      # add alias like `cc` and `c++`, so that it won't conflict with gcc
-      llvmPackages.clang-unwrapped
-      lldb
-
-      #-- python
-      nodePackages.pyright # python language server
-      (python311.withPackages (
-        ps:
-          with ps; [
-            ruff-lsp
-            black # python formatter
-
-            jupyter
-            ipython
-            pandas
-            requests
-            pyquery
-            pyyaml
-
-            ## emacs's lsp-bridge dependenciesge
-            epc
-            orjson
-            sexpdata
-            six
-            setuptools
-            paramiko
-            rapidfuzz
-          ]
-      ))
-
-      #-- rust
-      rust-analyzer
-      cargo # rust package manager
-      rustfmt
-
-      #-- zig
-      zls
-
-      #-- nix
-      nil
-      rnix-lsp
-      # nixd
-      statix # Lints and suggestions for the nix programming language
-      deadnix # Find and remove unused code in .nix source files
-      alejandra # Nix Code Formatter
-
-      #-- golang
-      go
-      gomodifytags
-      iferr # generate error handling code for go
-      impl # generate function implementation for go
-      gotools # contains tools like: godoc, goimports, etc.
-      gopls # go language server
-      delve # go debugger
-
-      # -- java
-      jdk17
-      gradle
-      maven
-      spring-boot-cli
-
-      #-- lua
-      stylua
-      lua-language-server
-
-      #-- bash
-      nodePackages.bash-language-server
-      shellcheck
-      shfmt
-
-      #-- javascript/typescript --#
-      nodePackages.nodejs
-      nodePackages.typescript
-      nodePackages.typescript-language-server
-      # HTML/CSS/JSON/ESLint language servers extracted from vscode
-      nodePackages.vscode-langservers-extracted
-      nodePackages."@tailwindcss/language-server"
-      emmet-ls
-
-      #-- CloudNative
-      nodePackages.dockerfile-language-server-nodejs
-      # terraform  # install via brew on macOS
-      terraform-ls
-      jsonnet
-      jsonnet-language-server
-      hadolint # Dockerfile linter
-
-      # -- Lisp like Languages
-      guile
-      racket-minimal
-      fnlfmt # fennel
-
-      #-- Others
-      taplo # TOML language server / formatter / validator
-      nodePackages.yaml-language-server
-      sqlfluff # SQL linter
-      actionlint # GitHub Actions linter
-      buf # protoc plugin for linting and formatting
-      proselint # English prose linter
-
-      #-- Misc
-      tree-sitter # common language parser/highlighter
-      nodePackages.prettier # common code formatter
-      marksman # language server for markdown
-      glow # markdown previewer
-      fzf
-      pandoc # document converter
-      hugo # static site generator
-
-      #-- Optional Requirements:
-      gdu # disk usage analyzer, required by AstroNvim
-      (ripgrep.override {withPCRE2 = true;}) # recursively searches directories for a regex pattern
-    ]
-    ++ (
-      lib.optionals pkgs.stdenv.isLinux [
-        #-- verilog / systemverilog
-        verible
-        gdb
-      ]
-    );
-}

home/base/gui/dev-tools.nix

@@ -0,0 +1,14 @@
+{
+  pkgs,
+  ...
+}: {
+  home.packages = with pkgs; [
+    # db related
+    dbeaver
+
+    mitmproxy # http/https proxy tool
+    insomnia # REST client
+    wireshark # network analyzer
+    ventoy # create bootable usb
+  ];
+}

home/base/tui/cloud/default.nix

@@ -0,0 +1,32 @@
+{
+  lib,
+  pkgs,
+  ...
+}: {
+  home.packages = with pkgs; [
+    # infrastructure as code
+    # pulumi
+    # pulumictl
+    # tf2pulumi
+    # crd2pulumi
+    # pulumiPackages.pulumi-random
+    # pulumiPackages.pulumi-command
+    # pulumiPackages.pulumi-aws-native
+    # pulumiPackages.pulumi-language-go
+    # pulumiPackages.pulumi-language-python
+    # pulumiPackages.pulumi-language-nodejs
+
+    # aws
+    awscli2
+    ssm-session-manager-plugin # Amazon SSM Session Manager Plugin
+    aws-iam-authenticator
+    eksctl
+
+    # aliyun
+    aliyun-cli
+    # cloud tools that nix do not have cache for.
+    terraform
+    terraformer # generate terraform configs from existing cloud resources
+    packer # machine image builder
+  ];
+}

