Add NixOS VM integration tests and update CI/CD pipeline configuration. Introduce checks for backend integration, full-stack, performance, and security tests using native NixOS services. Remove legacy GitHub Actions workflow and replace with Gitea Actions runner configuration. Update README and quickstart guide to reflect new development environment setup and testing commands.

nixos/gitea-runner.nix

@@ -0,0 +1,112 @@
+{ config, pkgs, lib, ... }:
+
+{
+  # Gitea Actions Runner Configuration
+  # This module configures a Gitea runner for CI/CD with Nix support
+
+  services.gitea-actions-runner = {
+    package = pkgs.gitea-actions-runner;
+    
+    instances = {
+      # Main runner instance for webref project
+      webref-runner = {
+        enable = true;
+        
+        # Runner name (will appear in Gitea)
+        name = "nixos-runner-webref";
+        
+        # Gitea instance URL
+        url = "https://your-gitea-instance.com";
+        
+        # Runner token - Generate this from Gitea:
+        # Settings -> Actions -> Runners -> Create New Runner
+        # Store the token in a file and reference it here
+        tokenFile = "/var/secrets/gitea-runner-token";
+        
+        # Labels define what jobs this runner can handle
+        # Format: "label:docker_image" or just "label" for host execution
+        labels = [
+          # Native execution with Nix
+          "nix:native"
+          
+          # Ubuntu-like for compatibility
+          "ubuntu-latest:docker://node:20-bookworm"
+          
+          # Specific for this project
+          "webref:native"
+        ];
+        
+        # Host packages available to the runner
+        hostPackages = with pkgs; [
+          # Essential tools
+          bash
+          coreutils
+          curl
+          git
+          nix
+          
+          # Project-specific
+          nodejs
+          python3
+          postgresql
+          
+          # Binary cache
+          attic-client
+          
+          # Container runtime (optional)
+          docker
+          docker-compose
+        ];
+      };
+    };
+  };
+
+  # Enable Docker for service containers (PostgreSQL, MinIO, etc.)
+  virtualisation.docker = {
+    enable = true;
+    autoPrune.enable = true;
+    autoPrune.dates = "weekly";
+  };
+
+  # Ensure the runner user has access to Docker
+  users.users.gitea-runner = {
+    isSystemUser = true;
+    group = "gitea-runner";
+    extraGroups = [ "docker" ];
+  };
+
+  users.groups.gitea-runner = {};
+
+  # Allow runner to use Nix
+  nix.settings = {
+    allowed-users = [ "gitea-runner" ];
+    trusted-users = [ "gitea-runner" ];
+    
+    # Enable flakes for the runner
+    experimental-features = [ "nix-command" "flakes" ];
+    
+    # Optimize for CI performance
+    max-jobs = "auto";
+    cores = 0; # Use all available cores
+  };
+
+  # Network access for downloading packages
+  networking.firewall = {
+    # If your runner needs to expose ports, configure them here
+    # allowedTCPPorts = [ ];
+  };
+
+  # Systemd service optimizations
+  systemd.services."gitea-runner-webref-runner" = {
+    serviceConfig = {
+      # Resource limits (adjust based on your hardware)
+      MemoryMax = "8G";
+      CPUQuota = "400%"; # 4 cores
+      
+      # Restart policy
+      Restart = "always";
+      RestartSec = "10s";
+    };
+  };
+}
+