From 514a797067f2fb86575f84f71a9147efee8c3c88 Mon Sep 17 00:00:00 2001
From: Erich Blume <blume.erich@gmail.com>
Date: Thu, 19 Feb 2026 08:04:42 -0800
Subject: [PATCH] Fix nix container build: resolve nixpkgs from flake registry

The runner service doesn't have NIX_PATH set, so <nixpkgs> fails.
Add a step to resolve nixpkgs from the flake registry and set NIX_PATH.
Also switch to nix-build (legacy CLI) and stop hardcoding aarch64-linux
in default.nix.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 .forgejo/workflows/build-container-nix.yaml | 14 +++++++++++++-
 containers/nettest/default.nix              |  2 +-
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/.forgejo/workflows/build-container-nix.yaml b/.forgejo/workflows/build-container-nix.yaml
index b3d1d57..82bafff 100644
--- a/.forgejo/workflows/build-container-nix.yaml
+++ b/.forgejo/workflows/build-container-nix.yaml
@@ -66,13 +66,25 @@ jobs:
           echo ""
           echo "Skipping build."
 
+      - name: Resolve nixpkgs
+        if: steps.check.outputs.exists == 'true'
+        id: nixpkgs
+        run: |
+          # Resolve nixpkgs from the flake registry for <nixpkgs> lookup
+          NIXPKGS_PATH=$(nix flake metadata nixpkgs --json | jq -r '.path')
+          echo "Resolved nixpkgs: $NIXPKGS_PATH"
+          echo "path=$NIXPKGS_PATH" >> "$GITHUB_OUTPUT"
+
       - name: Build with nix
         if: steps.check.outputs.exists == 'true'
         id: build
+        env:
+          NIX_PATH: "nixpkgs=${{ steps.nixpkgs.outputs.path }}"
         run: |
           CONTAINER="${{ steps.parse.outputs.container }}"
           echo "Building containers/$CONTAINER/default.nix"
-          nix build -f "containers/$CONTAINER/default.nix" -o result
+          echo "NIX_PATH=$NIX_PATH"
+          nix-build "containers/$CONTAINER/default.nix" -o result
           echo "Build complete: $(readlink result)"
 
       - name: Push to registry
diff --git a/containers/nettest/default.nix b/containers/nettest/default.nix
index 1739c41..d92520b 100644
--- a/containers/nettest/default.nix
+++ b/containers/nettest/default.nix
@@ -1,7 +1,7 @@
 # Nix-built nettest container
 # Equivalent to the Dockerfile: curl, jq, bind (nslookup), ca-certs, bash
 # Built with dockerTools.buildLayeredImage for efficient layer caching
-{ pkgs ? import <nixpkgs> { system = "aarch64-linux"; } }:
+{ pkgs ? import <nixpkgs> { } }:
 
 let
   testScript = ./test-connectivity.sh;