home/base/tui/dev-tools.nix

@@ -0,0 +1,61 @@
+{
+  pkgs,
+  pkgs-unstable,
+  ...
+}: {
+  #############################################################
+  #
+  #  Basic settings for development environment
+  #
+  #  Please avoid to install language specific packages here(globally),
+  #  instead, install them:
+  #     1. per IDE, such as `programs.neovim.extraPackages`
+  #     2. per-project, using https://github.com/the-nix-way/dev-templates
+  #
+  #############################################################
+
+  home.packages = with pkgs; [
+    colmena # nixos's remote deployment tool
+
+    # db related
+    mycli
+    pgcli
+    mongosh
+    sqlite
+
+    # embedded development
+    minicom
+
+    # ai related
+    python311Packages.huggingface-hub # huggingface-cli
+
+    # misc
+    pkgs-unstable.devbox
+    bfg-repo-cleaner # remove large files from git history
+    k6 # load testing tool
+    protobuf # protocol buffer compiler
+
+    # solve coding extercises - learn by doing
+    exercism
+
+    # Automatically trims your branches whose tracking remote refs are merged or gone
+    # It's really useful when you work on a project for a long time.
+    git-trim
+
+    # need to run `conda-install` before using it
+    # need to run `conda-shell` before using command `conda`
+    # conda is not available for MacOS
+    conda
+  ];
+
+  programs = {
+    direnv = {
+      enable = true;
+      nix-direnv.enable = true;
+
+      enableZshIntegration = true;
+      enableBashIntegration = true;
+      enableNushellIntegration = true;
+    };
+  };
+}

home/base/tui/editors/default.nix

@@ -0,0 +1,3 @@
+{mylib, ...}: {
+  imports = mylib.scanPaths ./.;
+}

home/base/tui/editors/emacs/default.nix

@@ -57,7 +57,7 @@ in {
         # :tools lookup & :lang org +roam
         sqlite
         # :lang latex & :lang org (latex previews)
-        texlive.combined.scheme-medium
+        # texlive.combined.scheme-medium
       ];
 
       programs.bash.bashrcExtra = envExtra;

home/base/tui/editors/packages.nix

@@ -0,0 +1,133 @@
+{pkgs, ...}: {
+  nixpkgs.config = {
+    programs.npm.npmrc = ''
+      prefix = ''${HOME}/.npm-global
+    '';
+  };
+
+  home.packages = with pkgs; [
+    #-- c/c++
+    cmake
+    cmake-language-server
+    gnumake
+    checkmake
+    # c/c++ compiler, required by nvim-treesitter!
+    gcc
+    # c/c++ tools with clang-tools, the unwrapped version won't
+    # add alias like `cc` and `c++`, so that it won't conflict with gcc
+    llvmPackages.clang-unwrapped
+    lldb
+
+    #-- python
+    nodePackages.pyright # python language server
+    (python311.withPackages (
+      ps:
+        with ps; [
+          ruff-lsp
+          black # python formatter
+
+          jupyter
+          ipython
+          pandas
+          requests
+          pyquery
+          pyyaml
+
+          ## emacs's lsp-bridge dependenciesge
+          epc
+          orjson
+          sexpdata
+          six
+          setuptools
+          paramiko
+          rapidfuzz
+        ]
+    ))
+
+    #-- rust
+    rust-analyzer
+    cargo # rust package manager
+    rustfmt
+
+    #-- nix
+    nil
+    rnix-lsp
+    # nixd
+    statix # Lints and suggestions for the nix programming language
+    deadnix # Find and remove unused code in .nix source files
+    alejandra # Nix Code Formatter
+
+    #-- golang
+    go
+    gomodifytags
+    iferr # generate error handling code for go
+    impl # generate function implementation for go
+    gotools # contains tools like: godoc, goimports, etc.
+    gopls # go language server
+    delve # go debugger
+
+    # -- java
+    jdk17
+    gradle
+    maven
+    spring-boot-cli
+
+    #-- lua
+    stylua
+    lua-language-server
+
+    #-- bash
+    nodePackages.bash-language-server
+    shellcheck
+    shfmt
+
+    #-- javascript/typescript --#
+    nodePackages.nodejs
+    nodePackages.typescript
+    nodePackages.typescript-language-server
+    # HTML/CSS/JSON/ESLint language servers extracted from vscode
+    nodePackages.vscode-langservers-extracted
+    nodePackages."@tailwindcss/language-server"
+    emmet-ls
+
+    # -- Lisp like Languages
+    guile
+    racket-minimal
+    fnlfmt # fennel
+
+    #-- Others
+    taplo # TOML language server / formatter / validator
+    nodePackages.yaml-language-server
+    sqlfluff # SQL linter
+    actionlint # GitHub Actions linter
+    buf # protoc plugin for linting and formatting
+    proselint # English prose linter
+
+    #-- Misc
+    tree-sitter # common language parser/highlighter
+    nodePackages.prettier # common code formatter
+    marksman # language server for markdown
+    glow # markdown previewer
+    fzf
+    pandoc # document converter
+    hugo # static site generator
+
+    #-- Optional Requirements:
+    gdu # disk usage analyzer, required by AstroNvim
+    (ripgrep.override {withPCRE2 = true;}) # recursively searches directories for a regex pattern
+
+    #-- CloudNative
+    nodePackages.dockerfile-language-server-nodejs
+    # terraform  # install via brew on macOS
+    terraform-ls
+    jsonnet
+    jsonnet-language-server
+    hadolint # Dockerfile linter
+
+    #-- zig
+    zls
+    #-- verilog / systemverilog
+    verible
+    gdb
+  ];
+}

