jcollie.dev / nixos-runner
NixOS-based container for running GitHub actions
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

more permission fixes

Jeffrey C. Ollie c4d876d1 fde5b979

+21 -23
+1 -1
build.zig
··· 13 13 options.addOption(u32, "uid", uid); 14 14 15 15 const exe = b.addExecutable(.{ 16 - .name = "execas", 16 + .name = b.fmt("execas-{d}", .{uid}), 17 17 .root_module = b.createModule(.{ 18 18 .root_source_file = b.path("src/main.zig"), 19 19 .target = target,
+18 -20
flake.nix
··· 334 334 echo "[]" > $out/manifest.nix 335 335 fi 336 336 ''; 337 - rootEnv = pkgs.buildPackages.buildEnv { 337 + userEnv = pkgs.buildPackages.buildEnv { 338 338 name = "root-profile-env"; 339 339 paths = defaultPkgs; 340 340 }; ··· 369 369 ''; 370 370 profile = pkgs.buildPackages.runCommand "user-environment" { } '' 371 371 mkdir $out 372 - cp -a ${rootEnv}/* $out/ 372 + cp -a ${userEnv}/* $out/ 373 373 ln -s ${manifest} $out/manifest.nix 374 374 ''; 375 375 in ··· 477 477 pkgs.dockerTools.buildLayeredImageWithNixDb { 478 478 name = "nixos-runner"; 479 479 tag = "latest"; 480 - # maxLayers = 2; 481 480 contents = [ 482 481 baseSystem 483 482 ] ··· 500 499 chmod u=rwxt,u=rwx,o=rwx tmp 501 500 chmod u=rwxt,u=rwx,o=rwx var/tmp 502 501 chown -R 1001:1001 github 503 - # chown -R 1001:1001 nix 504 502 ''; 505 503 config = 506 - let 507 - execas = pkgs.callPackage ./package.nix { 508 - uid = 1001; 509 - zig = zig.packages.${pkgs.stdenv.hostPlatform.system}.master; 510 - }; 511 - entrypoint = pkgs.writeShellScriptBin "setup" '' 512 - ${lib.getExe pkgs.nix} daemon --trusted >/dev/null 2>&1 & 504 + # let 505 + # execas-github = pkgs.callPackage ./package.nix { 506 + # uid = 1001; 507 + # zig = zig.packages.${pkgs.stdenv.hostPlatform.system}.master; 508 + # }; 509 + # entrypoint = pkgs.writeShellScriptBin "setup" '' 510 + # ${lib.getExe pkgs.nix} daemon --trusted >/dev/null 2>&1 & 513 511 514 - exec ${lib.getExe execas} "$@" 515 - ''; 516 - in 512 + # exec ${lib.getExe execas-github} "$@" 513 + # ''; 514 + # in 517 515 { 518 516 Cmd = [ "${pkgs.bashInteractive}/bin/bash" ]; 519 517 User = "0:0"; 520 - WorkingDir = "/github/home"; 521 - Entrypoint = [ "${lib.getExe entrypoint}" ]; 518 + # WorkingDir = "/github/home"; 519 + # Entrypoint = [ "${lib.getExe entrypoint}" ]; 522 520 Env = [ 523 - "USER=github" 521 + "USER=root" 524 522 "PATH=${ 525 523 lib.concatStringsSep ":" [ 526 - "/github/home/.nix-profile/bin" 524 + "/root/.nix-profile/bin" 527 525 "/nix/var/nix/profiles/default/bin" 528 526 "/nix/var/nix/profiles/default/sbin" 529 527 ] 530 528 }" 531 529 "MANPATH=${ 532 530 lib.concatStringsSep ":" [ 533 - "/github/home/.nix-profile/share/man" 531 + "/root/.nix-profile/share/man" 534 532 "/nix/var/nix/profiles/default/share/man" 535 533 ] 536 534 }" ··· 543 541 "SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" 544 542 "GIT_SSL_CAINFO=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" 545 543 "NIX_SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" 546 - "NIX_PATH=/nix/var/nix/profiles/per-user/github/channels:/github/home/.nix-defexpr/channels" 544 + "NIX_PATH=/nix/var/nix/profiles/per-user/root/channels:/root/home/.nix-defexpr/channels" 547 545 ]; 548 546 }; 549 547 };
+2 -2
package.nix
··· 9 9 ... 10 10 }: 11 11 stdenv.mkDerivation (finalAttrs: { 12 - name = "execas"; 12 + name = "execas-${toString uid}"; 13 13 src = lib.cleanSource ./.; 14 14 nativeBuildInputs = [ 15 15 zig ··· 18 18 "-Duid=${toString uid}" 19 19 ]; 20 20 meta = { 21 - mainProgram = "execas"; 21 + mainProgram = "execas-${toString uid}"; 22 22 license = lib.licenses.mit; 23 23 }; 24 24 })