Skip to content

github DynamicUser cannot access nix-daemon #473

New issue
New issue
Closed
Closed
github DynamicUser cannot access nix-daemon#473
@siriobalmelli

Description

@siriobalmelli
siriobalmelli
opened on Jul 31, 2024

Running the following workflow file: https://github.com/siriobalmelli-foss/ci-test/blob/main/.github/workflows/aarch64-nix.yml

With the following role config:

  roles.github-actions-runner = {
    url = "https://github.com/siriobalmelli-foss";
    count = 1;
    name = "ghrunner";
    githubApp = {
      id = "<ELIDED>";
      login = "<ELIDED>";
      privateKeyFile = config.sops.secrets.github.path;
    };
    cachix.cacheName = "siriobalmelli-nixpkgs";
    cachix.tokenFile = config.sops.secrets.cachix.path;
  };

Gives the following error:

user 'ghrunner-1' is not allowed to connect to the Nix daemon

I can work around this by adding:

nix.settings.allowed-users = ["ghrunner-1"];

I'm pretty sure the DynamicUser being created should be able to access nix-daemon, correct?

I'm unsure however whether I would try to rework

srvos/nixos/modules/github-runners/default.nix

Line 58 in 1f867a5

systemd.services = flip mapAttrs' cfg (
so that it adds an entry to nix.settings.allowed-users or whether I should take another approach; any suggestions welcome.

For context, this seems related to #50

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions