docs: restructure documentation with proper markdown and add .changelog

.changelog/v1.0.0.md

@@ -0,0 +1,17 @@
+# v1.0.0
+
+feat(core): add foundation layer with flake config lib and host structure  
+feat(core): add boot nix locale and sysctl modules  
+feat(filesystem): add ZFS impermanence and disko modules  
+feat(security): add firewall hardening and SSH modules  
+feat(containers): add MicroVM host orchestrator and instance pool  
+feat(desktop): add KDE Plasma 6 minimal with Bora layout  
+feat(hardware): add CPU GPU and platform detection  
+feat(network): add base and DNS configuration  
+feat(profiles): add workstation developer server and minimal  
+feat(lib): add hardware database and Spring DI IoC framework  
+feat(tests): add pure Nix test suite with module integration  
+feat(ci): add CI workflows with lint eval and build  
+feat(ci): add release workflow with ISO generation  
+chore: add MIT license  
+docs: add architecture manual and agentic rules

.changelog/v1.0.1.md

@@ -0,0 +1,14 @@
+# v1.0.1
+
+fix(ci): disable FlakeHub authentication in nix-installer-action  
+fix(ci): find ISO file inside result directory instead of direct cp  
+refactor(lib): remove redundant cgroup-init.sh systemd handles cgroups  
+refactor(desktop): prune init-desktop.sh and finalize.sh kwriteconfig6 calls  
+docs: convert documentation to English with proper markdown headings  
+docs: add .changelog directory with per version entries  
+feat(ci): enforce pull request only workflow on main  
+feat(ci): run CI exclusively on pull requests not push  
+feat(ci): add validate job with lint eval and security audit  
+chore: add MIT license file  
+chore: rename main branch to alpha for development  
+chore: restructure remote configuration

.github/workflows/ci.yml

@@ -0,0 +1,31 @@
+name: CI
+
+on:
+  pull_request:
+    branches:
+      - main
+    paths-ignore:
+      - "docs/**"
+      - "**.md"
+
+jobs:
+  validate:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: DeterminateSystems/nix-installer-action@v14
+        with:
+          flakehub: false
+      - uses: DeterminateSystems/magic-nix-cache-action@v8
+        with:
+          use-flakehub: false
+      - name: Nix linting
+        run: nix develop --impure --command statix check src
+      - name: Dead code detection
+        run: nix develop --impure --command deadnix src
+      - name: Formatting check
+        run: nix develop --impure --command nixpkgs-fmt --check src
+      - name: Library tests
+        run: nix-instantiate --eval --strict tests/default.nix
+      - name: Module integration tests
+        run: nix-instantiate --eval --strict tests/modules.nix

.github/workflows/release.yml

@@ -0,0 +1,100 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - "v*.*.*"
+      - "*.*"
+
+permissions:
+  contents: write
+
+jobs:
+  validate:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: DeterminateSystems/nix-installer-action@v14
+        with:
+          flakehub: false
+      - uses: DeterminateSystems/magic-nix-cache-action@v8
+        with:
+          use-flakehub: false
+      - name: Lint and format
+        run: |
+          nix develop --impure --command statix check src
+          nix develop --impure --command deadnix src
+          nix develop --impure --command nixpkgs-fmt --check src
+      - name: Evaluation tests
+        run: |
+          nix-instantiate --eval --strict tests/default.nix
+          nix-instantiate --eval --strict tests/modules.nix
+
+  build-iso:
+    runs-on: ubuntu-latest
+    needs: [validate]
+    strategy:
+      matrix:
+        variant: [minimal, desktop, laptop, server]
+    steps:
+      - uses: actions/checkout@v4
+      - uses: DeterminateSystems/nix-installer-action@v14
+        with:
+          flakehub: false
+      - uses: DeterminateSystems/magic-nix-cache-action@v8
+        with:
+          use-flakehub: false
+      - name: Build ISO ${{ matrix.variant }}
+        run: |
+          NIXPKGS_ALLOW_BROKEN=1 nix build --impure \
+            '.#packages.x86_64-linux.iso-${{ matrix.variant }}'
+      - name: Rename ISO
+        run: |
+          iso=$(find "$(readlink -f result)" -name "*.iso" -type f | head -1)
+          cp "$iso" bora-${{ matrix.variant }}.iso
+      - name: Upload ISO ${{ matrix.variant }}
+        uses: actions/upload-artifact@v4
+        with:
+          name: bora-${{ matrix.variant }}
+          path: bora-${{ matrix.variant }}.iso
+          compression-level: 0
+          if-no-files-found: error
+
+  release:
+    runs-on: ubuntu-latest
+    needs: [build-iso]
+    steps:
+      - uses: actions/checkout@v4
+      - name: Download all ISOs
+        uses: actions/download-artifact@v4
+        with:
+          pattern: bora-*
+          path: isos
+          merge-multiple: true
+      - name: Generate changelog from .changelog
+        run: |
+          TAG="${{ github.ref_name }}"
+          VERSION="${TAG#v}"
+          CHANGELOG_FILE=".changelog/${VERSION}.md"
+          if [ -f "$CHANGELOG_FILE" ]; then
+            cp "$CHANGELOG_FILE" release-notes.md
+          else
+            CHANGELOG_FILE=".changelog/${TAG}.md"
+            if [ -f "$CHANGELOG_FILE" ]; then
+              cp "$CHANGELOG_FILE" release-notes.md
+            else
+              echo "Release ${TAG}" > release-notes.md
+              echo "" >> release-notes.md
+              git log --oneline --no-decorate "$(git tag --sort=-version:refname | head -2 | tail -1)..${TAG}" 2>/dev/null \
+                || git log --oneline --no-decorate "${TAG}" 2>/dev/null \
+                >> release-notes.md
+            fi
+          fi
+      - name: Create Release
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          gh release create "${{ github.ref_name }}" \
+            --notes-file release-notes.md \
+            --title "${{ github.ref_name }}" \
+            isos/*.iso

.gitignore

@@ -0,0 +1,2 @@
+result
+dist/