https://media.ccc.de/c/nixcon2025 This feed contains all events from nixcon2025 as mp3 see video outro Thu, 12 Feb 2026 22:20:43 -0000 https://static.media.ccc.de/media/events/nixcon/2025/nixcon2025_icon.png https://media.ccc.de/c/nixcon2025 https://media.ccc.de/v/nixcon2025-56411-the-road-towards-a-nixo Imagine a Sim-City-style interface for managing your infrastructure: drag a machine onto the field, connect it to a service, and you're done. Behind the scenes, the clan.lol project turns that visual layout into the correct Nix modules - automatically configuring machines, managing secrets, and setting up a mesh VPN. In this presentation we detail: - Visualize and Configure Networks in 3D - A "Sim City" inspired 3D-UI to configure your selfhosted network without writing Nix! - Portable Multi-Machine Module System - Network-wide modules that configure multiple machines - Support for complex, role based relationships between machines (e.g. client, server) - Generation and distribution of secrets via generators - Multi VPN support - Support for running multiple VPNs at once - Deployment picks best suitable VPN connection - Extensible interface so users can define their own. - Multi-Platform support - Integrated MacOS support with nix-darwin. - Service Provisioning support about this event: https://talks.nixcon.org/nixcon-2025/talk/KX7AMW/ Fri, 05 Sep 2025 16:25:00 +0200 https://cdn.media.ccc.de/events/nixcon/2025/mp3/import-56411-eng-The_Road_Towards_a_NixOS_UI_mp3.mp3?1758336304 f872a55f-b7e0-4de6-a8cc-b3b2cd9aecbe 2025-09-05T16:25:00+02:00 Qubasa, Kenji Berthold No 56411, 2025, nixcon2025, Lecture Hall, nixcon2025-eng Imagine a Sim-City-style interface for managing your infrastructure: drag a machine onto the field, connect it to a service, and you're done. Behind the scenes, the clan.lol project turns that visual layout into the correct Nix modules - automatically configuring machines, managing secrets, and setting up a mesh VPN. In this presentation we detail: - Visualize and Configure Networks in 3D - A "Sim City" inspired 3D-UI to configure your selfhosted network without writing Nix! - Portable Multi-Machine Module System - Network-wide modules that configure multiple machines - Support for complex, role based relationships between machines (e.g. client, server) - Generation and distribution of secrets via generators - Multi VPN support - Support for running multiple VPNs at once - Deployment picks best suitable VPN connection - Extensible interface so users can define their own. - Multi-Platform support - Integrated MacOS support with nix-darwin. - Service Provisioning support about this event: https://talks.nixcon.org/nixcon-2025/talk/KX7AMW/ 00:22:59 https://media.ccc.de/v/nixcon2025-56409-rewriting-the-hydra-que The Hydra Queue Runner is a critical component responsible for orchestrating and executing build tasks within the Hydra infrastructure. Its reliability and efficiency are paramount for our Nix community, serving as a key component of the Nixpkgs infrastructure that builds the world's largest package set. A significant challenge with the current implementation lies in the communication between the Queue Runner and the builders. This system, built on SSH, directly read from and wrote to the running Nix daemon, which imposed a hard limit on connected builders. This talk will begin by explaining the current Hydra CI infrastructure and how Hydra works as a whole, looking at the evaluator, Queue Runner, PostgreSQL, hydra-notify, and hydra-web components and how they interact with one another. We will then detail the comprehensive redesign and re-implementation of the Hydra Queue Runner, transitioning from its existing architecture to a robust, high-performance solution built in Rust, specifically to overcome these limitations. We will present an overhaul of the remote communication protocol, migrating from the SSH implementation to gRPC, leveraging its benefits for performance, type safety, and interoperability. This change also benefits our