home/darwin/default.nix

@@ -2,8 +2,9 @@
   imports =
     (mylib.scanPaths ./.)
     ++ [
-      ../base/server
-      ../base/desktop
-      ../base/core.nix
+      ../base/core
+      ../base/tui
+      ../base/gui
+      ../base/home.nix
     ];
 }

home/linux/core.nix

@@ -0,0 +1,8 @@
+{
+  imports = [
+    ../base/core
+    ../base/home.nix
+
+    ./base
+  ];
+}

home/linux/desktop.nix

@@ -1,10 +0,0 @@
-{
-  imports = [
-    ../base/server
-    ../base/desktop
-    ../base/core.nix
-
-    ./base
-    ./desktop
-  ];
-}

home/linux/desktop/base/dev-tools.nix

@@ -0,0 +1,5 @@
+{pkgs, ...}: {
+  home.packages = with pkgs; [
+    android-tools
+  ];
+}

home/linux/gui.nix

@@ -0,0 +1,11 @@
+{
+  imports = [
+    ../base/core
+    ../base/tui
+    ../base/gui
+    ../base/home.nix
+
+    ./base
+    ./desktop
+  ];
+}

home/linux/server.nix

@@ -1,8 +0,0 @@
-{
-  imports = [
-    ../base/server
-    ../base/core.nix
-
-    ./base
-  ];
-}

home/linux/tui.nix

@@ -0,0 +1,10 @@
+{
+  imports = [
+    ../base/core
+    ../base/tui
+    ../base/home.nix
+
+    ./base
+    ./desktop
+  ];
+}

hosts/12kingdoms-rakushun/caddy.nix

@@ -0,0 +1,28 @@
+{myvars, ...}: {
+  services.caddy = {
+    enable = true;
+    # Reload Caddy instead of restarting it when configuration file changes.
+    enableReload = true;
+    user = "caddy"; # User account under which caddy runs.
+    dataDir = "/var/lib/caddy";
+    logDir = "/var/log/caddy";
+
+    # Additional lines of configuration appended to the global config section of the Caddyfile.
+    # Refer to https://caddyserver.com/docs/caddyfile/options#global-options for details on supported values.
+    globalConfig = ''
+      http_port    80
+      https_port   443
+      auto_https   off
+    '';
+
+    # ACME related settings.
+    # email = myvars.useremail;
+    # acmeCA = "https://acme-v02.api.letsencrypt.org/directory";
+
+    virtualHosts."http://git.writefor.fun".extraConfig = ''
+      encode zstd gzip
+      reverse_proxy http://localhost:3000
+    '';
+  };
+  networking.firewall.allowedTCPPorts = [80 443];
+}

hosts/12kingdoms-rakushun/default.nix

@@ -20,6 +20,9 @@ in {
     ./hardware-configuration.nix
     ./disko-fs.nix
     ./impermanence.nix
+
+    ./gitea.nix
+    ./caddy.nix
   ];
 
