alo-cluster/nix-runner

Nix Runner for Gitea Actions

Custom Docker image for running Nix builds in CI.

What's Included

• Nix with flakes enabled (experimental-features = nix-command flakes)
• Node.js 20 for JavaScript-based GitHub Actions
• Tools: git, curl, jq, skopeo, bash, coreutils
• Binary caches:
  • c3.mule-stork.ts.net:8501 (local cache proxy)
  • cache.nixos.org (official)

Usage

In your workflow:

jobs:
  build:
    runs-on: nix
    steps:
      - uses: actions/checkout@v4
      - run: nix build .#myPackage

The nix label is configured in services/act-runner.hcl.

Current Version

Tag: v4 Image: gitea.v.paler.net/alo/nix-runner:v4

Updating the Runner

1. Edit flake.nix

Make your changes, then bump the tag:

tag = "v5";  # was v4

2. Build

cd nix-runner
nix build

3. Push to Registry

skopeo copy --dest-authfile ~/.docker/config.json \
  docker-archive:result \
  docker://gitea.v.paler.net/alo/nix-runner:v5

4. Update act-runner

Edit services/act-runner.hcl:

GITEA_RUNNER_LABELS = "ubuntu-latest:docker://node:20-bookworm,nix:docker://gitea.v.paler.net/alo/nix-runner:v5"

5. Re-register Runner

sudo rm /data/services/act-runner/.runner
nomad run services/act-runner.hcl

The runner will re-register with the new labels.

Configuration

The image uses NIX_CONFIG environment variable for Nix settings:

experimental-features = nix-command flakes
sandbox = false
build-users-group =
substituters = http://c3.mule-stork.ts.net:8501 https://cache.nixos.org
trusted-public-keys = cache.nixos.org-1:... c3:...

Troubleshooting

Build fails with build-users-group error

The image runs as root without the nixbld group. This is handled by build-users-group = in NIX_CONFIG.

Can't fetch from cache

Check that the runner container can reach c3.mule-stork.ts.net:8501 (Tailscale network).

Missing tool

Add it to paths in flake.nix and rebuild/push a new version.