nix daemon doesn't have access to nix binaries itself

[flokli]

I invoke some nix commands in a script that post-build-hook in extra_nix_config is pointing to.

The post-build-hook is executed via the nix-daemon, as the installer uses a multi-user installation.

On NixOS, the nix-daemon system units are configured to have config.nix.package in $PATH, so this works.

It seems this isn't the case with this action - nix-build, nix etc. are not in $PATH.

[domenkozar]

It uses the official installer, so whatever the official systemd service does is what this action uses.

[flokli]

So it might be a bug in the installer?

[domenkozar]

It doesn't seem to have Nix binaries available: https://github.com/NixOS/nix/blob/master/misc/systemd/nix-daemon.service.in

[domenkozar]

NixOS comes with the following overrides:

[Unit]
RequiresMountsFor=/nix/store
X-Restart-Triggers=/nix/store/6298945a8azrxdfansfvdl4cv3743f58-nix.conf

[Service]
Environment="CURL_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt"
Environment="LOCALE_ARCHIVE=/nix/store/77iwp66553657gnsmbx66y4gbpsmvpih-glibc-locales-2.32-46/lib/locale/locale-archive"
Environment="PATH=/nix/store/c6i8vi1lsd3xw7xyrn8m5506xyw9vq3x-nix-2.3.11/bin:/nix/store/vi31knminzfdjf7i9wvandfm8m2szyy1-util-linux-2.36.2-bin/bin:/nix/store/hwn402phsma03a8y52ixf7hsz1fc4f0a-openssh-8.6p1/bin:/nix/store/0vkw1m51q34dr64z5i87dy99an4hfmyg-coreutils-8.32/bin:/nix/store/j1pkn9109012wwi992xnfj53razgbdvm-findutils-4.7.0/bin:/nix/store/0i6vphc3vnr8mg0gxjr61564hnp0s2md-gnugrep-3.6/bin:/nix/store/s7crpcbda751bx87jyrf989ln8l6vbg3-gnused-4.8/bin:/nix/store/ss3pnkjknb8bc9ljdyy9wn00n0y7bxhp-systemd-247.6/bin:/nix/store/c6i8vi1lsd3xw7xyrn8m5506xyw9vq3x-nix-2.3.11/sbin:/nix/store/vi31knminzfdjf7i9wvandfm8m2szyy1-util-linux-2.36.2-bin/sbin:/nix/store/hwn402phsma03a8y52ixf7hsz1fc4f0a-openssh-8.6p1/sbin:/nix/store/0vkw1m51q34dr64z5i87dy99an4hfmyg-coreutils-8.32/sbin:/nix/store/j1pkn9109012wwi992xnfj53razgbdvm-findutils-4.7.0/sbin:/nix/store/0i6vphc3vnr8mg0gxjr61564hnp0s2md-gnugrep-3.6/sbin:/nix/store/s7crpcbda751bx87jyrf989ln8l6vbg3-gnused-4.8/sbin:/nix/store/ss3pnkjknb8bc9ljdyy9wn00n0y7bxhp-systemd-247.6/sbin"
Environment="TZDIR=/nix/store/bjxkrk1pd65z5gz5y62jyqdsjkicvvck-tzdata-2020f/share/zoneinfo"



IOSchedulingPriority=0
LimitNOFILE=4096
Nice=0

[flokli]

Hmmh, I wonder if at least the unit files provided by the multi-user installer should ensure nix[-*] is in $PATH - I'd really expect that.

In any case, that's a bug in the installer, not the GH action - so closing here. Thanks for the digging!

[flokli]

I opened NixOS/nix#4902 upstream.

[adrian-gierakowski]

just ran into this

@flokli how did you solve it? I guess I can use full path to nix executable when creating to post-build-hook script, but wondering if there are any other clever solutions?

[flokli]

The answer is probably not gonna help much - I switched my workflows to dedicated CI runners and have Nix already installed on them (via NixOS) 😉

[adrian-gierakowski]

Thanks. I’ve got a self hosted NixOS based runner but also need to run some odd jobs on macOS and can’t be bothered to setup a self hosted runner for it.