• Stars
    star
    150
  • Rank 247,323 (Top 5 %)
  • Language
    TypeScript
  • License
    GNU Lesser Genera...
  • Created almost 2 years ago
  • Updated 3 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

The Github Action for the Determinate Nix Installer

The Determinate Nix Installer Action

Based on the Determinate Nix Installer, responsible for over tens of thousands of Nix installs daily. The fast, friendly, and reliable GitHub Action to install Nix with Flakes.

Supports

  • βœ… Accelerated KVM on open source projects and larger runners. See GitHub's announcement for more info.
  • βœ… Linux, x86_64, aarch64, and i686
  • βœ… macOS, x86_64 and aarch64
  • βœ… WSL2, x86_64 and aarch64
  • βœ… Containers
  • βœ… Valve's SteamOS
  • βœ… GitHub Enterprise Server
  • βœ… GitHub Hosted, self-hosted, and long running Actions Runners

Usage

on:
  pull_request:
  push:
    branches: [main]

jobs:
  lints:
    name: Build
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - uses: DeterminateSystems/nix-installer-action@main
      - run: nix build .

With FlakeHub

To fetch private flakes from FlakeHub, update the permissions block and pass flakehub: true:

on:
  pull_request:
  push:
    branches: [main]

jobs:
  lints:
    name: Build
    runs-on: ubuntu-latest
    permissions:
      id-token: "write"
      contents: "read"
    steps:
      - uses: actions/checkout@v3
      - uses: DeterminateSystems/nix-installer-action@main
        with:
          flakehub: true
      - run: nix build .

See .github/workflows/ci.yml for a full example.

Advanced Usage

  • If KVM is available, the installer sets up KVM so that Nix can use it ,and exports the DETERMINATE_NIX_KVM environment variable set to 1. If KVM is not available, DETERMINATE_NIX_KVM is set to 0. This can be used in combination with GitHub Actions' if syntax for turning on and off steps.

Installation Differences

Differing from the upstream Nix installer scripts:

  • In nix.conf:
    • the nix-command and flakes features are enabled
    • bash-prompt-prefix is set
    • auto-optimise-store is set to true (On Linux only)
    • extra-nix-path is set to nixpkgs=flake:nixpkgs
    • max-jobs is set to auto
  • KVM is enabled by default.
  • an installation receipt (for uninstalling) is stored at /nix/receipt.json as well as a copy of the install binary at /nix/nix-installer
  • nix-channel --update is not run, ~/.nix-channels is not provisioned
  • ssl-cert-file is set in /etc/nix/nix.conf if the ssl-cert-file argument is used.