ability to introduce generic messages unrelated to the Nix protocol, which enables the monitoring of the system utilization of all builders, making scheduling decisions more agile. Furthermore, we introduced comprehensive tracing capabilities, making the new Queue Runner significantly more debuggable and maintainable. We will then dive into the build pipeline, distinguishing between steps and runnables, examining the changes made to the build queues (now handling each platform with a separate queue) and what is needed to resolve a derivation. Lastly, we will present compelling benchmarks demonstrating how these changes have significantly accelerated builds and enabled a substantial increase in the number of concurrently connected machines. about this event: https://talks.nixcon.org/nixcon-2025/talk/SNFQ7J/ Fri, 05 Sep 2025 13:40:00 +0200 https://cdn.media.ccc.de/events/nixcon/2025/mp3/import-56409-eng-Rewriting_the_Hydra_Queue_Runner_in_Rust_mp3.mp3?1758336910 f30c0144-c60c-4e46-99ab-fd62d126bbb8 2025-09-05T13:40:00+02:00 Simon Hauser No 56409, 2025, nixcon2025, Lecture Hall, nixcon2025-eng The Hydra Queue Runner is a critical component responsible for orchestrating and executing build tasks within the Hydra infrastructure. Its reliability and efficiency are paramount for our Nix community, serving as a key component of the Nixpkgs infrastructure that builds the world's largest package set. A significant challenge with the current implementation lies in the communication between the Queue Runner and the builders. This system, built on SSH, directly read from and wrote to the running Nix daemon, which imposed a hard limit on connected builders. This talk will begin by explaining the current Hydra CI infrastructure and how Hydra works as a whole, looking at the evaluator, Queue Runner, PostgreSQL, hydra-notify, and hydra-web components and how they interact with one another. We will then detail the comprehensive redesign and re-implementation of the Hydra Queue Runner, transitioning from its existing architecture to a robust, high-performance solution built in Rust, specifically to overcome these limitations. We will present an overhaul of the remote communication protocol, migrating from the SSH implementation to gRPC, leveraging its benefits for performance, type safety, and interoperability. This change also benefits our ability to introduce generic messages unrelated to the Nix protocol, which enables the monitoring of the system utilization of all builders, making scheduling decisions more agile. Furthermore, we introduced comprehensive tracing capabilities, making the new Queue Runner significantly more debuggable and maintainable. We will then dive into the build pipeline, distinguishing between steps and runnables, examining the changes made to the build queues (now handling each platform with a separate queue) and what is needed to resolve a derivation. Lastly, we will present compelling benchmarks demonstrating how these changes have significantly accelerated builds and enabled a substantial increase in the number of concurrently connected machines. about this event: https://talks.nixcon.org/nixcon-2025/talk/SNFQ7J/ 00:27:48 https://media.ccc.de/v/nixcon2025-56408-what-if-github-actions We're going to dive into examples behind how GitHub Actions can be designed using Nix, while having little to no difference between local development environment and CI running somewhere else. about this event: https://talks.nixcon.org/nixcon-2025/talk/S8SKEG/ Fri, 05 Sep 2025 12:45:00 +0200 https://cdn.media.ccc.de/events/nixcon/2025/mp3/import-56408-eng-What_if_GitHub_Actions_were_local-first_and_built_using_Nix_mp3.mp3?1758337346 b86f019c-8c6c-492d-a3d0-16a2f253a766 2025-09-05T12:45:00+02:00 Domen Kožar No 56408, 2025, nixcon2025, Lecture Hall, nixcon2025-eng We're going to dive into examples behind how GitHub Actions can be designed using Nix, while having little to no difference between local development environment and CI running somewhere else. about this event: