diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
new file mode 100644
index 0000000..9c1b9c4
--- /dev/null
+++ b/.github/workflows/ci.yml
@@ -0,0 +1,56 @@
+name: CI
+
+on:
+ push:
+ branches: [main]
+ pull_request:
+ branches: [main]
+
+jobs:
+ check:
+ name: Flake check
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v4
+
+ - uses: cachix/install-nix-action@v30
+ with:
+ nix_path: nixpkgs=channel:nixos-unstable
+ extra_nix_config: |
+ experimental-features = nix-command flakes
+
+ - name: Check flake evaluation
+ run: nix flake check --no-build --all-systems
+
+ - name: Lint with statix
+ run: nix run nixpkgs#statix -- check .
+ continue-on-error: true
+
+ build:
+ name: Build NixOS configuration
+ runs-on: ubuntu-latest
+ needs: check
+ steps:
+ - uses: actions/checkout@v4
+
+ - uses: cachix/install-nix-action@v30
+ with:
+ nix_path: nixpkgs=channel:nixos-unstable
+ extra_nix_config: |
+ experimental-features = nix-command flakes
+ extra-platforms = aarch64-linux
+
+ - name: Set up QEMU for aarch64 emulation
+ uses: docker/setup-qemu-action@v3
+ with:
+ platforms: arm64
+
+ - name: Build finite system
+ run: |
+ nix build .#nixosConfigurations.finite.config.system.build.toplevel \
+ --system aarch64-linux \
+ --print-build-logs
+
+ - name: Scan for CVEs with vulnix
+ run: nix run nixpkgs#vulnix -- --system ./result
+ continue-on-error: true
diff --git a/README.md b/README.md
index 6a0e4c8..9e0f692 100644
--- a/README.md
+++ b/README.md
@@ -15,6 +15,14 @@
+
+
+ 
+
+
+ 
+
+
Finite
diff --git a/settings.nix b/settings.nix
index e85357c..b7dc0e7 100644
--- a/settings.nix
+++ b/settings.nix
@@ -1,4 +1,6 @@
{
+ VERSION = "1.0.0";
+
STATE_VERSION = "25.05";
SYSTEM = "aarch64-linux";