jcollie.dev / nixos-runner
NixOS-based container for running GitHub actions
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

try switching to github user

Jeffrey C. Ollie 974137f5 99dc5487

+42 -4
+3
.github/workflows/build2.yaml
··· 28 28 29 29 - name: test 30 30 run: | 31 + whoami 31 32 set 32 33 echo $HOME 33 34 ls -la $HOME 35 + echo ${{ github.workspace }} 36 + ls -la ${{ github.workspace }} 34 37 35 38 - name: Configure safe directories 36 39 run: |
+39 -4
flake.nix
··· 104 104 groups = [ "root" ]; 105 105 description = "System administrator"; 106 106 }; 107 + github = { 108 + uid = 1001; 109 + shell = "${pkgs.bashInteractive}/bin/bash"; 110 + home = "/github/home"; 111 + gid = 1001; 112 + groups = [ "github" ]; 113 + description = "Github runner"; 114 + }; 107 115 nobody = { 108 116 uid = 65534; 109 117 shell = "${pkgs.shadow}/bin/nologin"; ··· 127 135 128 136 groups = { 129 137 root.gid = 0; 138 + github.gid = 1001; 130 139 nixbld.gid = 30000; 131 140 nobody.gid = 65534; 132 141 }; ··· 260 269 directory = * 261 270 ''; 262 271 272 + sudoers = '' 273 + root ALL=(ALL:ALL) SETENV:ALL 274 + github ALL=(ALL:ALL) NOPASSWD:ALL SETENV:ALL 275 + ''; 276 + 263 277 baseSystem = 264 278 let 265 279 nixpkgs = pkgs.path; ··· 321 335 passwdContents 322 336 shadowContents 323 337 gitConfig 338 + sudoers 324 339 ; 325 340 passAsFile = [ 326 341 "containerPolicy" ··· 332 347 "passwdContents" 333 348 "shadowContents" 334 349 "gitConfig" 350 + "sudoers" 335 351 ]; 336 352 allowSubstitutes = false; 337 353 preferLocalBuild = true; ··· 348 364 echo "" >> $out/etc/group 349 365 cat $shadowContentsPath > $out/etc/shadow 350 366 echo "" >> $out/etc/shadow 367 + cat $sudoersPath > $out/etc/sudoers 351 368 mkdir -p $out/usr 352 369 ln -s /nix/var/nix/profiles/share $out/usr/ 353 370 mkdir -p $out/nix/var/nix/gcroots ··· 357 374 cat $nixConfContentsPath > $out/etc/nix/nix.conf 358 375 mkdir -p $out/root 359 376 mkdir -p $out/nix/var/nix/profiles/per-user/root 377 + mkdir -p $out/github 378 + mkdir -p $out/github/home 379 + mkdir -p $out/nix/var/nix/profiles/per-user/github 360 380 361 381 mkdir -p $out/etc/containers 362 382 mkdir -p $out/etc/containers/networks ··· 370 390 ln -s ${profile} $out/nix/var/nix/profiles/default-1-link 371 391 ln -s $out/nix/var/nix/profiles/default-1-link $out/nix/var/nix/profiles/default 372 392 ln -s /nix/var/nix/profiles/default $out/root/.nix-profile 393 + ln -s /nix/var/nix/profiles/default $out/github/home/.nix-profile 373 394 ln -s ${channel} $out/nix/var/nix/profiles/per-user/root/channels-1-link 374 395 ln -s $out/nix/var/nix/profiles/per-user/root/channels-1-link $out/nix/var/nix/profiles/per-user/root/channels 375 396 ··· 377 398 ln -s $out/nix/var/nix/profiles/per-user/root/channels $out/root/.nix-defexpr/channels 378 399 echo "${channelURL} ${channelName}" > $out/root/.nix-channels 379 400 401 + mkdir -p $out/github/home/.nix-defexpr 402 + ln -s $out/nix/var/nix/profiles/per-user/github/channels $out/github/home/.nix-defexpr/channels 403 + echo "${channelURL} ${channelName}" > $out/github/home/.nix-channels 404 + 380 405 mkdir -p $out/root/.config/git 381 406 cat $gitConfigPath > $out/root/.config/git/config 407 + mkdir -p $out/github/home/.config/git 408 + cat $gitConfigPath > $out/github/home/.config/git/config 382 409 383 410 mkdir -p $out/bin $out/usr/bin 384 411 ln -s ${pkgs.coreutils}/bin/env $out/usr/bin/env 385 412 ln -s ${pkgs.bashInteractive}/bin/bash $out/bin/sh 413 + 386 414 '' 387 415 + (lib.optionalString (flake-registry != null) '' 388 416 nixCacheDir="/root/.cache/nix" ··· 409 437 fakeRootCommands = '' 410 438 chmod 1777 tmp 411 439 chmod 1777 var/tmp 440 + chown 1001:1001 github 441 + chown 1001:1001 github/home 442 + chown 1001:1001 github/home/.nix-defexpr 443 + chown 1001:1001 github/home/.config 444 + chown 1001:1001 github/home/.config/git 445 + chown 1001:1001 github/home/.config/git/config 412 446 ''; 413 447 config = { 414 448 Cmd = [ "${pkgs.bashInteractive}/bin/bash" ]; 449 + User = "github"; 415 450 Env = [ 416 - "USER=root" 451 + "USER=github" 417 452 "PATH=${ 418 453 lib.concatStringsSep ":" [ 419 - "/root/.nix-profile/bin" 454 + "/github/home/.nix-profile/bin" 420 455 "/nix/var/nix/profiles/default/bin" 421 456 "/nix/var/nix/profiles/default/sbin" 422 457 ] 423 458 }" 424 459 "MANPATH=${ 425 460 lib.concatStringsSep ":" [ 426 - "/root/.nix-profile/share/man" 461 + "/github/home/.nix-profile/share/man" 427 462 "/nix/var/nix/profiles/default/share/man" 428 463 ] 429 464 }" ··· 436 471 "SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" 437 472 "GIT_SSL_CAINFO=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" 438 473 "NIX_SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" 439 - "NIX_PATH=/nix/var/nix/profiles/per-user/root/channels:/root/.nix-defexpr/channels" 474 + "NIX_PATH=/nix/var/nix/profiles/per-user/github/channels:/github/home/.nix-defexpr/channels" 440 475 ]; 441 476 }; 442 477 };