https://talks.nixcon.org/nixcon-2025/talk/S8SKEG/ 00:46:30 https://media.ccc.de/v/nixcon2025-56410-you-cant-spell-devshell Ever wondered how “nix develop” works? What kind of arcane horrors make our reproducible developer environments work? In this talk we’ll begin by explaining how “nix develop” works, then we’ll use that understanding to explore what it looks like to create an improved devshell experience, including improved startup times, extension to shells other than Bash, and adding packages without needing to exit and re-enter the shell. Along the way we’ll discuss some of the cursed idiosyncrasies of different shells, and some of the patterns for working around them. In the end we’ll all need therapy, but we’ll know more about how our shells are conspiring against us and why we should all be using Fish. about this event: https://talks.nixcon.org/nixcon-2025/talk/MAEMPM/ Fri, 05 Sep 2025 15:30:00 +0200 https://cdn.media.ccc.de/events/nixcon/2025/mp3/import-56410-eng-You_cant_spell_devshell_without_hell_mp3.mp3?1758337443 8cd8f0ec-5980-40b5-b37c-b6f00b98f52c 2025-09-05T15:30:00+02:00 Zach Mitchell No 56410, 2025, nixcon2025, Lecture Hall, nixcon2025-eng Ever wondered how “nix develop” works? What kind of arcane horrors make our reproducible developer environments work? In this talk we’ll begin by explaining how “nix develop” works, then we’ll use that understanding to explore what it looks like to create an improved devshell experience, including improved startup times, extension to shells other than Bash, and adding packages without needing to exit and re-enter the shell. Along the way we’ll discuss some of the cursed idiosyncrasies of different shells, and some of the patterns for working around them. In the end we’ll all need therapy, but we’ll know more about how our shells are conspiring against us and why we should all be using Fish. about this event: https://talks.nixcon.org/nixcon-2025/talk/MAEMPM/ 00:45:08 https://media.ccc.de/v/nixcon2025-56413-nix-based-development-e Over the past year at Shopify we've undergone a lot of changes internally. We moved from cloud development to local development, multirepo to monorepo, and Homebrew / Apt to Nix. Today, the majority of development is being done inside Nix-based environments. Some may recall that Shopify was using Nix back in 2019, so what happened? This talk will cover: * Why that effort stalled * How devenv reignited interest in Nix * How we approached incrementally migrating a huge collection of projects * Where we're at today, and lessons learned along the way * The many benefits Nix has brought * The challenges of supporting a large polygot org with developers working at every layer of the stack * Where we're headed about this event: https://talks.nixcon.org/nixcon-2025/talk/UPHTPD/ Fri, 05 Sep 2025 18:10:00 +0200 https://cdn.media.ccc.de/events/nixcon/2025/mp3/import-56413-eng-Nix-based_development_environments_at_Shopify_reprise_mp3.mp3?1758339987 21a1edb3-cb52-49e0-a6ed-ae41fa020659 2025-09-05T18:10:00+02:00 Josh Heinrichs No 56413, 2025, nixcon2025, Lecture Hall, nixcon2025-eng Over the past year at Shopify we've undergone a lot of changes internally. We moved from cloud development to local development, multirepo to monorepo, and Homebrew / Apt to Nix. Today, the majority of development is being done inside Nix-based environments. Some may recall that Shopify was using Nix back in 2019, so what happened? This talk will cover: * Why that effort stalled * How devenv reignited interest in Nix * How we approached incrementally migrating a huge collection of projects * Where we're at today, and lessons learned along the way * The many benefits Nix has brought * The challenges of supporting a large polygot org with developers working at every layer of the stack * Where we're headed about this event: https://talks.nixcon.org/nixcon-2025/talk/UPHTPD/ 00:19:01 https://media.ccc.de/v/nixcon2025-56404-supply-chain-security-p Nix is a very promising technology for fundamentally improving supply