NixCon 2024
Keynote
Cover the dynamic landscape of Nix's growth, innovation, and future possibilities. This session will provide a comprehensive overview of the major milestones Nix has achieved over the past year, the challenges we've faced, and the exciting developments on the horizon together with various Nix community leads!
We know how daunting it can be to start hacking with/on Nix.
Let's teach you the first steps on your road to declarative greatness in this lecture style workshop.
A quick overview of https://github.com/numtide/nixos-facter, discussing why it was created and the problems it aims to solve.
In this talk, we take a look at the Kubenix project. Using Kubenix, you can generate Kubernetes manifests with Nix. We will dive into the technical details how Kubenix uses Kubernetes' OpenAPI spec to generate NixOS modules. I will also show you how to use Kubenix to deploy resources in your own cluster. No more templating YAML!
Or: how I stopped worrying and learned to love docker images
Tvix is a modern design and implementation of the Nix package manager (GPLv3). It brings a modular architecture in which components such as the build environment or package store are replaceable, which enables new use-cases and platforms.
Self-hosting services empowers you with greater control and flexibility over your data. However, maintaining such systems today often comes with significant technical challenges, including firewall/NAT configuration, data loss prevention, and security management.
The Clan project aims to lower the technical barriers of self-hosting with NixOS, making it accessible even to non-technical users. Our goal is to simplify the installation and maintenance of NixOS machines.
In this talk, we will present the new NixOS extensions we've developed to scale self-hosting, including VPN integration, backup management, secret management, a unified CLI for installation and updates, and an inventory system for managing clusters of machines.
We will also provide a sneak preview of the upcoming graphical user interface.
Nix and similar systems are based on hashing their inputs.
I took a really close look at how this works, and I'd like to help you understand it better as well.
This talk explores the application of Nix's deterministic build principles to firmware development, with a special focus on integrating hardware-in-the-loop (HIL) testing into CI/CD pipelines. We'll discuss how Nix can enhance firmware reliability, security, and reproducibility by ensuring consistent builds across different environments.
In this hands-on workshop, we’ll take a deep dive into the powerful NixOS Integration Test Driver and its capabilities. Over the course of two hours, you’ll learn how to leverage the test driver to simulate complex networked environments with multiple NixOS hosts and different virtual networks. We’ll also explore the interactive mode for debugging and present best practices to avoid flaky tests, ensuring reliable results in real-world scenarios. If you’re looking to enhance your NixOS testing expertise and streamline your CI/CD pipelines, this session is for you!
In cloud-based development environments, flexibility and on-demand access to the right tools are essential. While many people think of Nix in terms of reproducibility, I use it in a different, somewhat weird way—to get exactly what I need, when I need it.
In this talk, I’ll demonstrate how Nix can be a "Swiss Army knife" in GitHub Codespaces, allowing me to manage complex development environments on the fly without much burden. This talk will use Codespaces as an example, but the same techniques can be applied to any remote environment.
Join me in a discovery of how Nix saved my day many times when contributing on many projects I don't normally work on.
In this talk you will learn best practices on how to build your own NixOS images and securely deploy them using autosaling groups, IAM roles and AWS Systems Manager , terraform and GitHub actions as an alternative to NixOps
We want to show the community https://github.com/Thymis-io/thymis which is a web front-end for managing multiple NixOS devices.
In this talk, we will explore nix-bitcoin, a project that leverages the power of NixOS to simplify the deployment and management of Bitcoin nodes securely.
During the presentation, we will see how to use krops to deploy NixOS systems
Looking for work? Looking for someone to work for you? This is the place to meet
Looking for a maintainer for a project? Want to maintain a project? This can also be done here!
The key principles Nix is built on are great for supply chain security.
Those principles could take us much further, if we extended or replaced the signatures that provide transport security for binary caches today, in favor of a more powerful mechanism.
A mechanism that works end to end from builder to user, includes provenance data about the builder, and ideally makes that provenance data verifiable.
Presenting the C API to Nix
Started during a Mob-programming session at NixCon 2023,
buildbot-nix has evolved into a full-featured CI/CD system for Nix, based on Buildbot.
Buildbot is a mature continuous integration framework used by major software projects such as Python, LLVM, and OpenZFS.
Buildbot-nix introduces a zero-configuration setup for flake-based repositories, featuring parallel evaluation, binary cache integration, build failure caching, Gitea/GitHub integration, and continuous deployment support based on Hercules-CI effects.
We have deployed buildbot-nix in the nix-community GitHub organization to provide fast CI for numerous projects.
In this talk, we will showcase the current features we support and share our plans for the next year.
nix-make[1] is a C and C++ build system supporting incremental compilation. It
implements a thin layer of dependency graph construction in nixlang and lets
Nix do the heavy lifting.
[1] https://codeberg.org/tobim/nix-make
Block for lightning talks with minimal break in between. Order will be determined shortly before it starts, and every speaker should be present at the beginning of the talk!
Join us for a 25 minute panel conversation with the NCA members who drove the latest improvements and evolution of Nix governance. We will cover key topics, take questions live and reach out to the community ahead of time for top questions!
This talk provides a roadmap toward becoming a Nixpkgs contributor. The format will be a discussion and demonstration.
A Meeting for the Wiki Users, Admins, Moderators
Nix build expressions will often rely on other expressions as dependencies, most commonly Nixpkgs. However, those could be modified by machine-in-the-middle attacks. Providing users with the means to verify cryptographic signatures on expressions could relieve this attack vector and strengthen Nix' resilience.
This talk will discuss update verification for Nix and NixOS with a focus on Git signatures. It will explain Guix' authentication mechanism and RFC 100 as an attempt to bring it to Nixpkgs. Subsequently, it will sketch out potential paths forward, considering use cases and additional burdens on developers.