   networking = {

hosts/12kingdoms-rakushun/gitea.nix

@@ -0,0 +1,88 @@
+{pkgs, ...}: let
+in {
+  # https://github.com/NixOS/nixpkgs/blob/nixos-23.11/nixos/modules/services/misc/gitea.nix
+  services.gitea = {
+    enable = true;
+    user = "gitea";
+    group = "gitea";
+    stateDir = "/var/lib/gitea";
+    appName = "Ryan Yin's Gitea Service";
+    lfs.enable = true;
+    # Enable a timer that runs gitea dump to generate backup-files of the current gitea database and repositories.
+    dump = {
+      enable = false;
+      interval = "hourly";
+      file = "gitea-dump";
+      type = "tar.zst";
+    };
+    # Path to a file containing the SMTP password.
+    # mailerPasswordFile = "";
+    settings = {
+      server = {
+        SSH_PORT = 2222;
+        PROTOCOL = "http";
+        HTTP_PORT = 3000;
+        HTTP_ADDR = "127.0.0.1";
+        DOMAIN = "git.writefor.fun";
+      };
+      # one of "Trace", "Debug", "Info", "Warn", "Error", "Critical"
+      log.LEVEL = "Info";
+      session.COOKIE_SECURE = false;
+      service.DISABLE_REGISTRATION = true;
+
+      # "cron.sync_external_users" = {
+      #   RUN_AT_START = true;
+      #   SCHEDULE = "@every 24h";
+      #   UPDATE_EXISTING = true;
+      # };
+      mailer = {
+        ENABLED = true;
+        MAILER_TYPE = "sendmail";
+        FROM = "do-not-reply@writefor.fun";
+        SENDMAIL_PATH = "${pkgs.system-sendmail}/bin/sendmail";
+      };
+      other = {
+        SHOW_FOOTER_VERSION = false;
+      };
+    };
+    database = {
+      type = "sqlite3";
+      # create a local database automatically.
+      createDatabase = true;
+    };
+  };
+
+  # services.gitea-actions-runner.instances."default" = {
+  #   enable = true;
+  #   name = "default";
+  #   labels = [
+  #     # provide a debian base with nodejs for actions
+  #     "debian-latest:docker://node:18-bullseye"
+  #     # fake the ubuntu name, because node provides no ubuntu builds
+  #     "ubuntu-latest:docker://node:18-bullseye"
+  #     # provide native execution on the host
+  #     "native:host"
+  #   ];
+  #   gitea = "http://git.writefor.fun";
+  #   # Path to an environment file,
+  #   # containing the TOKEN environment variable,
+  #   # that holds a token to register at the configured Gitea instance.
+  #   tokenFile = "xxx"; # use agenix for secrets.
+  #   # Configuration for act_runner daemon.
+  #   # For an example configuration, see:
+  #   #  https://gitea.com/gitea/act_runner/src/branch/main/internal/pkg/config/config.example.yaml
+  #   settings = {};
+  #   # List of packages, that are available to actions,
+  #   # when the runner is configured with a host execution label.
+  #   hostPackages = with pkgs; [
+  #     bash
+  #     coreutils
+  #     curl
+  #     gawk
+  #     gitMinimal
+  #     gnused
+  #     nodejs
+  #     wget
+  #   ];
+  # };
+}

hosts/README.md

@@ -27,7 +27,8 @@
    3. If the new host need to use home-manager, add its custom config into `hosts/<name>/home.nix`.
 1. Under `outputs/`
    1. Add a new nix file named `outputs/<system-architecture>/src/<name>.nix`.
-   2. Copy the content from one of the existing host's nix file, and modify it to fit the new host.
+   2. Copy the content from one of the existing similar host, and modify it to fit the new host.
+      1. Usually, you only need to modify the `name` and `tags` fields.
    3. [Optional] Add a new unit test file under `outputs/<system-architecture>/tests/<name>.nix` to test the new host's nix file.
    4. [Optional] Add a new integration test file under `outputs/<system-architecture>/integration-tests/<name>.nix` to test whether the new host's nix config can be built and deployed correctly.
 

hosts/idols-ruby/default.nix

@@ -14,6 +14,8 @@ let
 in {
   imports = mylib.scanPaths ./.;
 
+  # Enable binfmt emulation of aarch64-linux, this is required for cross compilation.
+  boot.binfmt.emulatedSystems = ["aarch64-linux" "riscv64-linux"];
   # supported file systems, so we can mount any removable disks with these filesystems
   boot.supportedFilesystems = [
     "ext4"

hosts/idols-ruby/prometheus/default.nix

@@ -122,7 +122,7 @@
         # The smarthost and SMTP sender used for mail notifications.
         smtp_smarthost = "smtp.qq.com:465";
         smtp_from = "$SMTP_SENDER_EMAIL";
-        smtp_auth_myvars.username = "$SMTP_AUTH_USERNAME";
+        smtp_auth_username = "$SMTP_AUTH_USERNAME";
         smtp_auth_password = "$SMTP_AUTH_PASSWORD";
         # smtp.qq.com:465 support SSL only, so we need to disable TLS here.
         # https://service.mail.qq.com/detail/0/310

lib/colmenaSystem.nix

@@ -1,8 +1,9 @@
 # colmena - Remote Deployment via SSH
 {
+  lib,
   inputs,
   nixos-modules,
-  home-module ? null,
+  home-modules ? null,
   myvars,
   system,
   tags,
@@ -23,17 +24,16 @@ in
     imports =
       nixos-modules
       ++ (
-        if (home-module != null)
-        then [
+        lib.optionals ((lib.lists.length home-modules) > 0)
+        [
           home-manager.nixosModules.home-manager
           {
             home-manager.useGlobalPkgs = true;
             home-manager.useUserPackages = true;
 
