From b88e8b4f8259267ebb0d068df9cd65fd36ca5477 Mon Sep 17 00:00:00 2001
From: Preston Pan <ret2pop@nullring.xyz>
Date: Tue, 10 Mar 2026 17:12:53 -0700
Subject: prepare for CSP header generation

---
 nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'nix')

diff --git a/nix b/nix
index 7e0ff16..44521f8 160000
--- a/nix
+++ b/nix
@@ -1 +1 @@
-Subproject commit 7e0ff1661d94a061d0ad6db72803d211f9df4638
+Subproject commit 44521f898a8e71361e81d42adca748964a457f31
-- 
cgit v1.3


From c8d23ac96f8a2204a96ee0abd4bce231c0ef84fd Mon Sep 17 00:00:00 2001
From: Preston Pan <ret2pop@nullring.xyz>
Date: Tue, 10 Mar 2026 20:17:57 -0700
Subject: maybe test works?

---
 config/nix.org |  4 ++++
 flake.nix      | 41 +++++++++++++++++++++++++++++++++++++++++
 nix            |  2 +-
 3 files changed, 46 insertions(+), 1 deletion(-)

(limited to 'nix')

diff --git a/config/nix.org b/config/nix.org
index dc2c823..1939a28 100644
--- a/config/nix.org
+++ b/config/nix.org
@@ -308,6 +308,10 @@ and now for the main flake:
           };
         in
           {
+            lib = {
+              inherit mkHostModules;
+            };
+
             checks."${system}" = integrationTests // {
               inherit pre-commit-check;
             };
diff --git a/flake.nix b/flake.nix
index ad7a690..09c8ea9 100644
--- a/flake.nix
+++ b/flake.nix
@@ -66,6 +66,15 @@
         src = ./.;
         hooks = {
           deadnix.enable = true;
+          test-spontaneity-vm-with-site = {
+            enable = true;
+            name = "spontaneity-vm";
+            description = "test boot the spontaneity vm to check nginx config. Required test as we inject monorepoSelf variable.";
+            stages = [ "pre-merge-commit" ];
+            entry = "${pkgs.writeShellScript "website-check" ''
+nix build .#spontaneity
+''}";
+          };
           website-build-check = {
             enable = true;
             name = "website-build";
@@ -318,6 +327,38 @@ sha256sum installer.iso > installer.iso.sha256
 
         checks."${system}" = {
           build-website = website;
+          spontaneity-website-test = pkgs.testers.runNixOSTest {
+            name = "spontaneity-website-test";
+            
+            node.specialArgs = { 
+              monorepoSelf = self; 
+              isIntegrationTest = true;
+            };
+
+            nodes."spontaneity" = { lib, ... }: {
+              imports = nixmacs.lib.mkHostModules "spontaneity" ++ [
+                "${nixpkgs}/nixos/modules/misc/nixpkgs/read-only.nix"
+                {
+                  nixpkgs.pkgs = lib.mkVMOverride self.nixosConfigurations.spontaneity.pkgs;
+                  nixpkgs.config = lib.mkForce {};
+                  systemd.services.systemd-networkd-wait-online.enable = lib.mkForce false;
+                  systemd.services.NetworkManager-wait-online.enable = lib.mkForce false;
+                  nixpkgs.overlays = lib.mkForce [];
+                }
+              ];
+              disabledModules = [ 
+                "${nixmacs}/systems/spontaneity/hardware-configuration.nix" 
+              ];
+            };
+
+            testScript = ''
+spontaneity.start()
+spontaneity.wait_for_unit("nginx.service")
+spontaneity.wait_for_open_port(443)
+spontaneity.succeed("systemctl is-active nginx")
+spontaneity.succeed("echo 'smoke'")
+          '';
+          };
         };
 
         packages."${system}" = {
diff --git a/nix b/nix
index 44521f8..2cae1e9 160000
--- a/nix
+++ b/nix
@@ -1 +1 @@
-Subproject commit 44521f898a8e71361e81d42adca748964a457f31
+Subproject commit 2cae1e9468fcead554f54672fc2250ec31769f1f
-- 
cgit v1.3


From d7f5cec11ea4b269aae8a7251009546263c9747e Mon Sep 17 00:00:00 2001
From: Preston Pan <ret2pop@nullring.xyz>
Date: Wed, 11 Mar 2026 00:32:26 -0700
Subject: new nix commit

---
 nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'nix')

diff --git a/nix b/nix
index 2cae1e9..db63be0 160000
--- a/nix
+++ b/nix
@@ -1 +1 @@
-Subproject commit 2cae1e9468fcead554f54672fc2250ec31769f1f
+Subproject commit db63be0ac07cd5c2dad8f316250c6a6115f21c63
-- 
cgit v1.3