Configuration

Parameter Description Type Default
backtrace The setting for RUST_BACKTRACE string
extra-args Extra arguments to pass to the planner (prefer using structured with: arguments unless using a custom planner!) string
extra-conf Extra configuration lines for /etc/nix/nix.conf (includes access-tokens with secrets.GITHUB_TOKEN automatically if github-token is set) string
flakehub Log in to FlakeHub to pull private flakes using the GitHub Actions JSON Web Token (JWT), which is bound to the api.flakehub.com audience. Boolean false
force-docker-shim Force the use of Docker as a process supervisor. This setting is automatically enabled when necessary. Boolean false
github-token A GitHub token for making authenticated requests (which have a higher rate-limit quota than unauthenticated requests) string ${{ github.token }}
github-server-url The URL for the GitHub server, to use with the github-token token. Defaults to the current GitHub server, supporting GitHub Enterprise Server automatically. Only change this value if the provided github-token is for a different GitHub server than the current server. string ${{ github.server }}
init The init system to configure (requires planner: linux-multi) enum (none or systemd)
kvm Automatically configure the GitHub Actions Runner for NixOS test support, if the host supports it. Boolean true
local-root A local nix-installer binary root. Overrides the nix-installer-url setting (a nix-installer.sh should exist, binaries should be named nix-installer-$ARCH, eg. nix-installer-x86_64-linux). Boolean false
log-directives A list of tracing directives, comma separated with -s replaced with _ (eg. nix_installer=trace) string
logger The logger to use during installation enum (pretty, json, full, compact)
mac-case-sensitive Use a case-sensitive volume (planner: macos only) Boolean false
mac-encrypt Force encryption on the volume (planner: macos only) Boolean false
mac-root-disk The root disk of the target (planner: macos only) string
mac-volume-label The label for the created APFS volume (planner: macos only) string
modify-profile Modify the user profile to automatically load Nix Boolean false
nix-build-group-id The Nix build group GID integer
nix-build-group-name The Nix build group name string
nix-build-user-base The Nix build user base UID (ascending) integer
nix-build-user-count The number of build users to create integer 32
nix-build-user-prefix The Nix build user prefix (user numbers will be postfixed) string
nix-installer-branch The branch of nix-installer to use (conflicts with the nix-installer-tag, nix-installer-revision, and nix-installer-branch) string
nix-installer-pr The pull request of nix-installer to use (conflicts with nix-installer-tag, nix-installer-revision, and nix-installer-branch) integer
nix-installer-revision The revision of nix-installer to use (conflicts with nix-installer-tag, nix-installer-branch, and nix-installer-pr) string
nix-installer-tag The tag of nix-installer to use (conflicts with nix-installer-revision, nix-installer-branch, nix-installer-pr) string
nix-installer-url A URL pointing to a nix-installer.sh script URL https://install.determinate.systems/nix
nix-package-url The Nix package URL URL
planner The installation planner to use enum (linux or macos)
reinstall Force a reinstall if an existing installation is detected (consider backing up /nix/store) Boolean false
start-daemon If the daemon should be started, requires planner: linux-multi Boolean false
trust-runner-user Whether to make the runner user trusted by the Nix daemon Boolean true
diagnostic-endpoint Diagnostic endpoint url where the installer sends install diagnostic reports to, to disable set this to an empty string string https://install.determinate.systems/nix/diagnostic
proxy The proxy to use (if any), valid proxy bases are https://$URL, http://$URL and socks5://$URL string
ssl-cert-file An SSL cert to use (if any), used for fetching Nix and sets NIX_SSL_CERT_FILE for Nix string

More Repositories

1

nix-installer

Install Nix and flakes with the fast and reliable Determinate Nix Installer, with over 2 million installs.
Rust
1,919
star
2

zero-to-nix

Zero to Nix is your guide to learning Nix and flakes. Created by Determinate Systems.
MDX
890
star
3

riff

Riff automatically provides external dependencies for Rust projects, with support for other languages coming soon.
Rust
487
star
4

magic-nix-cache-action

Save 30-50%+ of CI time without any effort or cost. Use Magic Nix Cache, a totally free and zero-configuration binary cache for Nix on GitHub Actions.
TypeScript
354
star
5

magic-nix-cache

Save 30-50%+ of CI time without any effort or cost. Use Magic Nix Cache, a totally free and zero-configuration binary cache for Nix on GitHub Actions.
Rust
231
star
6

update-flake-lock

Automatically refresh your Nix Flakes.
TypeScript
226
star
7

nuenv

A Nushell environment for Nix
Nushell
196
star
8

nix-netboot-serve

Make any NixOS system netbootable with 10s cycle times.
Rust
196
star
9

flake-checker

Health checks for your Nix flakes
Rust
160
star
10

fh

The official CLI for FlakeHub: search for flakes, and add new inputs to your Nix flake.
Rust
110
star
11

bootspec-secureboot

Rust
88
star
12

nix-to-kubernetes

An example of deploying Nix-built Docker images to Kubernetes.Not act
Nix
78
star
13

flake-schemas

Schemas for common flake output types
Nix
77
star
14

macos-ephemeral

Scripts and instructions for making ephemeral macOS machines with Mosyle MDM support.
Shell
76
star
15

flake-checker-action

A GitHub Action that performs health checks for your Nix flake.lock files
TypeScript
45
star
16