             home-manager.extraSpecialArgs = specialArgs;
-            home-manager.users."${myvars.username}" = home-module;
+            home-manager.users."${myvars.username}".imports = home-modules;
           }
         ]
-        else []
       );
   }

lib/macosSystem.nix

@@ -1,7 +1,8 @@
 {
+  lib,
   inputs,
   darwin-modules,
-  home-module ? null,
+  home-modules ? [],
   myvars,
   system,
   genSpecialArgs,
@@ -25,14 +26,18 @@ in
           # discard all the default paths, and only use the one from this flake.
           nix.nixPath = lib.mkForce ["/etc/nix/inputs"];
         })
-
+      ]
+      ++ (
+        lib.optionals ((lib.lists.length home-modules) > 0)
+        [
           home-manager.darwinModules.home-manager
           {
             home-manager.useGlobalPkgs = true;
             home-manager.useUserPackages = true;
 
             home-manager.extraSpecialArgs = specialArgs;
-          home-manager.users."${myvars.username}" = home-module;
+            home-manager.users."${myvars.username}".imports = home-modules;
           }
-      ];
+        ]
+      );
   }

lib/nixosSystem.nix

@@ -4,7 +4,7 @@
   system,
   genSpecialArgs,
   nixos-modules,
-  home-module ? null,
+  home-modules ? [],
   myvars,
   ...
 }: let
@@ -26,7 +26,7 @@ in
         }
       ]
       ++ (
-        lib.optionals (home-module != null)
+        lib.optionals ((lib.lists.length home-modules) > 0)
         [
           home-manager.nixosModules.home-manager
           {
@@ -34,7 +34,7 @@ in
             home-manager.useUserPackages = true;
 
             home-manager.extraSpecialArgs = specialArgs;
-            home-manager.users."${myvars.username}" = home-module;
+            home-manager.users."${myvars.username}".imports = home-modules;
           }
         ]
       );

modules/darwin/broken-packages.nix

@@ -0,0 +1,32 @@
+{lib, ...}:
+# ===================================================================
+# Remove packages that are not well supported for the Darwin platform
+# ===================================================================
+let
+  brokenPackages = [
+    "terraform"
+    "terraformer"
+    "packer"
+    "git-trim"
+    "conda"
+    "mitmproxy"
+    "insomnia"
+    "wireshark"
+    "ventoy"
+    "jsonnet"
+    "zls"
+    "verible"
+    "gdb"
+  ];
+in {
+  nixpkgs.overlays = [
+    (_: super: let
+      removeUnwantedPackages = pname:
+        lib.warn "the ${pname} has been removed on the darwin platform"
+        super.emptyDirectory;
+    in
+      lib.genAttrs
+      brokenPackages
+      removeUnwantedPackages)
+  ];
+}

