From a38e4cc9c1c4e840b40eda70e8edc9b3bad92c20 Mon Sep 17 00:00:00 2001
From: Kiara Grouwstra <kiara@procolix.eu>
Date: Wed, 2 Jul 2025 21:05:44 +0200
Subject: [PATCH] try and recreate the container from icewind

see:
https://icewind.nl/entry/gitea-actions-nix/#using-nix-to-build-our-nix-image

> Error: crun: cannot find `` in $PATH: No such file or directory: OCI
runtime attempted to invoke a command that was not found
---
 .../dev/forgejo-ci/forgejo-actions-runner.nix | 59 ++++++++++++++++++-
 npins/sources.json                            | 16 +++++
 2 files changed, 74 insertions(+), 1 deletion(-)

diff --git a/machines/dev/forgejo-ci/forgejo-actions-runner.nix b/machines/dev/forgejo-ci/forgejo-actions-runner.nix
index bb6928cc..00931791 100644
--- a/machines/dev/forgejo-ci/forgejo-actions-runner.nix
+++ b/machines/dev/forgejo-ci/forgejo-actions-runner.nix
@@ -1,4 +1,12 @@
-{ pkgs, config, ... }:
+{
+  pkgs,
+  config,
+  # sources,
+  ...
+}:
+let
+  sources = import ../../../npins;
+in
 
 {
   _class = "nixos";
@@ -44,4 +52,53 @@
 
   ## For the Docker mode of the runner.
   virtualisation.docker.enable = true;
+  virtualisation.oci-containers.containers."buildResult" =
+    let
+      name = "nix-runner";
+      tag = "latest";
+      base = import (sources.nix + "/docker.nix") {
+        inherit pkgs;
+        name = "nix-ci-base";
+        maxLayers = 10;
+        extraPkgs = with pkgs; [
+          nodejs_20 # nodejs is needed for running most 3rdparty actions
+          # add any other pre-installed packages here
+        ];
+        # change this is you want
+        channelURL = "https://nixos.org/channels/nixpkgs-23.05";
+        nixConf = {
+          substituters = [
+            "https://cache.nixos.org/"
+            "https://nix-community.cachix.org"
+            # insert any other binary caches here
+          ];
+          trusted-public-keys = [
+            "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
+            "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+            # insert the public keys for those binary caches here
+          ];
+          # allow using the new flake commands in our workflows
+          experimental-features = [
+            "nix-command"
+            "flakes"
+          ];
+        };
+      };
+    in
+    {
+      devices = [ "/dev/kvm:/dev/kvm" ];
+      image = "${name}:${tag}";
+      # https://icewind.nl/entry/gitea-actions-nix/
+      imageFile = pkgs.dockerTools.buildImage {
+        inherit name tag;
+        fromImage = base;
+        fromImageName = null;
+        fromImageTag = "latest";
+        copyToRoot = pkgs.buildEnv {
+          name = "image-root";
+          paths = [ pkgs.coreutils-full ];
+          pathsToLink = [ "/bin" ]; # add coreutils (which includes sleep) to /bin
+        };
+      };
+    };
 }
diff --git a/npins/sources.json b/npins/sources.json
index ea9606bd..e656d36d 100644
--- a/npins/sources.json
+++ b/npins/sources.json
@@ -125,6 +125,22 @@
       "url": "https://api.github.com/repos/bigskysoftware/htmx/tarball/v2.0.4",
       "hash": "1c4zm3b7ym01ijydiss4amd14mv5fbgp1n71vqjk4alc35jlnqy2"
     },
+    "nix": {
+      "type": "GitRelease",
+      "repository": {
+        "type": "GitHub",
+        "owner": "nixos",
+        "repo": "nix"
+      },
+      "pre_releases": false,
+      "version_upper_bound": null,
+      "release_prefix": null,
+      "submodules": false,
+      "version": "2.29.1",
+      "revision": "82debf3b591578eb2e7b151d2589626fad1679a2",
+      "url": "https://api.github.com/repos/nixos/nix/tarball/2.29.1",
+      "hash": "1xj5wawjw99qsyqfm3x02aydcg39rjksphnqg163plknifbzf8mc"
+    },
     "nix-unit": {
       "type": "Git",
       "repository": {