.gitea/workflows/build-nixos.yml

@@ -0,0 +1,64 @@
+name: NixOS Build & Test
+run-name: Build ${{ gitea.event_name == 'push' && gitea.ref_name || format('PR #{0}', gitea.event.pull_request.number) }}
+
+on:
+  push:
+    branches:
+      - master
+    paths:
+      - '**.nix'
+      - 'flake.lock'
+      - 'secrets/**'
+      - 'hosts/**'
+      - 'modules/**'
+  pull_request:
+    branches:
+      - master
+    paths:
+      - '**.nix'
+      - 'flake.lock'
+      - 'secrets/**'
+      - 'hosts/**'
+      - 'modules/**'
+
+jobs:
+  build:
+    runs-on: nixos-builder
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Set up Nix environment
+        run: |
+          echo "extra-experimental-features = nix-command flakes" >> ~/.config/nix/nix.conf
+          cat ~/.config/nix/nix.conf
+
+      - name: Install nh (nix helper)
+        run: |
+          nix --extra-experimental-features "nix-command flakes" \
+            profile add nixpkgs#nh
+          nh --version
+
+      - name: Build NixOS configuration (lazyworkhorse)
+        run: |
+          nh os build .#lazyworkhorse
+        env:
+          NIX_CONFIG: "extra-experimental-features = nix-command flakes"
+
+      - name: Build NixOS configuration (cyt-pi)
+        run: |
+          nh os build .#cyt-pi
+        env:
+          NIX_CONFIG: "extra-experimental-features = nix-command flakes"
+
+      - name: Integration tests (placeholder)
+        run: |
+          echo "TODO: Add integration tests here"
+          echo ""
+          echo "Suggested future checks:"
+          echo "  - nix flake check  (evaluate all NixOS configs)"
+          echo "  - Validate agenix secrets are decryptable"
+          echo "  - Check services are defined correctly"
+          echo "  - Run VM test if nixos-test infrastructure exists"