outputs/README.md

@@ -1,5 +1,68 @@
 # Flake Outputs
 
+## Is such a complex and fine-grained structure necessary?
+
+There is no need to do this when you have a small number of machines.
+
+But when you have a large number of machines, it is necessary to manage them in a fine-grained way,
+otherwise, it will be difficult to manage and maintain them.
+
+The number of my machines has grown to more than 20, 
+and the increase in scale has shown signs of getting out of control of complexity,
+so it is a natural and reasonable choice to use this fine-grained architecture to manage.
+
+## Tests
+
+Testing is not necessary when your configuration is not complex, 
+but with the increase in the number and configuration of your machines, testing becomes more and more important.
+
+We have two types of tests: eval tests and nixos tests, 
+both of which can help us detect many obscure errors early, 
+so as to avoid testing directly in the real world, and to avoid failures in personal computers and even corporate online environments.
+
+Related projects & docs:
+
+- [haumea](https://github.com/nix-community/haumea): Filesystem-based module system for Nix
+- [Unveiling the Power of the NixOS Integration Test Driver (Part 1)](https://nixcademy.com/2023/10/24/nixos-integration-tests/)
+- [NixOS Tests - NixOS Manual](https://nixos.org/manual/nixos/stable/#sec-nixos-tests)
+
+### 1. Eval Tests
+
+> TODO: More Tests!
+
+Eval Tests evaluate the expressions and compare the results with the expected results.
+It runs fast, but it doesn't build a real machine.
+We use eval tests to ensure that some attributes are correctly set for each NixOS host(not Darwin).
+
+How to run all the eval tests:
+
+```bash
+nix eval .#evalTests --show-trace --print-build-logs --verbose
+```
+
+### 2. NixOS Tests
+
+> WIP: not working yet
+
+NixOS Tests builds and starts virtual machines using our NixOS configuration and run tests on them.
+Comparing to eval tests, it runs slow, but it builds a real machine, and we can test the whole system actually works as expected.
+
+Problems:
+
+- [ ] We need a private cache server, so that our NixOS tests do not need to build some custom packages every time we run the tests.
+- [ ] Cannot test the whole host, because my host relies on its unique ssh host key to decrypt its agenix secrets.
+  - [ ] Maybe it's better to test every service separately, not the whole host?
+
+How to run NixOS tests for every host:
+
+```bash
+# Format: nix build .#<name>-nixos-tests
+
+nix build .#ruby-nixos-tests
+```
+
+## Overview
+
 All the outputs of this flake are defined here.
 
 ```bash
@@ -8,27 +71,36 @@ All the outputs of this flake are defined here.
 ├── default.nix       # The entry point, all the outputs are composed here.
 ├── README.md
 ├── aarch64-darwin    # All outputs for macOS Apple Silicon
-│   ├── default.nix   # The entry point for all outputs for macOS Apple Silicon
-│   └── src
+│   ├── default.nix
+│   └── src           # every host has its own file in this directory
 │       └── fern.nix
 ├── aarch64-linux     # All outputs for Linux ARM64
 │   ├── default.nix
-│   └── src
-│       ├── 12kingdoms-rakushun.nix
-│       └── 12kingdoms-suzu.nix
+│   ├── src           # every host has its own file in this directory
+│   │   ├── 12kingdoms-rakushun.nix
+│   │   └── 12kingdoms-suzu.nix
+│   └── tests         # eval tests
+│       └── hostname
+│           ├── expected.nix
+│           └── expr.nix
 ├── riscv64-linux     # All outputs for Linux RISCV64
 │   ├── default.nix
-│   └── src
-│       ├── rolling-girls-nozomi.nix
-│       └── rolling-girls-yukina.nix
+│   ├── src           # every host has its own file in this directory
+│   │   ├── rolling-girls-nozomi.nix
+│   │   └── rolling-girls-yukina.nix
+│   └── tests         # eval tests
+│       └── hostname
+│           ├── expected.nix
+│           └── expr.nix
 ├── x86_64-darwin     # All outputs for macOS Intel
 │   ├── default.nix
 │   └── src
 │       └── harnomica.nix
 └── x86_64-linux      # All outputs for Linux x86_64
     ├── default.nix
-    ├── src
-    │   ├── 12kindoms-shoukei.nix
+    ├── nixos-tests
+    ├── src           # every host has its own file in this directory
+    │   ├── 12kingdoms-shoukei.nix
     │   ├── homelab-tailscale-gw.nix
     │   ├── idols-ai.nix
     │   ├── idols-aquamarine.nix
@@ -43,9 +115,12 @@ All the outputs of this flake are defined here.
     │   ├── kubevirt-shoryu.nix
     │   ├── kubevirt-shushou.nix
     │   └── kubevirt-youko.nix
-    └── tests
+    └── tests         # eval tests
+        ├── home-manager
+        │   ├── expected.nix
+        │   └── expr.nix
+        └── hostname
+            ├── expected.nix
+            └── expr.nix
 
-12 directories, 28 files
 ```
-
-

outputs/aarch64-darwin/default.nix

@@ -23,8 +23,8 @@ in
     inherit data; # for debugging purposes
 
     # NixOS's unit tests.
-    # unit-tests = haumea.lib.loadEvalTests {
-    #   src = ./tests;
-    #   inputs = args;
-    # };
+    evalTests = haumea.lib.loadEvalTests {
+      src = ./tests;
+      inputs = args // {inherit outputs;};
+    };
   }

outputs/aarch64-darwin/src/fern.nix

@@ -22,7 +22,7 @@
         "hosts/darwin-${name}"
       ])
       ++ [];
-    home-module.imports = map mylib.relativeToRoot [
+    home-modules = map mylib.relativeToRoot [
       "hosts/darwin-${name}/home.nix"
       "home/darwin"
     ];

outputs/aarch64-darwin/tests/home-manager/expected.nix

@@ -0,0 +1,10 @@
+{
+  myvars,
+  lib,
+}: let
+  username = myvars.username;
+  hosts = [
+    "fern"
+  ];
+in
+  lib.genAttrs hosts (_: "/Users/${username}")

outputs/aarch64-darwin/tests/home-manager/expr.nix

@@ -0,0 +1,15 @@
+{
+  myvars,
+  lib,
+  outputs,
+}: let
+  username = myvars.username;
+  hosts = [
+    "fern"
+  ];
+in
+  lib.genAttrs
+  hosts
+  (
+    name: outputs.darwinConfigurations.${name}.config.home-manager.users.${username}.home.homeDirectory
+  )

outputs/aarch64-darwin/tests/hostname/expected.nix

@@ -0,0 +1,8 @@
+{
+  lib,
+  outputs,
+}: let
+  hostsNames = builtins.attrNames outputs.darwinConfigurations;
+  expected = lib.genAttrs hostsNames (name: name);
+in
+  expected