Since a Nix derivation can be anything, from a text file up to a directory tree, then what's stopping us from implementing a static site generator using Nix? Certainly not the police!
I've been using Nix as a generator for https://pwy.io (source code) for almost two years now - in this talk I'd like to show you how it works, go through pros and cons, and hopefully inspire you to see Nix as more than "this funny language used in nixpkgs".
An introduction into nixos-anywhere and disko, followed by a demo of using both to deploy NixOS with ZFS on a remote Ubuntu host. Ending by a hands-on support/Q & A session for the remaining time slot.
The premise of combining Nix and Bazel is really appealing and powerful - one gets the full reproducibility stemming from Nix (alongside all definitions from its rich ecosystem) and the fast incremental builds that are the hallmark of Bazel. Truly a bliss. Practicalities however beg to differ - the road towards such a combination is full of unexpected surprises, ill-implemented features and design decisions that break everything.
This talk is a journey of discovery of things that go wonderfully wrong if Nix and Bazel are being used together. The third ingredient to the Nix and Bazel cocktail are footguns. A lot of them.
We want to share them, so others do not have to get burned on them.
We'll be looking into what kind of limitations we've hit using C++Nix and how Tvix solves them.
I personally believe NixOS to be the ultimate server management tool. But how to convince others? We must let them try NixOS!
Currently, the only way to try out NixOS is to go all-in. There's no way to get a feel for it by just replacing one small piece of an existing infrastructure. To ease and accelerate adoption of NixOS, this must change.
This talk goes over why module contracts is the essential and (yet!) missing piece that will help us spread adoption of NixOS.
If we were to design a cloud based on a fundamental principle of Nix, namely hash-based addressing, what would it look like? What would be it's benefits? We did just that at garnix; this talk is about the big picture, and the details, of that idea.
Installing NixOS on a server can be a challenge for beginners or take a long time if you need to install it on several machines. In this workshop, we will see how it can be simple and what tools we can use to achieve that.
We'll guide you through Nixification of a project using devenv.sh
Deploying nix-built applications to a Kubernetes cluster can be an exercise in frustration - even though nix has built-in support for creation of container images, the outcome is usually a quite sizable tar archive. Propagation, caching and updating of such images takes time, bandwidth and storage space. One is essentially packaging little slices of a nix store, every time an application needs to be delivered. There has to be a better way!
We want to present a FUSE-based way of attaching a shared /nix/store
to container images and thus allowing them to only contain metainformation required to run the application. Even complex k8s deployments are reduced to very thin updates of data!
In a large code base you want a tool that is able to build your project quickly by leveraging features such as a distributed cache and remote execution. At the same time it is important that your build is correct and thus reproducible.
In this talk I will present how we integrated Nix with Buck2, an open source build system developed by Meta, in order to achieve highly granular, reproducible builds for a large Haskell code base and how we were able to use Buck2's remote execution with Nix.
In this talk, we’ll be sharing our journey through the Summer of Nix 2024 mentorship program giving a detailed look at our experiences and contributions. From the interesting projects we worked on to the challenges we faced and tackled. We’ll provide a an overview of how this initiative our understanding of Nix and contributed to the community. You’ll hear about the projects we've worked on, technical challenges and interesting rabbit holes we jumped into, and some honest feedback on how we can continue to improve. Whether you’re deeply involved in Nix or just curious about the program, I hope to offer valuable insights and inspiration for both current contributors and those looking to get involved.
In this workshop we'll play a game based around deploying clusters of NixOS machines more quickly and smoothly than anyone else, and learn how garnix hosting works in the process.
Picture this: you're on a remote tropical island, with limited internet access and only your ultraportable laptop, which lacks a dedicated GPU. Now imagine you need to search resources like nix.dev, various GitHub configurations, or books like NixOS in Production. Basic indexing and grepping just won't cut it for handling docs, code, and especially PDFs. Plus, relying on exact matches feels outdated. What you really want is to ask natural language questions about the problems you're solving, and get comprehensive, detailed responses—using only the latest, most relevant docs and references.
Until recently, this idea was pure science fiction. But with the rise of large language models (LLMs), it's become reality. However, the usual suspects like ChatGPT have their drawbacks: they don't provide source links, tend to hallucinate, and require careful fact-checking. On top of that, running them is computationally expensive. Most ultraportable laptops lack the necessary GPU power, or, if they have one, it's energy-hungry or inadequate for LLMs. This effectively rules out using LLMs in the tropical laptop scenario. Even with enough compute power, setting up an LLM can be a headache, partly due to the notorious challenges of getting Nvidia CUDA to work smoothly on Linux.
Enter Justine Tunney's llamafile. It's a game-changer: a single zip file that runs on CPUs and across multiple architectures, built on the llama.cpp library, which is a C/C++ implementation of LLM evaluation for various model architectures. This simplifies running LLMs on CPUs by allowing existing model weights to be used without needing a GPU. Combine this with retrieval-augmented generation (RAG), which pulls relevant information from your chosen docs and GitHub repositories, and you've got an offline, fully functional setup for querying NixOS-related content—right from your beachside ultraportable laptop.
System monitoring is essential for maintaining infrastructure stability. In this talk, we will explore how NixOS can be used to configure and manage system monitoring for your applications and your NixOS system using Prometheus and Grafana.
comin is a NixOS deployment tool operating in pull mode. In this short talk, I will describe what GitOps is, how comin works and its main features.
Block for additional lightning talks. If during the NixCon you decide that you would like to do a lightning talk, you can do it in this block.
Just contact anyone from the staff to let us know.
Endnote