nixos-vault-service

Nix
43
star
17

terraform-provider-hydra

Declaratively configure your Hydra server with Terraform.
Go
43
star
18

nix-github-actions

An example project showing how to use Nix to replace third-party GitHub Actions
Nix
43
star
19

nix-policy

Experiments with Nix and Open Policy Agent
Nix
27
star
20

bonk

Erase macOS machines over Tailscale.
Go
26
star
21

flakehub-push

Release your Nix flake to FlakeHub.com.
Rust
26
star
22

bootspec

Implementation of RFC-0125's datatype and synthesis tooling.
Rust
23
star
23

nix-wasm-example

Nix
19
star
24

nix-copy-deploy

An example project for the nix copy utility
Shell
13
star
25

zpool-auto-expand-partitions

Rust
12
star
26

hydra-github-jobsets-generator

Generate declarative jobsets for a project's GitHub repository.
Rust
12
star
27

dhcpv6macd

A DHCPv6 service which assigns IPv6 addresses strictly on MAC address only. Potentially violates RFCs and specs.
Nix
11
star
28

nixos-example-openstack

An example of building and pushing images for Openstack.
Nix
10
star
29

apple-sdks.nix

Experimental extraction of Apple SDKs.
Nix
9
star
30

nix-cpio-generator

Rust
9
star
31

hydra-examples

Example files for Hydra.
Nix
8
star
32

cpiotools

Tools for examining CPIOs.
Rust
7
star
33

prometheus-weather-gov

An example Nix project using Python, with a NixOS Module, NixOS test, and Docker image.
Python
7
star
34

hydra-nixos-org-configuration

A mirror of the project and jobset configurations on hydra.nixos.org.
HCL
6
star
35

nix

Tracks the fallback paths for Nix, to allow upgrades on our schedule.
Nix
6
star
36

nix-config-parser

Rust
6
star
37

asset-tagger

Print asset tags.
Shell
4
star
38

inspect

Inspect a flake's outputs with flake schemas.
Nix
4
star
39

search-detsys-dev

Python
4
star
40

flakehub-mirror

TypeScript
4
star
41

templates

Ready-made flake templates to get started with Nix
Nix
3
star
42

export

Export arbitrary bytes from Rust to various shells and interpreters.
Rust
3
star
43

elixir-nix

Nix
2
star
44

coldsnap.nix

Nix
2
star
45

hydra-scale-equinix-metal

Scale Equinix Metal builders based on Hydra usage.
Rust
2
star
46

scanoss-nix

Packages for the ScanOSS tool set.
Nix
2
star
47

detsys-ts

TypeScript
2
star
48

hydra-runcommand-logs

Experiments logging to the journal from RunCommand.
Nix
2
star
49

ci

Determinate CI is the one-stop shop for effortless Nix CI in GitHub Actions.
2
star
50

flakehub-docs

FlakeHub documentation
MDX
2
star
51

install-riff-action

A GitHub Action for installing Riff
Shell
1
star
52

homebrew-riff

A Homebrew formula for Riff
Ruby
1
star
53

karonte-nix

Python
1
star
54

github-actions-oidc-claims

Rust
1
star
55

nix-installer-example

Nix
1
star
56

linear-import-nix

Nix
1
star
57

pickup.nix

Nix
1
star
58

hydra-github-jobsets-example-project

1
star
59

hydra-test-migrate-to-s3

Test migrating a Hydra instance from a local cache to an S3-backed cache.
Nix
1
star
60

buildkite-install-nix-macos

A Buildkite workflow to install Nix on macOS
Shell
1
star
61

update-flake-lock-test-template

A template repository for testing changes to https://github.com/DeterminateSystems/update-flake-lock/
Nix
1
star
62

marp-nix

Nix
1
star
63

fh-init-example-project

Python
1
star
64

.github

Determinate Systems
1
star
65

ipxe-boot-lab

Local lab for testing iPXE boot in user network namespaces.
Rust
1
star
66

mlnx-workspace

Nix
1
star
67

store-paths

Nix
1
star