chain security. In some ways its lives up to this promise already, in a lot of ways pieces of the overall puzzle are still missing, fall short in implementation, adoption or UX. Our panelists all work on supply chain security related tools and topics in the the Nix ecosystem, which we will use as a starting point to plainly discuss which issues they are trying to address and how they might fit into an overall picture. Come join us to find out what we all do and do not see in the overall picture, based on the puzzle pieces we, you or other people in the community are holding. about this event: https://talks.nixcon.org/nixcon-2025/talk/XWQC8U/ Fri, 05 Sep 2025 18:10:00 +0200 https://cdn.media.ccc.de/events/nixcon/2025/mp3/import-56404-eng-Supply_Chain_Security_Panel_Discussion_mp3.mp3?1758234001 eccfae36-2aa2-489a-853e-60ea984f10b1 2025-09-05T18:10:00+02:00 Martin Schwaighofer, Shahar "Dawn" Or, Julien Malka / Luj, Arian van Putten No 56404, 2025, nixcon2025, Aula, nixcon2025-eng Nix is a very promising technology for fundamentally improving supply chain security. In some ways its lives up to this promise already, in a lot of ways pieces of the overall puzzle are still missing, fall short in implementation, adoption or UX. Our panelists all work on supply chain security related tools and topics in the the Nix ecosystem, which we will use as a starting point to plainly discuss which issues they are trying to address and how they might fit into an overall picture. Come join us to find out what we all do and do not see in the overall picture, based on the puzzle pieces we, you or other people in the community are holding. about this event: https://talks.nixcon.org/nixcon-2025/talk/XWQC8U/ 00:45:19 https://media.ccc.de/v/nixcon2025-56412-is-nixos-ready-for-the The Cyber Resilience Act (CRA) is the EU's most important regulation for software in the last decade. While it makes an exception for open-source software and impact NixOS directly, any commercial product that includes NixOS has to comply with the CRA to allow offering in the EU. In this talk, we give insights into the CRA’s requirements, showcase that Nix tooling with its focus on reproducibility is very well positioned for compliance, and point out the unsolved shortcomings. We focus on the update mechanism, SBOM tooling (together with matching CVEs from vulnerability mechanisms), and support durations. about this event: https://talks.nixcon.org/nixcon-2025/talk/3XBNPB/ Fri, 05 Sep 2025 17:35:00 +0200 https://cdn.media.ccc.de/events/nixcon/2025/mp3/import-56412-eng-Is_NixOS_ready_for_the_CRA_mp3.mp3?1758240906 7248d727-f2a8-42cd-aa21-bd697a2e6c9d 2025-09-05T17:35:00+02:00 Lukas Beierlieb No 56412, 2025, nixcon2025, Lecture Hall, nixcon2025-eng The Cyber Resilience Act (CRA) is the EU's most important regulation for software in the last decade. While it makes an exception for open-source software and impact NixOS directly, any commercial product that includes NixOS has to comply with the CRA to allow offering in the EU. In this talk, we give insights into the CRA’s requirements, showcase that Nix tooling with its focus on reproducibility is very well positioned for compliance, and point out the unsolved shortcomings. We focus on the update mechanism, SBOM tooling (together with matching CVEs from vulnerability mechanisms), and support durations. about this event: https://talks.nixcon.org/nixcon-2025/talk/3XBNPB/ 00:25:27 https://media.ccc.de/v/nixcon2025-56397-opening-ceremony Opening of the conference about this event: https://talks.nixcon.org/nixcon-2025/talk/QEN3WD/ Fri, 05 Sep 2025 12:00:00 +0200 https://cdn.media.ccc.de/events/nixcon/2025/mp3/import-56397-eng-Opening_Ceremony_mp3.mp3?1758250270 7eb78996-6a33-4064-9095-0adfe5c746b6 2025-09-05T12:00:00+02:00 Farhad Mehta No 56397, 2025, nixcon2025, Aula, nixcon2025-eng Opening of the conference about this event: https://talks.nixcon.org/nixcon-2025/talk/QEN3WD/ 00:31:59 https://media.ccc.de/v/nixcon2025-56414-my-first-nix-aha-a-newc When I first saw a