Install nix in Github Action self-hosted runner in Kubernetes (no `sudo`)

[expelledboy]

Hi, I dont see exactly how I can use this github action within a kube pod. It requires sudo, which you can not install in kubernetes.

`nix-installer` needs to run as `root`, attempting to escalate now via `sudo`...
sudo: The "no new privileges" flag is set, which prevents sudo from running as root.

Run DeterminateSystems/nix-installer-action@main
  with:
    init: systemd
    kvm: false
    determinate: false
    flakehub: false
    force-docker-shim: false
    github-token: ***
    github-server-url: https://github.com
    job-status: success
    modify-profile: true
    reinstall: false
    start-daemon: true
    diagnostic-endpoint: -
    trust-runner-user: true
    _internal-strict-mode: false
  env:
    LIB_PATH: java/domain-logger
Enabling the Docker shim for running Nix on Linux in CI without Systemd.
  Changing init from 'systemd' to 'none'
  Changing planner from 'null' to 'linux'
Installing Nix
Downloading nix-installer for x86_64-linux
  Fetching from https://us-east-[2](https://github.com/Paymentology/domain-logger/actions/runs/12989827031/job/36223643414#step:5:2).swim.install.determinate.systems/nix-installer/stable/x86_64-linux
  Received 0 of [3](https://github.com/Paymentology/domain-logger/actions/runs/12989827031/job/36223643414#step:5:3)5441698 (0.0%), 0.0 MBs/sec
  Cache Size: ~3[4](https://github.com/Paymentology/domain-logger/actions/runs/12989827031/job/36223643414#step:5:4) MB (35441698 B)
  /usr/bin/tar -xf /home/runner/_work/_temp/839bd99d-6391-4beb-81f1-[5](https://github.com/Paymentology/domain-logger/actions/runs/12989827031/job/36223643414#step:5:5)014913dea5c/cache.tzst -P -C /home/runner/_work/_temp/nix-installer-a4ffe08e-b5ab-47bc-9534-[6](https://github.com/Paymentology/domain-logger/actions/runs/12989827031/job/36223643414#step:5:6)b0c74f30b11 --use-compress-program unzstd
  Cache restored successfully
  
/home/runner/_work/_temp/nix-installer-a4ffe08e-b5ab-4[7](https://github.com/Paymentology/domain-logger/actions/runs/12989827031/job/36223643414#step:5:7)bc-9534-6b0c74f30b11/nix-installer install linux
 INFO nix-installer v0.34.0
`nix-installer` needs to run as `root`, attempting to escalate now via `sudo`...
sudo: The "no new privileges" flag is set, which prevents sudo from running as root.
sudo: If sudo is running in a container, you may need to adjust the container configuration to disable the flag.
Error: Error: The process '/home/runner/_work/_temp/nix-installer-a4ffe0[8](https://github.com/Paymentology/domain-logger/actions/runs/12989827031/job/36223643414#step:5:8)e-b5ab-47bc-9534-6b0c74f30b11/nix-installer' failed with exit code 1
Received 354416[9](https://github.com/Paymentology/domain-logger/actions/runs/12989827031/job/36223643414#step:5:9)8 of 35441698 (100.0%), 16.9 MBs/sec

What configuration do I need to add to allow me to install nix without sudo?

[grahamc]

Hi @expelledboy, unfortunately installing Nix typically requires root because of what it needs to do with the filesystem (creating a /nix directory, managing cgroup isolation, etc.) Can you describe your environment a bit more?

[expelledboy]

The issue is installing nix both on ubuntu runners in github CI pipelines, and then using the same deployment pipelines in kubernetes production environments.