outputs/aarch64-darwin/tests/hostname/expr.nix

@@ -0,0 +1,9 @@
+{
+  lib,
+  outputs,
+}:
+lib.genAttrs
+(builtins.attrNames outputs.darwinConfigurations)
+(
+  name: outputs.darwinConfigurations.${name}.config.networking.hostName
+)

outputs/aarch64-linux/default.nix

@@ -18,9 +18,9 @@
     nixosConfigurations = lib.attrsets.mergeAttrsList (map (it: it.nixosConfigurations or {}) dataWithoutPaths);
     packages = lib.attrsets.mergeAttrsList (map (it: it.packages or {}) dataWithoutPaths);
     # colmena contains some meta info, which need to be merged carefully.
-    colmena-meta = {
-      nodeNixpkgs = lib.attrsets.mergeAttrsList (map (it: it.colmena-meta.nodeNixpkgs or {}) dataWithoutPaths);
-      nodeSpecialArgs = lib.attrsets.mergeAttrsList (map (it: it.colmena-meta.nodeSpecialArgs or {}) dataWithoutPaths);
+    colmenaMeta = {
+      nodeNixpkgs = lib.attrsets.mergeAttrsList (map (it: it.colmenaMeta.nodeNixpkgs or {}) dataWithoutPaths);
+      nodeSpecialArgs = lib.attrsets.mergeAttrsList (map (it: it.colmenaMeta.nodeSpecialArgs or {}) dataWithoutPaths);
     };
     # colmena's per-machine data.
     colmena = lib.attrsets.mergeAttrsList (map (it: it.colmena or {}) dataWithoutPaths);
@@ -31,8 +31,8 @@ in
     inherit data; # for debugging purposes
 
     # NixOS's unit tests.
-    # unit-tests = haumea.lib.loadEvalTests {
-    #   src = ./tests;
-    #   inputs = args;
-    # };
+    evalTests = haumea.lib.loadEvalTests {
+      src = ./tests;
+      inputs = args // {inherit outputs;};
+    };
   }

outputs/aarch64-linux/src/12kingdoms-rakushun.nix

@@ -50,7 +50,7 @@
 in {
   nixosConfigurations.${name} = mylib.nixosSystem rk3588SystemArgs;
 
-  colmena-meta = {
+  colmenaMeta = {
     nodeSpecialArgs.${name} = rk3588SpecialArgs;
     nodeNixpkgs.${name} = rk3588Pkgs;
   };

outputs/aarch64-linux/src/12kingdoms-suzu.nix

@@ -50,7 +50,7 @@
 in {
   nixosConfigurations.${name} = mylib.nixosSystem rk3588SystemArgs;
 
-  colmena-meta = {
+  colmenaMeta = {
     nodeSpecialArgs.${name} = rk3588SpecialArgs;
     nodeNixpkgs.${name} = rk3588Pkgs;
   };

outputs/aarch64-linux/tests/hostname/expected.nix

@@ -0,0 +1,8 @@
+{
+  lib,
+  outputs,
+}: let
+  hostsNames = builtins.attrNames outputs.nixosConfigurations;
+  expected = lib.genAttrs hostsNames (name: name);
+in
+  expected

outputs/aarch64-linux/tests/hostname/expr.nix

@@ -0,0 +1,9 @@
+{
+  lib,
+  outputs,
+}:
+lib.genAttrs
+(builtins.attrNames outputs.nixosConfigurations)
+(
+  name: outputs.nixosConfigurations.${name}.config.networking.hostName
+)

outputs/default.nix

@@ -45,6 +45,7 @@
   allSystemNames = builtins.attrNames allSystems;
   nixosSystemValues = builtins.attrValues nixosSystems;
   darwinSystemValues = builtins.attrValues darwinSystems;
+  allSystemValues = nixosSystemValues ++ darwinSystemValues;
 
   # Helper function to generate a set of attributes for each system
   forAllSystems = func: (nixpkgs.lib.genAttrs allSystemNames func);
@@ -52,6 +53,9 @@ in {
   # add attribute sets into outputs, for debugging
   debugAttrs = {inherit nixosSystems darwinSystems allSystems allSystemNames;};
 
