eblume/blumeops
1
1
Fork 0
Code Issues Pull requests Projects Releases 83 Packages Wiki Activity Actions
blumeops/docs/how-to/zot/install-dagger-on-nix-runner.md
Erich Blume e0d5f28147 Add dagger to nix-container-builder runner (#234) 
## Summary
- Add `dagger` to `hostPackages` for the ringtail nix-container-builder runner
- Needed for `dagger call nix-version` fallback in the nix build workflow (authentik)
- `hostPackages` is scoped to the runner's systemd unit PATH, not system-wide
- Marks `install-dagger-on-nix-runner` Mikado card complete

## Deployment and Testing
- [ ] Merge, then `mise run provision-ringtail`
- [ ] `mise run container-build-and-release authentik` to verify nix build succeeds

Reviewed-on: https://forge.ops.eblu.me/eblume/blumeops/pulls/234
2026-02-20 23:09:01 -08:00

39 lines
1.3 KiB
Markdown
Raw Blame History

---
title: Install Dagger on Nix Runner
modified: 2026-02-20
tags:
- how-to
- ci
- zot
---
# Install Dagger on Nix Runner
Install the Dagger CLI on the ringtail nix-container-builder runner so that the nix container build workflow can use `dagger call nix-version` to extract package versions from nixpkgs.
## Context
The `build-container-nix.yaml` workflow extracts container versions in this order:
1. `version = "..."` from `default.nix` (e.g. ntfy)
2. `ARG CONTAINER_APP_VERSION=` from Dockerfile (e.g. nettest)
3. `dagger call nix-version --package=<name>` for nixpkgs packages (e.g. authentik)
Step 3 fails on the ringtail nix runner because dagger is not installed. The runner currently only has nix, skopeo, and jq.
## What to Do
1. Add `dagger` to the ringtail nix runner environment in `nixos/ringtail/configuration.nix` (or equivalent)
2. Verify `dagger` is available in the runner's PATH
3. Re-run `mise run container-build-and-release authentik` to confirm the nix build succeeds
## Verification
- [ ] `ssh ringtail 'which dagger'` returns a path
- [ ] Authentik nix build workflow completes successfully
- [ ] `dagger call nix-version --package=authentik` works on the runner
## Related
- [[adopt-commit-based-container-tags]] — Parent card
- [[harden-zot-registry]] — Root goal
Reference in a new issue View git blame Copy permalink