eblume/blumeops
1
1
Fork 0
Code Issues Pull requests Projects Releases 83 Packages Wiki Activity Actions
blumeops/docs/how-to/zot/install-dagger-on-nix-runner.md
Erich Blume e0d5f28147 Add dagger to nix-container-builder runner (#234) 
## Summary
- Add `dagger` to `hostPackages` for the ringtail nix-container-builder runner
- Needed for `dagger call nix-version` fallback in the nix build workflow (authentik)
- `hostPackages` is scoped to the runner's systemd unit PATH, not system-wide
- Marks `install-dagger-on-nix-runner` Mikado card complete

## Deployment and Testing
- [ ] Merge, then `mise run provision-ringtail`
- [ ] `mise run container-build-and-release authentik` to verify nix build succeeds

Reviewed-on: https://forge.ops.eblu.me/eblume/blumeops/pulls/234
2026-02-20 23:09:01 -08:00

1.3 KiB
Raw Blame History

title modified tags
Install Dagger on Nix Runner 2026-02-20
how-to
ci
zot

Install Dagger on Nix Runner

Install the Dagger CLI on the ringtail nix-container-builder runner so that the nix container build workflow can use dagger call nix-version to extract package versions from nixpkgs.

Context

The build-container-nix.yaml workflow extracts container versions in this order:

  1. version = "..." from default.nix (e.g. ntfy)
  2. ARG CONTAINER_APP_VERSION= from Dockerfile (e.g. nettest)
  3. dagger call nix-version --package=<name> for nixpkgs packages (e.g. authentik)

Step 3 fails on the ringtail nix runner because dagger is not installed. The runner currently only has nix, skopeo, and jq.

What to Do

  1. Add dagger to the ringtail nix runner environment in nixos/ringtail/configuration.nix (or equivalent)
  2. Verify dagger is available in the runner's PATH
  3. Re-run mise run container-build-and-release authentik to confirm the nix build succeeds

Verification

  • ssh ringtail 'which dagger' returns a path
  • Authentik nix build workflow completes successfully
  • dagger call nix-version --package=authentik works on the runner

Related