name: The Determinate Nix Installer branding: icon: "box" color: "purple" description: "Install Nix with the Determinate Nix Installer. See: https://github.com/DeterminateSystems/nix-installer" inputs: backtrace: description: The setting for `RUST_BACKTRACE` (see https://doc.rust-lang.org/std/backtrace/index.html#environment-variables) required: false extra-args: description: Extra args to pass to the planner (prefer using structured `with:` arguments unless using a custom planner!) required: false extra-conf: description: Extra configuration lines for `/etc/nix/nix.conf` (includes `access-tokens` with `secrets.GITHUB_TOKEN` automatically if `github-token` is set) required: false github-token: description: A GitHub token for making authenticated requests (which have a higher rate-limit quota than unauthenticated requests) default: ${{ github.token }} init: description: "The init system to configure, requires `planner: linux-multi` (allowing the choice between `none` or `systemd`)" required: false local-root: description: A local `nix-installer` binary root, overrides the `nix-installer-url` setting (a `nix-installer.sh` script should exist, binaries should be named `nix-installer-$ARCH`, eg. `nix-installer-x86_64-linux`) required: false log-directives: description: A list of Tracing directives, comma separated, `-`s replaced with `_` (eg. `nix_installer=trace`, see https://docs.rs/tracing-subscriber/latest/tracing_subscriber/filter/struct.EnvFilter.html#directives) required: false logger: description: The logger to use for install (eg. `pretty`, `json`, `full`, `compact`) required: false ssl-cert-file: description: "An SSL cert to use (if any), used for fetching Nix and sets `NIX_SSL_CERT_FILE` for Nix" required: false pproxy: description: "The proxy to use (if any), valid proxy bases are `https://$URL`, `http://$URL` and `socks5://$URL`" required: false mac-case-sensitive: description: "Use a case sensitive volume (`planner: macos` only)" required: false mac-encrypt: description: "Force encryption on the volume (`planner: macos` only)" required: false mac-root-disk: description: "The root disk of the target (`planner: macos` only)" required: false mac-volume-label: description: "The label for the created APFS volume (`planner: macos` only)" required: false modify-profile: description: Modify the user profile to automatically load nix required: false nix-build-group-id: description: The Nix build group GID required: false nix-build-group-name: description: The Nix build group name required: false nix-build-user-base: description: The Nix build user base UID (ascending) required: false nix-build-user-count: description: Number of build users to create required: false nix-build-user-prefix: description: The Nix build user prefix (user numbers will be postfixed) required: false nix-installer-branch: description: The branch of `nix-installer` to use (conflicts with `nix-installer-tag`, `nix-installer-revision`, `nix-installer-pr`) required: false nix-installer-pr: description: The PR of `nix-installer` to use (conflicts with `nix-installer-tag`, `nix-installer-revision`, `nix-installer-branch`) required: false nix-installer-revision: description: The revision of `nix-installer` to use (conflicts with `nix-installer-tag`, `nix-installer-branch`, `nix-installer-pr`) required: false nix-installer-tag: description: The tag of `nix-installer` to use (conflicts with `nix-installer-revision`, `nix-installer-branch`, `nix-installer-pr`) required: false nix-installer-url: description: A URL pointing to a `nix-installer.sh` script required: false nix-package-url: description: The Nix package URL required: false planner: description: A planner to use required: false reinstall: description: Force a reinstall if an existing installation is detected (consider backing up `/nix/store`) required: false start-daemon: description: "If the daemon should be started, requires `planner: linux-multi`" required: false diagnostic-endpoint: description: "Diagnostic endpoint url where the installer sends data to. To disable set this to an empty string." default: "https://install.determinate.systems/nix/diagnostic" trust-runner-user: description: Whether to make the runner user trusted by the Nix daemon default: "true" runs: using: composite steps: - name: Install Nix shell: bash run: | if [ -f "/nix/receipt.json" ] && [ -f "/nix/nix-installer" ]; then if ([ -n "${{ inputs.nix-installer-revision }}" ] || [ -n "${{ inputs.nix-installer-branch }}" ]) && [ "${{ inputs.reinstall }}" != "true" ]; then echo "Detection of existing installation versions isn't supported when `nix-installer-revision` or `nix-installer-branch` are set, `reinstall: true` should also be set" fi if [ -n "${{ inputs.reinstall }}" ] && [ "${{ inputs.reinstall }}" == "true" ]; then /nix/nix-installer uninstall --no-confirm else EXISTING_VERSION=$(/nix/nix-installer --version | awk '{ print $2 }') if [ -n "${{ inputs.nix-installer-tag }}" ] && [ "${{ inputs.nix-installer-tag }}" != "$EXISTING_VERSION" ]; then echo "`nix-installer` version mismatch, use `reinstall: true` to reinstall Nix using the new `nix-installer` version (consider backing up `/nix/store`)" exit 1 fi echo "Nix was already installed, using existing install" echo "/nix/var/nix/profiles/default/bin" >> $GITHUB_PATH echo "$HOME/.nix-profile/bin" >> $GITHUB_PATH exit 0 fi fi if [ -n "${{ inputs.modify-profile }}" ]; then export NIX_INSTALLER_MODIFY_PROFILE=${{ inputs.modify-profile }} echo "Set NIX_INSTALLER_MODIFY_PROFILE=$NIX_INSTALLER_MODIFY_PROFILE" fi if [ -n "${{ inputs.nix-build-user-count }}" ]; then export NIX_INSTALLER_NIX_BUILD_USER_COUNT=${{ inputs.nix-build-user-count }} echo "Set NIX_INSTALLER_NIX_BUILD_USER_COUNT=$NIX_INSTALLER_NIX_BUILD_USER_COUNT" fi if [ -n "${{ inputs.nix-build-group-name }}" ]; then export NIX_INSTALLER_NIX_BUILD_GROUP_NAME=${{ inputs.nix-build-group-name }} echo "Set NIX_INSTALLER_NIX_BUILD_GROUP_NAME=$NIX_INSTALLER_NIX_BUILD_GROUP_NAME" fi if [ -n "${{ inputs.nix-build-group-id }}" ]; then export NIX_INSTALLER_NIX_BUILD_GROUP_ID=${{ inputs.nix-build-group-id }} echo "Set NIX_INSTALLER_NIX_BUILD_GROUP_ID=$NIX_INSTALLER_NIX_BUILD_GROUP_ID" fi if [ -n "${{ inputs.nix-build-user-prefix }}" ]; then export NIX_INSTALLER_NIX_BUILD_USER_ID_BASE=${{ inputs.nix-build-user-prefix }} echo "Set NIX_INSTALLER_NIX_BUILD_USER_ID_BASE=$NIX_INSTALLER_NIX_BUILD_USER_ID_BASE" fi