+  # Unit Tests for all NixOS systems.
+  evalTests = lib.lists.all (it: it.evalTests == {}) allSystemValues;
+
   # NixOS Hosts
   nixosConfigurations =
     lib.attrsets.mergeAttrsList (map (it: it.nixosConfigurations or {}) nixosSystemValues);
@@ -71,8 +75,8 @@ in {
         )
         // {
           # per-node nixpkgs & specialArgs
-          nodeNixpkgs = lib.attrsets.mergeAttrsList (map (it: it.colmena-meta.nodeNixpkgs or {}) nixosSystemValues);
-          nodeSpecialArgs = lib.attrsets.mergeAttrsList (map (it: it.colmena-meta.nodeSpecialArgs or {}) nixosSystemValues);
+          nodeNixpkgs = lib.attrsets.mergeAttrsList (map (it: it.colmenaMeta.nodeNixpkgs or {}) nixosSystemValues);
+          nodeSpecialArgs = lib.attrsets.mergeAttrsList (map (it: it.colmenaMeta.nodeSpecialArgs or {}) nixosSystemValues);
         };
     }
     // lib.attrsets.mergeAttrsList (map (it: it.colmena or {}) nixosSystemValues);
@@ -89,9 +93,6 @@ in {
   # Unit Tests, Intergraded Tests, and Pre-commit checks
   checks = forAllSystems (
     system: {
-      # Unit Tests for the system
-      # unit-tests = allSystems.${system}.unit-tests;
-
       pre-commit-check = pre-commit-hooks.lib.${system}.run {
         src = ./.;
         hooks = {

outputs/riscv64-linux/default.nix

@@ -18,9 +18,9 @@
     nixosConfigurations = lib.attrsets.mergeAttrsList (map (it: it.nixosConfigurations or {}) dataWithoutPaths);
     packages = lib.attrsets.mergeAttrsList (map (it: it.packages or {}) dataWithoutPaths);
     # colmena contains some meta info, which need to be merged carefully.
-    colmena-meta = {
-      nodeNixpkgs = lib.attrsets.mergeAttrsList (map (it: it.colmena-meta.nodeNixpkgs or {}) dataWithoutPaths);
-      nodeSpecialArgs = lib.attrsets.mergeAttrsList (map (it: it.colmena-meta.nodeSpecialArgs or {}) dataWithoutPaths);
+    colmenaMeta = {
+      nodeNixpkgs = lib.attrsets.mergeAttrsList (map (it: it.colmenaMeta.nodeNixpkgs or {}) dataWithoutPaths);
+      nodeSpecialArgs = lib.attrsets.mergeAttrsList (map (it: it.colmenaMeta.nodeSpecialArgs or {}) dataWithoutPaths);
     };
     # colmena's per-machine data.
     colmena = lib.attrsets.mergeAttrsList (map (it: it.colmena or {}) dataWithoutPaths);
@@ -31,8 +31,8 @@ in
     inherit data; # for debugging purposes
 
     # NixOS's unit tests.
-    # unit-tests = haumea.lib.loadEvalTests {
-    #   src = ./tests;
-    #   inputs = args;
-    # };
+    evalTests = haumea.lib.loadEvalTests {
+      src = ./tests;
+      inputs = args // {inherit outputs;};
+    };
   }

outputs/riscv64-linux/src/rolling-girls-nozomi.nix

@@ -50,7 +50,7 @@
 in {
   nixosConfigurations.${name} = mylib.nixosSystem lpi4aSystemArgs;
 
-  colmena-meta = {
+  colmenaMeta = {
     nodeSpecialArgs.${name} = lpi4aSpecialArgs;
     nodeNixpkgs.${name} = lpi4aPkgs;
   };

outputs/riscv64-linux/src/rolling-girls-yukina.nix

@@ -50,7 +50,7 @@
 in {
   nixosConfigurations.${name} = mylib.nixosSystem lpi4aSystemArgs;
 
-  colmena-meta = {
+  colmenaMeta = {
     nodeSpecialArgs.${name} = lpi4aSpecialArgs;
     nodeNixpkgs.${name} = lpi4aPkgs;
   };

outputs/riscv64-linux/tests/hostname/expected.nix

@@ -0,0 +1,8 @@
+{
+  lib,
+  outputs,
+}: let
+  hostsNames = builtins.attrNames outputs.nixosConfigurations;
+  expected = lib.genAttrs hostsNames (name: name);
+in
+  expected

outputs/riscv64-linux/tests/hostname/expr.nix

@@ -0,0 +1,9 @@
+{
+  lib,
+  outputs,
+}:
+lib.genAttrs
+(builtins.attrNames outputs.nixosConfigurations)
+(
+  name: outputs.nixosConfigurations.${name}.config.networking.hostName
+)

outputs/x86_64-darwin/default.nix

@@ -23,8 +23,8 @@ in
     inherit data; # for debugging purposes
 
     # NixOS's unit tests.
-    # unit-tests = haumea.lib.loadEvalTests {
-    #   src = ./tests;
-    #   inputs = args;
-    # };
+    evalTests = haumea.lib.loadEvalTests {
+      src = ./tests;
+      inputs = args // {inherit outputs;};
+    };
   }