From 699dcef30fc987ab0de9f6068de3999163b04e93 Mon Sep 17 00:00:00 2001
From: Preston Pan <ret2pop@nullring.xyz>
Date: Wed, 11 Mar 2026 01:11:12 -0700
Subject: new stuff

---
 config/nix.org | 1 -
 flake.nix      | 7 ++++---
 nix            | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

(limited to 'nix')

diff --git a/config/nix.org b/config/nix.org
index 1939a28..89928d5 100644
--- a/config/nix.org
+++ b/config/nix.org
@@ -2738,7 +2738,6 @@ because they enhance security.
     programs = {
       nix-ld.enable = true;
       zsh.enable = true;
-      light.enable = true;
       ssh.enableAskPassword = false;
     };
 
diff --git a/flake.nix b/flake.nix
index a524c32..7c309c8 100644
--- a/flake.nix
+++ b/flake.nix
@@ -346,7 +346,7 @@ sha256sum installer.iso > installer.iso.sha256
             node.specialArgs = { 
               monorepoSelf = self; 
               isIntegrationTest = true;
-            };
+            } // nixmacs.inputs;
 
             nodes."spontaneity" = { lib, ... }: {
               imports = nixmacs.lib.mkHostModules "spontaneity" ++ [
@@ -359,8 +359,9 @@ sha256sum installer.iso > installer.iso.sha256
                   nixpkgs.overlays = lib.mkForce [];
                 }
               ];
-              disabledModules = [ 
-                "${nixmacs}/systems/spontaneity/hardware-configuration.nix" 
+              disabledModules = [
+                "${self}/nix/modules/nixpkgs-options.nix"
+                "${self}/nix/systems/spontaneity/hardware-configuration.nix"
               ];
             };
 
diff --git a/nix b/nix
index db63be0..202612a 160000
--- a/nix
+++ b/nix
@@ -1 +1 @@
-Subproject commit db63be0ac07cd5c2dad8f316250c6a6115f21c63
+Subproject commit 202612ad3fabefa274423bb24f955157b9a290a0
-- 
cgit v1.3


From 0e86238729b06b83bf2c518da90abeb25c1b2cc1 Mon Sep 17 00:00:00 2001
From: Preston Pan <ret2pop@nullring.xyz>
Date: Wed, 11 Mar 2026 14:36:32 -0700
Subject: smoke test passes

---
 config/nix.org | 5 ++++-
 flake.nix      | 6 +++---
 nix            | 2 +-
 3 files changed, 8 insertions(+), 5 deletions(-)

(limited to 'nix')

diff --git a/config/nix.org b/config/nix.org
index 89928d5..c355ba5 100644
--- a/config/nix.org
+++ b/config/nix.org
@@ -1733,7 +1733,7 @@ to the outside world under a domain.
       '';
           };
           extraConfig = ''
-  include ${monorepoSelf.packages.${pkgs.system}.website}/csp_headers.conf;
+  include ${monorepoSelf.packages.${pkgs.system}.website}/csp_header.conf;
   rewrite ^/graph_view/?(.*)$ https://graph.${config.monorepo.vars.remoteHost}/$1 permanent;
   '';
         };
@@ -2396,6 +2396,7 @@ because they enhance security.
       memoryPercent = 50;
     };
 
+    # Shim for testing
     virtualisation.vmVariant = {
       sops.validateSopsFiles = false;
       disko.devices = lib.mkForce {};
@@ -2424,6 +2425,8 @@ because they enhance security.
       systemd.services.sops-nix = {
         unitConfig.RequiresMountsFor = "/home/preston/.config/sops/age";
       };
+
+      security.acme.defaults.server = lib.mkForce "https://127.0.0.1:14000/dir";
     };
 
     documentation = {
diff --git a/flake.nix b/flake.nix
index 17ff339..228e15a 100644
--- a/flake.nix
+++ b/flake.nix
@@ -373,10 +373,10 @@ sha256sum installer.iso > installer.iso.sha256
 
             testScript = ''
 spontaneity.start()
-spontaneity.wait_for_unit("nginx.service")
-spontaneity.wait_for_open_port(443)
+spontaneity.succeed('printf "smoke"')
+spontaneity.wait_for_unit("default.target")
 spontaneity.succeed("systemctl is-active nginx")
-spontaneity.succeed("echo 'smoke'")
+spontaneity.succeed('printf "smoke again"')
           '';
           };
         };
diff --git a/nix b/nix
index 202612a..7185f3f 160000
--- a/nix
+++ b/nix
@@ -1 +1 @@
-Subproject commit 202612ad3fabefa274423bb24f955157b9a290a0
+Subproject commit 7185f3f185bbfe594dbf11a31a2e7d78d5b72f09
-- 
cgit v1.3