Try to use nixos host runner

.gitea/workflows/build.yaml

@@ -16,7 +16,7 @@ env:
 jobs:
   build-and-push:
     # We use the standard ubuntu-latest to build our custom runner
-    runs-on: ubuntu-latest 
+    runs-on: nixos
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
@@ -29,13 +29,10 @@ jobs:
           username: ${{ secrets.CONTAINER_REGISTRY_GITEA_USERNAME }}
           password: ${{ secrets.CONTAINER_REGISTRY_GITEA_PASSWORD }}
 
-      - name: Set up Docker Buildx
+      - name: Build container image
-        uses: docker/setup-buildx-action@v3
+        run: |
+          docker build . -t ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
 
-      - name: Build and push Docker image
+      - name: Push container image
-        uses: docker/build-push-action@v5
+        run: |
-        with:
+          docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
-          context: .
-          push: true
-          tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
-          provenance: false

Dockerfile

@@ -1,24 +1,34 @@
-# Start with a official gitea runner image based on ubuntu with node installed
+# Start with an official gitea runner image based on ubuntu with node installed
 FROM docker.gitea.com/runner-images:ubuntu-latest-slim
 
+# Explicitly set the USER environment variable (expected by the Nix installer)
+ENV USER=root
+
 # Install system dependencies
 RUN apt-get update && \
-    apt-get install -y sudo bash jq xz-utils curl && \
+    apt-get install -y sudo bash jq xz-utils curl git ca-certificates && \
     apt-get clean && \
     rm -rf /var/lib/apt/lists/*
 
-# Install Nix as a multi-user installation
+# Pre-configure Nix: 
-RUN curl -L https://nixos.org/nix/install | sh -s -- --daemon
+# 1. Enable flakes
-ENV PATH="/nix/var/nix/profiles/default/bin:$PATH"
+# 2. Disable build-users-group (Fixes the missing 'nixbld' group error for root installs)
-
+# 3. Add devenv substituters for fast compiling
-# Enable flakes and nix-command
 RUN mkdir -p /etc/nix && \
-    echo "experimental-features = nix-command flakes" >> /etc/nix/nix.conf
+    echo "experimental-features = nix-command flakes" > /etc/nix/nix.conf && \
+    echo "build-users-group =" >> /etc/nix/nix.conf && \
+    echo "extra-substituters = https://devenv.cachix.org" >> /etc/nix/nix.conf && \
+    echo "extra-trusted-public-keys = devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw=" >> /etc/nix/nix.conf && \
+    echo "trusted-users = root" >> /etc/nix/nix.conf
 
-# Install devenv (the Nix way, not the apt-get way)
+# Install Nix in single-user mode (--no-daemon)
-RUN nix profile add nixpkgs#devenv
+RUN curl -L https://nixos.org/nix/install | sh -s -- --no-daemon
 
-# Cleanup, otherwise nix panicks
+# Update PATH so subsequent RUN commands and the final container can find Nix
-RUN rm -rf /homeless-shelter
+ENV PATH="/root/.nix-profile/bin:/nix/var/nix/profiles/default/bin:$PATH"
+
+# Install devenv using the modern flake URL and clean up build garbage
+RUN nix profile install --accept-flake-config github:cachix/devenv/latest && \
+    nix-collect-garbage -d
 
 CMD ["/bin/bash"]

Readme.md

@@ -11,10 +11,11 @@ Running standard Nix commands inside unprivileged Docker containers (which Gitea
 This project solves all of the above by baking everything into a single, clean base image.
 
 ## ✨ Features
-* **Base:** Official `cachix/devenv:latest` (Nix and Devenv pre-installed, flakes enabled).
+* **Base:** Official `docker.gitea.com/runner-images:ubuntu-latest-slim` 
 * **Actions Compatible:** Pre-loaded with `nodejs`, `bash`, and `jq` so standard GitHub/Gitea Actions execute flawlessly.
 * **Privilege Escalation:** Configured with passwordless `sudo` for smooth CI execution.
 * **Pre-cleaned:** The `/homeless-shelter` artifact is purged during the build, guaranteeing a pure Nix environment out-of-the-box.
+* **devenv available:** [devenv](https://devenv.sh/) is already installed and ready to use
 
 ## 🚀 Usage in your CI/CD
 
@@ -33,22 +34,16 @@ jobs:
     # 1. Point the runner to use this custom image
     container:
       image: gitlab.julian-mutter.de/julian/nix-ci-runner:latest
-      # Provide credentials if your registry is private
-      credentials:
-        username: ${{ github.actor }}
-        password: ${{ secrets.GITHUB_TOKEN }}
         
     steps:
       # Node.js is pre-installed, so standard actions work instantly
       - name: Checkout repository
         uses: actions/checkout@v4
       
-      # Optional: Add caching (nix-community/cache-nix-action) here
-      
       # 2. Run your Nix commands natively
       - name: Build Flake
         run: nix build .#default
 ```
 
 ## 🔄 Maintenance
-This repository contains a scheduled Gitea Action that runs **every Sunday**. It automatically pulls the latest `devenv` base image, reinstalls the dependencies, and pushes a fresh `latest` tag to the registry. Your pipelines will always have up-to-date Nix packages without manual intervention.
+This repository contains a scheduled Gitea Action that runs **every Sunday**. It automatically pulls the latest base image, reinstalls the dependencies, and pushes a fresh `latest` tag to the registry. Your pipelines will always have up-to-date Nix packages without manual intervention.