Home

Awesome

The Determinate Nix Installer Action

Based on the Determinate Nix Installer, responsible for over tens of thousands of Nix installs daily. The fast, friendly, and reliable GitHub Action to install Nix with Flakes.

Supports

Usage

on:
  pull_request:
  push:
    branches: [main]

jobs:
  lints:
    name: Build
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: DeterminateSystems/nix-installer-action@main
      - run: nix build .

With FlakeHub

To fetch private flakes from FlakeHub and Nix builds from FlakeHub Cache, update the permissions block and pass determinate: true:

on:
  pull_request:
  push:
    branches: [main]

jobs:
  lints:
    name: Build
    runs-on: ubuntu-latest
    permissions:
      id-token: "write"
      contents: "read"
    steps:
      - uses: actions/checkout@v4
      - uses: DeterminateSystems/nix-installer-action@main
        with:
          determinate: true
      - run: nix build .

See .github/workflows/ci.yml for a full example.

Advanced Usage

Installation Differences

Differing from the upstream Nix installer scripts:

Configuration

ParameterDescriptionTypeDefault
backtraceThe setting for RUST_BACKTRACEstring
determinateWhether to install Determinate Nix and log in to FlakeHub for private Flakes and binary caches.Booleanfalse
extra-argsExtra arguments to pass to the planner (prefer using structured with: arguments unless using a custom planner!)string
extra-confExtra configuration lines for /etc/nix/nix.conf (includes access-tokens with secrets.GITHUB_TOKEN automatically if github-token is set)string
flakehubDeprecated. Implies determinate.Booleanfalse
force-docker-shimForce the use of Docker as a process supervisor. This setting is automatically enabled when necessary.Booleanfalse
github-tokenA GitHub token for making authenticated requests (which have a higher rate-limit quota than unauthenticated requests)string${{ github.token }}
github-server-urlThe URL for the GitHub server, to use with the github-token token. Defaults to the current GitHub server, supporting GitHub Enterprise Server automatically. Only change this value if the provided github-token is for a different GitHub server than the current server.string${{ github.server }}
initThe init system to configure (requires planner: linux-multi)enum (none or systemd)
kvmAutomatically configure the GitHub Actions Runner for NixOS test support, if the host supports it.Booleantrue
local-rootA local nix-installer binary root. Overrides the nix-installer-url setting (a nix-installer.sh should exist, binaries should be named nix-installer-$ARCH, eg. nix-installer-x86_64-linux).Booleanfalse
log-directivesA list of tracing directives, comma separated with -s replaced with _ (eg. nix_installer=trace)string
loggerThe logger to use during installationenum (pretty, json, full, compact)
mac-case-sensitiveUse a case-sensitive volume (planner: macos only)Booleanfalse
mac-encryptForce encryption on the volume (planner: macos only)Booleanfalse
mac-root-diskThe root disk of the target (planner: macos only)string
mac-volume-labelThe label for the created APFS volume (planner: macos only)string
modify-profileModify the user profile to automatically load NixBooleanfalse
nix-build-group-idThe Nix build group GIDinteger
nix-build-group-nameThe Nix build group namestring
nix-build-user-baseThe Nix build user base UID (ascending)integer
nix-build-user-countThe number of build users to createinteger32
nix-build-user-prefixThe Nix build user prefix (user numbers will be postfixed)string
source-branchThe branch of nix-installer to use (conflicts with the source-tag, source-revision, and source-branch)string
source-prThe pull request of nix-installer to use (conflicts with source-tag, source-revision, and source-branch)integer
source-revisionThe revision of nix-installer to use (conflicts with source-tag, source-branch, and source-pr)string
source-tagThe tag of nix-installer to use (conflicts with source-revision, source-branch, source-pr)string
source-urlA URL pointing to the nix-installer binaryURLn/a (calculated)
nix-package-urlThe Nix package URLURL
plannerThe installation planner to useenum (linux or macos)
reinstallForce a reinstall if an existing installation is detected (consider backing up /nix/store)Booleanfalse
start-daemonIf the daemon should be started, requires planner: linux-multiBooleanfalse
trust-runner-userWhether to make the runner user trusted by the Nix daemonBooleantrue
diagnostic-endpointDiagnostic endpoint url where the installer sends install diagnostic reports to, to disable set this to an empty stringstringhttps://install.determinate.systems/nix-installer/diagnostic
proxyThe proxy to use (if any), valid proxy bases are https://$URL, http://$URL and socks5://$URLstring
ssl-cert-fileAn SSL cert to use (if any), used for fetching Nix and sets NIX_SSL_CERT_FILE for Nixstring