From f98aa0b19bf2d2f2977631f91fd81ff9819600ba Mon Sep 17 00:00:00 2001
From: Hunter Halloran <hdhdog@live.com>
Date: Wed, 17 Dec 2025 11:42:17 -0500
Subject: [PATCH] chore: Update ci

---
 .github/workflows/ci.yml | 13 +++++++------
 hosts/default.nix        |  7 ++++++-
 sw/builders/services.nix | 28 +++++++++++++++-------------
 3 files changed, 28 insertions(+), 20 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index b5244f7..1389ae4 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -38,9 +38,10 @@ jobs:
             exit 1
           fi
 
-  build-configs:
-    name: Build Key Configurations
+  eval-configs:
+    name: Evaluate Key Configurations
     runs-on: [self-hosted, nix-builder]
+    needs: [flake-check, format-check]
     strategy:
       matrix:
         config:
@@ -52,16 +53,16 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v4
 
-      - name: Build configuration
+      - name: Evaluate configuration
         run: |
-          echo "Building configuration for ${{ matrix.config }}"
-          nix build .#nixosConfigurations.${{ matrix.config }}.config.system.build.toplevel \
-            --print-build-logs \
+          echo "Evaluating configuration for ${{ matrix.config }}"
+          nix eval .#nixosConfigurations.${{ matrix.config }}.config.system.build.toplevel.drvPath \
             --show-trace
 
   build-artifacts:
     name: Build Artifacts
     runs-on: [self-hosted, nix-builder]
+    needs: [flake-check, format-check]
     strategy:
       matrix:
         artifact:
diff --git a/hosts/default.nix b/hosts/default.nix
index 32aba9e..b0fac1d 100644
--- a/hosts/default.nix
+++ b/hosts/default.nix
@@ -73,7 +73,12 @@ let
       # Each wrapper checks if the user is enabled before applying the module content
       userNixosModules = lib.mapAttrsToList (
         name: modulePath:
-        { config, lib, pkgs, ... }@args:
+        {
+          config,
+          lib,
+          pkgs,
+          ...
+        }@args:
         let
           # Import the user's nixos module - it returns a function or attrset
           importedModuleFunc = import modulePath { inherit inputs; };
diff --git a/sw/builders/services.nix b/sw/builders/services.nix
index a404abf..8228fe8 100644
--- a/sw/builders/services.nix
+++ b/sw/builders/services.nix
@@ -34,7 +34,7 @@ mkIf builderCfg.githubRunner.enable {
       TimeoutStopSec = 60;
       # Restart on failure, but not immediately
       RestartSec = 10;
-      
+
       # Disable all namespace isolation features that don't work in LXC containers
       PrivateMounts = mkForce false;
       MountAPIVFS = mkForce false;
@@ -50,26 +50,26 @@ mkIf builderCfg.githubRunner.enable {
       ProtectKernelTunables = mkForce false;
       ProtectKernelModules = mkForce false;
       ProtectControlGroups = mkForce false;
-      
+
       # Use LoadCredential to securely pass the token file to the service
       # This allows the service to read the token even when running as non-root
       LoadCredential = "token:${builderCfg.githubRunner.tokenFile}";
-      
+
       # Don't override ExecStartPre - let the default module handle configuration
       # Just make the cleanup more tolerant by wrapping the original script
       ExecStartPre = mkForce (
         let
           # Get the runner package and scripts
           runnerPkg = pkgs.github-runner;
-          
+
           # Create wrapper scripts that are failure-tolerant
           unconfigureWrapper = pkgs.writeShellScript "github-runner-unconfigure-wrapper.sh" ''
             set +e  # Don't fail on errors
-            
+
             runnerDir="$1"
             stateDir="$2"
             logDir="$3"
-            
+
             # If directory is busy, just skip cleanup with a warning
             if [ -d "$runnerDir" ]; then
               echo "Attempting cleanup of $runnerDir..."
@@ -77,15 +77,15 @@ mkIf builderCfg.githubRunner.enable {
                 echo "Warning: Cleanup had issues (directory may be in use), continuing anyway..."
               }
             fi
-            
+
             exit 0
           '';
-          
+
           configureScript = pkgs.writeShellScript "github-runner-configure.sh" ''
             set -e
-            
+
             runnerDir="${builderCfg.githubRunner.workDir}/${builderCfg.githubRunner.name}"
-            
+
             # Read token from systemd credential (passed via LoadCredential)
             if [ -n "''${CREDENTIALS_DIRECTORY:-}" ] && [ -f "''${CREDENTIALS_DIRECTORY}/token" ]; then
               token=$(cat "''${CREDENTIALS_DIRECTORY}/token")
@@ -93,11 +93,13 @@ mkIf builderCfg.githubRunner.enable {
               echo "Error: Token credential not available"
               exit 1
             fi
-            
+
             cd "$runnerDir"
-            
+
             # Configure the runner, optionally replacing existing registration
-            if [ ! -f ".runner" ] || [ "${if builderCfg.githubRunner.replace then "true" else "false"}" = "true" ]; then
+            if [ ! -f ".runner" ] || [ "${
+              if builderCfg.githubRunner.replace then "true" else "false"
+            }" = "true" ]; then
               echo "Configuring GitHub Actions runner..."
               ${runnerPkg}/bin/Runner.Listener configure \
                 --unattended \