colleague of mine typing "nix-shell", I had no idea what it did — but running it felt like magic. A swirl of "/nix/store/..." messages later, a fully working dev environment, with all the right tools and no system mess! Like Alice, I was “curiouser and curiouser.” In this talk, I’ll share the key “aha!” moments from my first few weeks with Nix — how I came to understand derivations, the Nix store, and pure builds. I’ll walk through the “from confusion to clarity” moments that helped me go from feeling lost in a sea of unfamiliar terminology to confidently writing my first Nix expressions. Along the way, I’ll highlight the resources, metaphors, and mental models that made the biggest difference — and the ones that didn’t. The Nix community is filled with passionate and experienced users, but for newcomers, the learning curve can feel overwhelming. This talk is not a tutorial, but a reflection: a newcomer’s perspective on what it’s like to learn Nix today, what helped me “get it,” and where the community can do more to support others on the same journey. about this event: https://talks.nixcon.org/nixcon-2025/talk/FMTH39/ Fri, 05 Sep 2025 18:40:00 +0200 https://cdn.media.ccc.de/events/nixcon/2025/mp3/import-56414-eng-My_first_Nix_Aha_A_Newcomers_Perspective_mp3.mp3?1758234068 4cd7dbd3-8fab-4c1e-b100-947878098032 2025-09-05T18:40:00+02:00 Kavisha Kumar No 56414, 2025, nixcon2025, Lecture Hall, nixcon2025-eng When I first saw a colleague of mine typing "nix-shell", I had no idea what it did — but running it felt like magic. A swirl of "/nix/store/..." messages later, a fully working dev environment, with all the right tools and no system mess! Like Alice, I was “curiouser and curiouser.” In this talk, I’ll share the key “aha!” moments from my first few weeks with Nix — how I came to understand derivations, the Nix store, and pure builds. I’ll walk through the “from confusion to clarity” moments that helped me go from feeling lost in a sea of unfamiliar terminology to confidently writing my first Nix expressions. Along the way, I’ll highlight the resources, metaphors, and mental models that made the biggest difference — and the ones that didn’t. The Nix community is filled with passionate and experienced users, but for newcomers, the learning curve can feel overwhelming. This talk is not a tutorial, but a reflection: a newcomer’s perspective on what it’s like to learn Nix today, what helped me “get it,” and where the community can do more to support others on the same journey. about this event: https://talks.nixcon.org/nixcon-2025/talk/FMTH39/ 00:19:18 https://media.ccc.de/v/nixcon2025-56415-life-without-kubernetes Kubernetes is good for many machines with complex networking setups, but not that good for a 2-machine one, especially when there's only one maintainer and zero documentation. At GeekPie, I've migrated our mirror infrastructure to NixOS and in this talk I want to show how Nix helps us achieve more with less code & maintenance. about this event: https://talks.nixcon.org/nixcon-2025/talk/MKJPLZ/ Fri, 05 Sep 2025 19:10:00 +0200 https://cdn.media.ccc.de/events/nixcon/2025/mp3/import-56415-eng-Life_without_Kubernetes_Hosting_Mirrors_with_NixOS_mp3.mp3?1758234332 343fdb32-8715-4f5e-856a-7125c9466443 2025-09-05T19:10:00+02:00 Sizhe Zhao No 56415, 2025, nixcon2025, Lecture Hall, nixcon2025-eng Kubernetes is good for many machines with complex networking setups, but not that good for a 2-machine one, especially when there's only one maintainer and zero documentation. At GeekPie, I've migrated our mirror infrastructure to NixOS and in this talk I want to show how Nix helps us achieve more with less code & maintenance. about this event: https://talks.nixcon.org/nixcon-2025/talk/MKJPLZ/ 00:20:59 https://media.ccc.de/v/nixcon2025-56399-nixos-mediation-a-free Presenting https://nixos-mediation.org/ what it is, how you can benefit from it, and a small retro. about this event: https://talks.nixcon.org/nixcon-2025/talk/CDU788/ Fri, 05 Sep 2025 13:40:00 +0200 