From 0aab0a4d61469c2431bf25467a676f34857d1a32 Mon Sep 17 00:00:00 2001
From: Harivansh Rathi <rathiharivansh@gmail.com>
Date: Sat, 18 Apr 2026 22:33:25 -0400
Subject: [PATCH] ci: drop darwin shims, rebuild locally on netty runner

- remove macOS-era `sudo mkdir /Users/rathi/...` shim steps from flake-check
  and nix-format (Linux runner, paths don't exist, gitea-runner has no sudo)
- deploy-netty now runs `sudo nixos-rebuild switch --flake .#netty` directly
  on the runner (it *is* netty), no SSH, no `just switch-netty`
- grant gitea-runner NOPASSWD sudo for nixos-rebuild only
- apply current nixfmt to home/scripts.nix, hermes-gateway.nix, devshells.nix

Made-with: Cursor
---
 .github/workflows/quality.yml  | 14 ++------------
 home/scripts.nix               |  6 +++---
 hosts/netty/forgejo-runner.nix | 15 +++++++++++++++
 hosts/netty/hermes-gateway.nix |  2 +-
 modules/devshells.nix          | 13 ++++++-------
 5 files changed, 27 insertions(+), 23 deletions(-)

diff --git a/.github/workflows/quality.yml b/.github/workflows/quality.yml
index ddd3042..ea460f5 100644
--- a/.github/workflows/quality.yml
+++ b/.github/workflows/quality.yml
@@ -37,11 +37,6 @@ jobs:
     if: ${{ needs.changes.outputs.quality == 'true' }}
     steps:
       - uses: actions/checkout@v4
-      - name: Prepare local flake input shims
-        run: |
-          set -euo pipefail
-          sudo mkdir -p /Users/rathi/Documents/GitHub/companion/agentcomputer/apps
-          sudo ln -sfn "$GITHUB_WORKSPACE/ci/agentcomputer-cli-stub" /Users/rathi/Documents/GitHub/companion/agentcomputer/apps/cli
       - run: nix flake check
 
   nix-format:
@@ -51,11 +46,6 @@ jobs:
     if: ${{ needs.changes.outputs.quality == 'true' }}
     steps:
       - uses: actions/checkout@v4
-      - name: Prepare local flake input shims
-        run: |
-          set -euo pipefail
-          sudo mkdir -p /Users/rathi/Documents/GitHub/companion/agentcomputer/apps
-          sudo ln -sfn "$GITHUB_WORKSPACE/ci/agentcomputer-cli-stub" /Users/rathi/Documents/GitHub/companion/agentcomputer/apps/cli
       - run: nix fmt -- --ci
 
   deploy-netty:
@@ -67,8 +57,8 @@ jobs:
       group: deploy-netty
     steps:
       - uses: actions/checkout@v4
-      - name: Deploy netty
+      - name: Rebuild netty
         shell: bash
         run: |
           set -euo pipefail
-          just switch-netty
+          sudo nixos-rebuild switch --flake ".#netty"
diff --git a/home/scripts.nix b/home/scripts.nix
index 52dffcb..44b6422 100644
--- a/home/scripts.nix
+++ b/home/scripts.nix
@@ -38,9 +38,9 @@ in
     ln -sfn "$THEME_TMUX_TARGET" "${customScripts.theme.paths.tmuxCurrentFile}"
     ln -sfn "$THEME_LAZYGIT_TARGET" "${customScripts.theme.paths.lazygitCurrentFile}"
     ${lib.optionalString hostConfig.isDarwin ''
-    lg_darwin="${config.home.homeDirectory}/Library/Application Support/lazygit"
-    mkdir -p "$lg_darwin"
-    ln -sfn "$THEME_DARWIN_LAZYGIT_TARGET" "$lg_darwin/config.yml"
+      lg_darwin="${config.home.homeDirectory}/Library/Application Support/lazygit"
+      mkdir -p "$lg_darwin"
+      ln -sfn "$THEME_DARWIN_LAZYGIT_TARGET" "$lg_darwin/config.yml"
     ''}
 
     # seed wallpapers from static assets if no generated ones exist yet
diff --git a/hosts/netty/forgejo-runner.nix b/hosts/netty/forgejo-runner.nix
index 61298aa..752bc84 100644
--- a/hosts/netty/forgejo-runner.nix
+++ b/hosts/netty/forgejo-runner.nix
@@ -8,6 +8,21 @@ let
   cacheRoot = "/var/cache/forgejo-runner";
 in
 {
+  security.sudo.extraRules = [
+    {
+      users = [ "gitea-runner" ];
+      commands = [
+        {
+          command = "/run/current-system/sw/bin/nixos-rebuild";
+          options = [
+            "NOPASSWD"
+            "SETENV"
+          ];
+        }
+      ];
+    }
+  ];
+
   systemd.tmpfiles.rules = [
     "d ${cacheRoot} 0750 gitea-runner gitea-runner -"
     "d ${cacheRoot}/cargo 0750 gitea-runner gitea-runner -"
diff --git a/hosts/netty/hermes-gateway.nix b/hosts/netty/hermes-gateway.nix
index caa4560..e394f2c 100644
--- a/hosts/netty/hermes-gateway.nix
+++ b/hosts/netty/hermes-gateway.nix
@@ -63,7 +63,7 @@ in
       };
     };
 
-    mcpServers = {};
+    mcpServers = { };
 
     extraPackages = with pkgs; [
       nodejs_22
diff --git a/modules/devshells.nix b/modules/devshells.nix
index 0fde633..d608c9f 100644
--- a/modules/devshells.nix
+++ b/modules/devshells.nix
@@ -9,13 +9,12 @@
     {
       formatter = pkgs.nixfmt-tree;
 
-      packages =
-        {
-          home-manager = inputs.home-manager.packages.${system}.home-manager;
-        }
-        // lib.optionalAttrs (lib.hasSuffix "darwin" system) {
-          darwin-rebuild = inputs.nix-darwin.packages.${system}.darwin-rebuild;
-        };
+      packages = {
+        home-manager = inputs.home-manager.packages.${system}.home-manager;
+      }
+      // lib.optionalAttrs (lib.hasSuffix "darwin" system) {
+        darwin-rebuild = inputs.nix-darwin.packages.${system}.darwin-rebuild;
+      };
 
       devShells.default = pkgs.mkShell {
         packages = with pkgs; [