workflow: pre-create nixbld group so the Nix install can run as root
The catthehacker runner image runs jobs as root and Nix's install script refuses to do a clean root install without the nixbld group + build users already in place — even with --no-daemon. Adding them inline keeps the workflow self-contained without swapping to a Nix-prebuilt container image. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
parent
670ff0a9f9
commit
b2b68603f7
1 changed files with 8 additions and 0 deletions
|
|
@ -18,6 +18,14 @@ jobs:
|
||||||
- name: Install Nix
|
- name: Install Nix
|
||||||
run: |
|
run: |
|
||||||
set -euxo pipefail
|
set -euxo pipefail
|
||||||
|
# The Nix install script refuses to run cleanly as root unless the
|
||||||
|
# nixbld group + users exist, even with --no-daemon. The runner's
|
||||||
|
# catthehacker image runs jobs as root, so create them first.
|
||||||
|
groupadd -r nixbld || true
|
||||||
|
for i in $(seq 1 10); do
|
||||||
|
useradd -r -g nixbld -G nixbld -d /var/empty -s /sbin/nologin \
|
||||||
|
-c "Nix build user $i" "nixbld$i" || true
|
||||||
|
done
|
||||||
curl --proto '=https' --tlsv1.2 -sSfL https://nixos.org/nix/install | sh -s -- --no-daemon
|
curl --proto '=https' --tlsv1.2 -sSfL https://nixos.org/nix/install | sh -s -- --no-daemon
|
||||||
echo "$HOME/.nix-profile/bin" >> "$GITHUB_PATH"
|
echo "$HOME/.nix-profile/bin" >> "$GITHUB_PATH"
|
||||||
mkdir -p ~/.config/nix
|
mkdir -p ~/.config/nix
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue