name: The Determinate Nix Installer
branding:
  icon: "box"
  color: "purple"
description: "Install Nix with the Determinate Nix Installer. See: https://github.com/DeterminateSystems/nix-installer"
inputs:
  backtrace:
    description: The setting for `RUST_BACKTRACE` (see https://doc.rust-lang.org/std/backtrace/index.html#environment-variables)
    required: false
  channels:
    description: Channel(s) to add (eg `nixpkgs=https://nixos.org/channels/nixpkgs-unstable`)
    required: false
  extra-args:
    description: Extra args to pass to the planner (prefer using structured `with:` arguments unless using a custom planner!)
    required: false
  extra-conf:
    description: Extra configuration lines for `/etc/nix/nix.conf` (includes `access-tokens` with `secrets.GITHUB_TOKEN` automatically if `github-token` is set)
    required: false
  github-token:
    description: A GitHub token for making authenticated requests (which have a higher rate-limit quota than unauthenticated requests)
    default: ${{ github.token }}
  init:
    description: "The init system to configure, requires `planner: linux-multi` (allowing the choice between `none` or `systemd`)"
    required: false
  local-root:
    description: A local `nix-installer` binary root, overrides the `nix-installer-url` setting (a `nix-installer.sh` script should exist, binaries should be named `nix-installer-$ARCH`, eg. `nix-installer-x86_64-linux`)
    required: false
  log-directives:
    description: A list of Tracing directives, comma separated, `-`s replaced with `_` (eg. `nix_installer=trace`, see https://docs.rs/tracing-subscriber/latest/tracing_subscriber/filter/struct.EnvFilter.html#directives)
    required: false
  logger:
    description: The logger to use for install (eg. `pretty`, `json`, `full`, `compact`)
    required: false
  mac-case-sensitive:
    description: "Use a case sensitive volume (`planner: macos` only)"
    required: false
  mac-encrypt:
    description: "Force encryption on the volume (`planner: macos` only)"
    required: false
  mac-root-disk:
    description: "The root disk of the target (`planner: macos` only)"
    required: false
  mac-volume-label:
    description: "The label for the created APFS volume (`planner: macos` only)"
    required: false
  modify-profile:
    description: Modify the user profile to automatically load nix
    required: false
  nix-build-group-id:
    description: The Nix build group GID
    required: false
  nix-build-group-name:
    description: The Nix build group name
    required: false
  nix-build-user-base:
    description: The Nix build user base UID (ascending)
    required: false
  nix-build-user-count:
    description: Number of build users to create
    required: false
  nix-build-user-prefix:
    description: The Nix build user prefix (user numbers will be postfixed)
    required: false
  nix-installer-branch:
    description: The branch of `nix-installer` to use (conflicts with `nix-installer-tag`, `nix-installer-revision`, `nix-installer-pr`)
    required: false
  nix-installer-pr:
    description: The PR of `nix-installer` to use (conflicts with `nix-installer-tag`, `nix-installer-revision`, `nix-installer-branch`)
    required: false
  nix-installer-revision:
    description: The revision of `nix-installer` to use (conflicts with `nix-installer-tag`, `nix-installer-branch`, `nix-installer-pr`)
    required: false
  nix-installer-tag:
    description: The tag of `nix-installer` to use (conflicts with `nix-installer-revision`, `nix-installer-branch`, `nix-installer-pr`)
    required: false
  nix-installer-url:
    description: A URL pointing to a `nix-installer.sh` script
    required: false
  nix-package-url:
    description: The Nix package URL
    required: false
  planner:
    description: A planner to use
    required: false
  reinstall:
    description: Force a reinstall if an existing installation is detected (consider backing up `/nix/store`)
    required: false
  start-daemon:
    description: "If the daemon should be started, requires `planner: linux-multi`"
    required: false
  diagnostic-endpoint:
    description: "Diagnostic endpoint url where the installer sends data to. To disable set this to an empty string."
    default: "https://install.determinate.systems/nix/diagnostic"
  trust-runner-user:
    description: Whether to make the runner user trusted by the Nix daemon
    default: "true"

runs:
  using: composite
  steps:
    - name: Install Nix
      shell: bash
      run: |
        if [ -f "/nix/receipt.json" ] && [ -f "/nix/nix-installer" ]; then
          if ([ -n "${{ inputs.nix-installer-revision }}" ] || [ -n "${{ inputs.nix-installer-branch }}" ]) && [ "${{ inputs.reinstall }}" != "true" ]; then
            echo "Detection of existing installation versions isn't supported when `nix-installer-revision` or `nix-installer-branch` are set, `reinstall: true` should also be set"
          fi

          if [ -n "${{ inputs.reinstall }}" ] && [ "${{ inputs.reinstall }}" == "true" ]; then
            /nix/nix-installer uninstall --no-confirm
          else
            EXISTING_VERSION=$(/nix/nix-installer --version | awk '{ print $2 }')
            if [ -n "${{ inputs.nix-installer-tag }}" ] && [ "${{ inputs.nix-installer-tag }}" != "$EXISTING_VERSION" ]; then
              echo "`nix-installer` version mismatch, use `reinstall: true` to reinstall Nix using the new `nix-installer` version (consider backing up `/nix/store`)"
              exit 1
            fi
            echo "Nix was already installed, using existing install"
            echo "/nix/var/nix/profiles/default/bin" >> $GITHUB_PATH
            exit 0
          fi
        fi

        if [ -n "${{ inputs.channels }}" ]; then
          export NIX_INSTALLER_CHANNELS=${{ inputs.channels }}
          echo "Set NIX_INSTALLER_CHANNELS=$NIX_INSTALLER_CHANNELS"
        fi

        if [ -n "${{ inputs.modify-profile }}" ]; then
          export NIX_INSTALLER_MODIFY_PROFILE=${{ inputs.modify-profile }}
          echo "Set NIX_INSTALLER_MODIFY_PROFILE=$NIX_INSTALLER_MODIFY_PROFILE"
        fi

        if [ -n "${{ inputs.nix-build-user-count }}" ]; then
          export NIX_INSTALLER_NIX_BUILD_USER_COUNT=${{ inputs.nix-build-user-count }}
          echo "Set NIX_INSTALLER_NIX_BUILD_USER_COUNT=$NIX_INSTALLER_NIX_BUILD_USER_COUNT"
        fi

        if [ -n "${{ inputs.nix-build-group-name }}" ]; then
          export NIX_INSTALLER_NIX_BUILD_GROUP_NAME=${{ inputs.nix-build-group-name }}
          echo "Set NIX_INSTALLER_NIX_BUILD_GROUP_NAME=$NIX_INSTALLER_NIX_BUILD_GROUP_NAME"
        fi

        if [ -n "${{ inputs.nix-build-group-id }}" ]; then
          export NIX_INSTALLER_NIX_BUILD_GROUP_ID=${{ inputs.nix-build-group-id }}
          echo "Set NIX_INSTALLER_NIX_BUILD_GROUP_ID=$NIX_INSTALLER_NIX_BUILD_GROUP_ID"
        fi

        if [ -n "${{ inputs.nix-build-user-prefix }}" ]; then
          export NIX_INSTALLER_NIX_BUILD_USER_ID_BASE=${{ inputs.nix-build-user-prefix }}
          echo "Set NIX_INSTALLER_NIX_BUILD_USER_ID_BASE=$NIX_INSTALLER_NIX_BUILD_USER_ID_BASE"
        fi

        if [ -n "${{ inputs.nix-build-user-base }}" ]; then
          export NIX_INSTALLER_NIX_BUILD_USER_PREFIX=${{ inputs.nix-build-user-base }}
          echo "Set NIX_INSTALLER_NIX_BUILD_USER_PREFIX=$NIX_INSTALLER_NIX_BUILD_USER_PREFIX"
        fi

        if [ -n "${{ inputs.nix-package-url }}" ]; then
          export NIX_INSTALLER_NIX_PACKAGE_URL=${{ inputs.nix-package-url }}
          echo "Set NIX_INSTALLER_NIX_PACKAGE_URL=$NIX_INSTALLER_NIX_PACKAGE_URL"
        fi

        NIX_EXTRA_CONF=""
        NEWLINE='
        '
        if [ -n "${{ inputs.extra-conf }}" ]; then
          NIX_EXTRA_CONF="${{ inputs.extra-conf }}"
        fi
        if [ -n "${{ inputs.github-token }}" ]; then
          NIX_EXTRA_CONF="${NIX_EXTRA_CONF:+$NIX_EXTRA_CONF$NEWLINE}access-tokens = github.com=${{ inputs.github-token }}"
        fi
        if [ "${{ inputs.trust-runner-user }}" == "true" ]; then
          NIX_EXTRA_CONF="${NIX_EXTRA_CONF:+$NIX_EXTRA_CONF$NEWLINE}trusted-users = root $USER"
        fi
        if [ -n "$NIX_EXTRA_CONF" ]; then
          export NIX_INSTALLER_EXTRA_CONF="$NIX_EXTRA_CONF"
          echo "Set NIX_INSTALLER_EXTRA_CONF=$NIX_INSTALLER_EXTRA_CONF"
        fi

        if [ -n "${{ inputs.mac-encrypt }}" ]; then
          export NIX_INSTALLER_ENCRYPT=${{ inputs.mac-encrypt }}
          echo "Set NIX_INSTALLER_ENCRYPT=$NIX_INSTALLER_ENCRYPT"
        fi

        if [ -n "${{ inputs.mac-case-sensitive }}" ]; then
          export NIX_INSTALLER_CASE_SENSITIVE=${{ inputs.mac-case-sensitive }}
          echo "Set NIX_INSTALLER_CASE_SENSITIVE=$NIX_INSTALLER_CASE_SENSITIVE"
        fi

        if [ -n "${{ inputs.mac-volume-label }}" ]; then
          export NIX_INSTALLER_VOLUME_LABEL=${{ inputs.mac-volume-label }}
          echo "Set NIX_INSTALLER_VOLUME_LABEL=$NIX_INSTALLER_VOLUME_LABEL"
        fi

        if [ -n "${{ inputs.mac-root-disk }}" ]; then
          export NIX_INSTALLER_ROOT_DISK=${{ inputs.mac-root-disk }}
          echo "Set NIX_INSTALLER_ROOT_DISK=$NIX_INSTALLER_ROOT_DISK"
        fi

        if [ -n "${{ inputs.nix-installer-pr }}" ] && [ -n "${{ inputs.nix-installer-tag }}" ]; then
          echo "The nix-installer-pr and nix-installer-tag options conflict, please choose one"
          exit 1
        fi
        if [ -n "${{ inputs.nix-installer-pr }}" ] && [ -n "${{ inputs.nix-installer-revision }}" ]; then
          echo "The nix-installer-pr and nix-installer-revision options conflict, please choose one"
          exit 1
        fi
        if [ -n "${{ inputs.nix-installer-pr }}" ] && [ -n "${{ inputs.nix-installer-branch }}" ]; then
          echo "The nix-installer-pr and nix-installer-branch options conflict, please choose one"
          exit 1
        fi
        if [ -n "${{ inputs.nix-installer-tag }}" ] && [ -n "${{ inputs.nix-installer-revision }}" ]; then
          echo "The nix-installer-tag and nix-installer-revision options conflict, please choose one"
          exit 1
        fi
        if [ -n "${{ inputs.nix-installer-branch }}" ] && [ -n "${{ inputs.nix-installer-revision }}" ]; then
          echo "The nix-installer-branch and nix-installer-revision options conflict, please choose one"
          exit 1
        fi
        if [ -n "${{ inputs.nix-installer-tag }}" ] && [ -n "${{ inputs.nix-installer-branch }}" ]; then
          echo "The nix-installer-tag and nix-installer-branch options conflict, please choose one"
          exit 1
        fi
        if [ -n "${{ inputs.nix-installer-url }}" ] && [ -n "${{ inputs.nix-installer-pr }}" ]; then
          echo "The nix-installer-url and nix-installer-pr options conflict, please choose one"
          exit 1
        fi
        if [ -n "${{ inputs.nix-installer-url }}" ] && [ -n "${{ inputs.nix-installer-tag }}" ]; then
          echo "The nix-installer-url and nix-installer-tag options conflict, please choose one"
          exit 1
        fi
        if [ -n "${{ inputs.nix-installer-url }}" ] && [ -n "${{ inputs.nix-installer-branch }}" ]; then
          echo "The nix-installer-url and nix-installer-branch options conflict, please choose one"
          exit 1
        fi

        if [ -n "${{ inputs.local-root }}" ]; then
          if [ "$RUNNER_OS" == "macOS" ]; then
            export PYTHON="python3"
          else
            export PYTHON="python"
          fi
          $PYTHON -m http.server --directory ${{ inputs.local-root }} --bind 0.0.0.0 8000 &
          export HTTP_PID=$!
          echo "Started simple http server for ${{ inputs.local-root }} on 0.0.0.0:8000"
          while (! (: </dev/tcp/localhost/8000) &> /dev/null); do
            sleep 1
          done
          export NIX_INSTALLER_FORCE_ALLOW_HTTP="1"
          echo "Set NIX_INSTALLER_FORCE_ALLOW_HTTP=$NIX_INSTALLER_FORCE_ALLOW_HTTP"
          export NIX_INSTALLER_URL=0.0.0.0:8000/nix-installer.sh
          echo "Set NIX_INSTALLER_URL=$NIX_INSTALLER_URL"
          export NIX_INSTALLER_BINARY_ROOT=http://0.0.0.0:8000/
          echo "Set NIX_INSTALLER_BINARY_ROOT=$NIX_INSTALLER_BINARY_ROOT"
          export NIX_INSTALLER_FORCE_ALLOW_HTTP=1
          echo "Set NIX_INSTALLER_FORCE_ALLOW_HTTP=$NIX_INSTALLER_FORCE_ALLOW_HTTP"
        else
          if [ -n "${{ inputs.nix-installer-url }}" ]; then
            export NIX_INSTALLER_URL=${{ inputs.nix-installer-url }}
          else
            if [ -n "${{ inputs.nix-installer-pr }}" ]; then
              export NIX_INSTALLER_URL=https://install.determinate.systems/nix/pr/${{ inputs.nix-installer-pr }}
            elif [ -n "${{ inputs.nix-installer-tag }}" ]; then
              export NIX_INSTALLER_URL=https://install.determinate.systems/nix/tag/${{ inputs.nix-installer-tag }}
            elif [ -n "${{ inputs.nix-installer-revision }}" ]; then
              export NIX_INSTALLER_URL=https://install.determinate.systems/nix/rev/${{ inputs.nix-installer-revision }}
            elif [ -n "${{ inputs.nix-installer-branch }}" ]; then
              export NIX_INSTALLER_URL=https://install.determinate.systems/nix/branch/${{ inputs.nix-installer-branch }}
            else
              export NIX_INSTALLER_URL=https://install.determinate.systems/nix
            fi
          fi
          echo "Set NIX_INSTALLER_URL=$NIX_INSTALLER_URL"
        fi

        if [ -n "${{ inputs.logger }}" ]; then
          export NIX_INSTALLER_LOGGER=${{ inputs.logger }}
          echo "Set NIX_INSTALLER_LOGGER=$NIX_INSTALLER_LOGGER"
        fi

        if [ -n "${{ inputs.init }}" ]; then
          export NIX_INSTALLER_INIT=${{ inputs.init }}
          echo "Set NIX_INSTALLER_INIT=$NIX_INSTALLER_INIT"
        fi

        if [ -n "${{ inputs.start-daemon }}" ]; then
          export NIX_INSTALLER_START_DAEMON=${{ inputs.start-daemon }}
          echo "Set NIX_INSTALLER_START_DAEMON=$NIX_INSTALLER_START_DAEMON"
        fi

        if [ -n "${{ inputs.log-directives }}" ]; then
          export NIX_INSTALLER_LOG_DIRECTIVES=${{ inputs.log-directives }}
          echo "Set NIX_INSTALLER_LOG_DIRECTIVES=$NIX_INSTALLER_LOG_DIRECTIVES"
        fi

        if [ -n "${{ inputs.backtrace }}" ]; then
          export RUST_BACKTRACE=${{ inputs.backtrace }}
          echo "Set RUST_BACKTRACE=$RUST_BACKTRACE"
        fi

        if [ -n "${{ inputs.diagnostic-endpoint }}" ]; then
          export NIX_INSTALLER_DIAGNOSTIC_ENDPOINT="${{ inputs.diagnostic-endpoint }}"
          echo "Set NIX_INSTALLER_DIAGNOSTIC_ENDPOINT=$NIX_INSTALLER_DIAGNOSTIC_ENDPOINT"
        fi

        export NIX_INSTALLER_NO_CONFIRM=true
        echo "Set NIX_INSTALLER_NO_CONFIRM=$NIX_INSTALLER_NO_CONFIRM"

        curl --retry 20 -L $NIX_INSTALLER_URL | sh -s -- install ${{ inputs.planner }} ${{ inputs.extra-args }}

        if [ -n "$HTTP_PID" ]; then
          kill $HTTP_PID
        fi