https://cdn.media.ccc.de/events/nixcon/2025/mp3/import-56399-eng-NixOS_Mediation_-_a_free_mediation_service_mp3.mp3?1758249547 ea3351e8-4aed-4a40-8326-fcf6aa0913c4 2025-09-05T13:40:00+02:00 Jonas Chevalier (zimbatm) No 56399, 2025, nixcon2025, Aula, nixcon2025-eng Presenting https://nixos-mediation.org/ what it is, how you can benefit from it, and a small retro. about this event: https://talks.nixcon.org/nixcon-2025/talk/CDU788/ 00:06:41 https://media.ccc.de/v/nixcon2025-56400-introducing-nixops4 NixOps4 is the successor of NixOps. Why did NixOps fail, and how does NixOps4 address its shortcomings? Will NixOps4 replace Terraform/OpenTofu? Will the demo work? https://github.com/roberth/nixcon-2025-slides about this event: https://talks.nixcon.org/nixcon-2025/talk/YCDXZM/ Fri, 05 Sep 2025 15:30:00 +0200 https://cdn.media.ccc.de/events/nixcon/2025/mp3/import-56400-eng-Introducing_NixOps4_mp3.mp3?1758233492 1a72622c-3c5e-480c-bd0a-cb70b84a4912 2025-09-05T15:30:00+02:00 Robert Hensing No 56400, 2025, nixcon2025, Aula, nixcon2025-eng NixOps4 is the successor of NixOps. Why did NixOps fail, and how does NixOps4 address its shortcomings? Will NixOps4 replace Terraform/OpenTofu? Will the demo work? https://github.com/roberth/nixcon-2025-slides about this event: https://talks.nixcon.org/nixcon-2025/talk/YCDXZM/ 00:30:55 https://media.ccc.de/v/nixcon2025-56398-sustainable-nix-2025-st Lets explore how to ensure the sustainability of the Nix ecosystem with community leads including the SC and Foundation. We will dive into what it takes to create and maintain a robust, reliable environment for years to come. Covering the community’s milestones in 2024, from infra to governance, and about both the hard-won lessons and the innovations shaping Nix’s future. about this event: https://talks.nixcon.org/nixcon-2025/talk/9VKFRM/ Fri, 05 Sep 2025 12:45:00 +0200 https://cdn.media.ccc.de/events/nixcon/2025/mp3/import-56398-eng-Sustainable_Nix_2025_-_State_of_the_Union_mp3.mp3?1758250442 969f80e4-0cd0-4bbf-9288-aa4dbea18be1 2025-09-05T12:45:00+02:00 Ron Efroni No 56398, 2025, nixcon2025, Aula, nixcon2025-eng Lets explore how to ensure the sustainability of the Nix ecosystem with community leads including the SC and Foundation. We will dive into what it takes to create and maintain a robust, reliable environment for years to come. Covering the community’s milestones in 2024, from infra to governance, and about both the hard-won lessons and the innovations shaping Nix’s future. about this event: https://talks.nixcon.org/nixcon-2025/talk/9VKFRM/ 00:44:14 https://media.ccc.de/v/nixcon2025-56401-free-software-talk-and This talk explores the challenges and opportunities faced by the free software movement today. It offers a broad reflection on what "freedom" means in modern computing — and why it's more relevant than ever. Touching on questions of trust, corporate co-option, licenses, and the ethics of technology, it emphasizes the role of community engagement and governance structures. With urgency and clarity, it calls on developers to think beyond code and to take responsibility for the digital world we are collectively building. about this event: https://talks.nixcon.org/nixcon-2025/talk/NGPKNY/ Fri, 05 Sep 2025 16:05:00 +0200 https://cdn.media.ccc.de/events/nixcon/2025/mp3/import-56401-eng-Free_Software_Talk_and_Discussion_mp3.mp3?1758233993 7490cecc-4be2-4fa6-a11b-8fbc6f2399ee 2025-09-05T16:05:00+02:00 Zoë Kooyman No 56401, 2025, nixcon2025, Aula, nixcon2025-eng This talk explores the challenges and opportunities faced by the free software movement today. It offers a broad reflection on what "freedom" means in modern computing — and why it's more relevant than ever. Touching on questions of trust, corporate co-option, licenses, and the ethics of technology, it emphasizes the role of community engagement and governance structures. With urgency and clarity, it calls on developers to think beyond code and to take responsibility for the digital world we are collectively building. about this