Since I see more people using gitea actions runner to build nix projects,
I wanted to share the gitea setup that we use in the clan project:
- While it’s possible to not have containers, they are currently the only way to protect the gitea actions runner token from the CI build (this is important if you accept pull requests)
- Our approach builds a minimal docker container from pure nixos configuration that only contains some configuration, than it mounts the host nix store and the nix daemon into this container into it.
- For bigger projects it can be quite slow to evaluate with just using nix-build. Instead we run nix-fast-build for parallel evaluation (builds can also start while evaluation is still in process)