if [ -n "${{ inputs.nix-build-user-base }}" ]; then export NIX_INSTALLER_NIX_BUILD_USER_PREFIX=${{ inputs.nix-build-user-base }} echo "Set NIX_INSTALLER_NIX_BUILD_USER_PREFIX=$NIX_INSTALLER_NIX_BUILD_USER_PREFIX" fi if [ -n "${{ inputs.nix-package-url }}" ]; then export NIX_INSTALLER_NIX_PACKAGE_URL=${{ inputs.nix-package-url }} echo "Set NIX_INSTALLER_NIX_PACKAGE_URL=$NIX_INSTALLER_NIX_PACKAGE_URL" fi NIX_EXTRA_CONF_FILE=/tmp/tmp.jvU0yFBwoanix-installer-extra-conf if [ -n "${{ inputs.extra-conf }}" ]; then echo "${{ inputs.extra-conf }}" | tee -a ${NIX_EXTRA_CONF_FILE} fi if [ -n "${{ inputs.github-token }}" ]; then echo "access-tokens = github.com=${{ inputs.github-token }}" | tee -a ${NIX_EXTRA_CONF_FILE} fi if [ "${{ inputs.trust-runner-user }}" == "true" ]; then echo "trusted-users = root $USER" | tee -a ${NIX_EXTRA_CONF_FILE} fi if [ -n "$NIX_EXTRA_CONF" ]; then export NIX_INSTALLER_EXTRA_CONF="$(cat NIX_EXTRA_CONF_FILE")" echo "Set NIX_INSTALLER_EXTRA_CONF=$NIX_INSTALLER_EXTRA_CONF" fi if [ -n "${{ inputs.mac-encrypt }}" ]; then export NIX_INSTALLER_ENCRYPT=${{ inputs.mac-encrypt }} echo "Set NIX_INSTALLER_ENCRYPT=$NIX_INSTALLER_ENCRYPT" fi if [ -n "${{ inputs.mac-case-sensitive }}" ]; then export NIX_INSTALLER_CASE_SENSITIVE=${{ inputs.mac-case-sensitive }} echo "Set NIX_INSTALLER_CASE_SENSITIVE=$NIX_INSTALLER_CASE_SENSITIVE" fi if [ -n "${{ inputs.mac-volume-label }}" ]; then export NIX_INSTALLER_VOLUME_LABEL=${{ inputs.mac-volume-label }} echo "Set NIX_INSTALLER_VOLUME_LABEL=$NIX_INSTALLER_VOLUME_LABEL" fi if [ -n "${{ inputs.mac-root-disk }}" ]; then export NIX_INSTALLER_ROOT_DISK=${{ inputs.mac-root-disk }} echo "Set NIX_INSTALLER_ROOT_DISK=$NIX_INSTALLER_ROOT_DISK" fi if [ -n "${{ inputs.nix-installer-pr }}" ] && [ -n "${{ inputs.nix-installer-tag }}" ]; then echo "The nix-installer-pr and nix-installer-tag options conflict, please choose one" exit 1 fi if [ -n "${{ inputs.nix-installer-pr }}" ] && [ -n "${{ inputs.nix-installer-revision }}" ]; then echo "The nix-installer-pr and nix-installer-revision options conflict, please choose one" exit 1 fi if [ -n "${{ inputs.nix-installer-pr }}" ] && [ -n "${{ inputs.nix-installer-branch }}" ]; then echo "The nix-installer-pr and nix-installer-branch options conflict, please choose one" exit 1 fi if [ -n "${{ inputs.nix-installer-tag }}" ] && [ -n "${{ inputs.nix-installer-revision }}" ]; then echo "The nix-installer-tag and nix-installer-revision options conflict, please choose one" exit 1 fi if [ -n "${{ inputs.nix-installer-branch }}" ] && [ -n "${{ inputs.nix-installer-revision }}" ]; then echo "The nix-installer-branch and nix-installer-revision options conflict, please choose one" exit 1 fi if [ -n "${{ inputs.nix-installer-tag }}" ] && [ -n "${{ inputs.nix-installer-branch }}" ]; then echo "The nix-installer-tag and nix-installer-branch options conflict, please choose one" exit 1 fi if [ -n "${{ inputs.nix-installer-url }}" ] && [ -n "${{ inputs.nix-installer-pr }}" ]; then echo "The nix-installer-url and nix-installer-pr options conflict, please choose one" exit 1 fi if [ -n "${{ inputs.nix-installer-url }}" ] && [ -n "${{ inputs.nix-installer-tag }}" ]; then echo "The nix-installer-url and nix-installer-tag options conflict, please choose one" exit 1 fi if [ -n "${{ inputs.nix-installer-url }}" ] && [ -n "${{ inputs.nix-installer-branch }}" ]; then echo "The nix-installer-url and nix-installer-branch options conflict, please choose one" exit 1 fi if [ -n "${{ inputs.local-root }}" ]; then if [ "$RUNNER_OS" == "macOS" ]; then export PYTHON="python3" else export PYTHON="python" fi $PYTHON -m http.server --directory ${{ inputs.local-root }} --bind 0.0.0.0 8000 & export HTTP_PID=$! echo "Started simple http server for ${{ inputs.local-root }} on 0.0.0.0:8000" while (! (: /dev/null); do sleep 1 done export NIX_INSTALLER_FORCE_ALLOW_HTTP="1" echo "Set NIX_INSTALLER_FORCE_ALLOW_HTTP=$NIX_INSTALLER_FORCE_ALLOW_HTTP" export NIX_INSTALLER_URL=0.0.0.0:8000/nix-installer.sh echo "Set NIX_INSTALLER_URL=$NIX_INSTALLER_URL" export NIX_INSTALLER_BINARY_ROOT=http://0.0.0.0:8000/ echo "Set NIX_INSTALLER_BINARY_ROOT=$NIX_INSTALLER_BINARY_ROOT" export NIX_INSTALLER_FORCE_ALLOW_HTTP=1 echo "Set NIX_INSTALLER_FORCE_ALLOW_HTTP=$NIX_INSTALLER_FORCE_ALLOW_HTTP" else if [ -n "${{ inputs.nix-installer-url }}" ]; then export NIX_INSTALLER_URL=${{ inputs.nix-installer-url }} else if [ -n "${{ inputs.nix-installer-pr }}" ]; then export NIX_INSTALLER_URL=https://install.determinate.systems/nix/pr/${{ inputs.nix-installer-pr }} elif [ -n "${{ inputs.nix-installer-tag }}" ]; then export NIX_INSTALLER_URL=https://install.determinate.systems/nix/tag/${{ inputs.nix-installer-tag }} elif [ -n "${{ inputs.nix-installer-revision }}" ]; then export NIX_INSTALLER_URL=https://install.determinate.systems/nix/rev/${{ inputs.nix-installer-revision }} elif [ -n "${{ inputs.nix-installer-branch }}" ]; then export NIX_INSTALLER_URL=https://install.determinate.systems/nix/branch/${{ inputs.nix-installer-branch }} else export NIX_INSTALLER_URL=https://install.determinate.systems/nix fi fi echo "Set NIX_INSTALLER_URL=$NIX_INSTALLER_URL" fi if [ -n "${{ inputs.logger }}" ]; then export NIX_INSTALLER_LOGGER=${{ inputs.logger }} echo "Set NIX_INSTALLER_LOGGER=$NIX_INSTALLER_LOGGER" fi if [ -n "${{ inputs.init }}" ]; then export NIX_INSTALLER_INIT=${{ inputs.init }} echo "Set NIX_INSTALLER_INIT=$NIX_INSTALLER_INIT" fi if [ -n "${{ inputs.start-daemon }}" ]; then export NIX_INSTALLER_START_DAEMON=${{ inputs.start-daemon }} echo "Set NIX_INSTALLER_START_DAEMON=$NIX_INSTALLER_START_DAEMON" fi if [ -n "${{ inputs.log-directives }}" ]; then export NIX_INSTALLER_LOG_DIRECTIVES=${{ inputs.log-directives }} echo "Set NIX_INSTALLER_LOG_DIRECTIVES=$NIX_INSTALLER_LOG_DIRECTIVES" fi if [ -n "${{ inputs.backtrace }}" ]; then export RUST_BACKTRACE=${{ inputs.backtrace }} echo "Set RUST_BACKTRACE=$RUST_BACKTRACE" fi if [ -n "${{ inputs.diagnostic-endpoint }}" ]; then export NIX_INSTALLER_DIAGNOSTIC_ENDPOINT="${{ inputs.diagnostic-endpoint }}" echo "Set NIX_INSTALLER_DIAGNOSTIC_ENDPOINT=$NIX_INSTALLER_DIAGNOSTIC_ENDPOINT" fi export NIX_INSTALLER_NO_CONFIRM=true echo "Set NIX_INSTALLER_NO_CONFIRM=$NIX_INSTALLER_NO_CONFIRM" curl --retry 20 -L $NIX_INSTALLER_URL | sh -s -- install ${{ inputs.planner }} ${{ inputs.extra-args }} if [ -n "$HTTP_PID" ]; then kill $HTTP_PID fi