event: https://talks.nixcon.org/nixcon-2025/talk/NGPKNY/ 00:43:47 https://media.ccc.de/v/nixcon2025-56405-how-i-wish-bazel-had-ni Nix's package composition model makes developer environments a natural extension of its core abstractions. A simple shell.nix declaration combined with nix develop provides native tooling access and IDE integration that other build systems struggle to achieve without significant engineering investment. At LinkedIn, I experienced this contrast firsthand while migrating Go repositories to Bazel. I spent six months reverse-engineering Bazel's sandbox internals, writing custom rules to extract SDK paths, generate direnv configurations, and create LSP settings files. This enabled developers to use native Go commands via shell and IDE within Bazel workspaces, which proved crucial for broader adoption (Bazelcon 2024 talk on this topic). In this talk, I'll contrast months of custom engineering against Nix's declarative approach - just a few lines of config that solve the same problem in a manner that's harmonious with the build system. about this event: https://talks.nixcon.org/nixcon-2025/talk/HMKXYP/ Fri, 05 Sep 2025 19:15:00 +0200 https://cdn.media.ccc.de/events/nixcon/2025/mp3/import-56405-eng-How_I_wish_Bazel_had_nix_develop_mp3.mp3?1758231662 871aa81e-509f-441f-8bbd-cb6fcca11055 2025-09-05T19:15:00+02:00 Srini No 56405, 2025, nixcon2025, Aula, nixcon2025-eng Nix's package composition model makes developer environments a natural extension of its core abstractions. A simple shell.nix declaration combined with nix develop provides native tooling access and IDE integration that other build systems struggle to achieve without significant engineering investment. At LinkedIn, I experienced this contrast firsthand while migrating Go repositories to Bazel. I spent six months reverse-engineering Bazel's sandbox internals, writing custom rules to extract SDK paths, generate direnv configurations, and create LSP settings files. This enabled developers to use native Go commands via shell and IDE within Bazel workspaces, which proved crucial for broader adoption (Bazelcon 2024 talk on this topic). In this talk, I'll contrast months of custom engineering against Nix's declarative approach - just a few lines of config that solve the same problem in a manner that's harmonious with the build system. about this event: https://talks.nixcon.org/nixcon-2025/talk/HMKXYP/ 00:05:08 https://media.ccc.de/v/nixcon2025-56392-nix-as-a-solution-to-em In this talk we go over how we leveraged Nix to build our new Katla synthesizer. We go through setting up development environment, CICD, Linux kernel optimizations, cross-platform compilation and other steps that make Nix a standout solution when building hardware products with a team distributed around the globe. about this event: https://talks.nixcon.org/nixcon-2025/talk/YGL3MV/ Sat, 06 Sep 2025 16:40:00 +0200 https://cdn.media.ccc.de/events/nixcon/2025/mp3/import-56392-eng-Nix_as_a_solution_to_embedded_linux_mp3.mp3?1758205123 427fa82f-ffa3-4629-bf12-5a4205e58b5a 2025-09-06T16:40:00+02:00 Óli No 56392, 2025, nixcon2025, Lecture Hall, nixcon2025-eng In this talk we go over how we leveraged Nix to build our new Katla synthesizer. We go through setting up development environment, CICD, Linux kernel optimizations, cross-platform compilation and other steps that make Nix a standout solution when building hardware products with a team distributed around the globe. about this event: https://talks.nixcon.org/nixcon-2025/talk/YGL3MV/ 00:17:54 https://media.ccc.de/v/nixcon2025-56380-finix-an-experimental-o NixOS is a remarkably flexible and powerful operating system, but its stability and scale can make it a challenging environment for exploring unconventional ideas. finix is an experimental Nix-based OS I built to break free from some of the constraints of upstream NixOS — a fully functional, Nix-built system that embraces rapid and bold experimentation over stability. This talk will walk through how I built finix, how I reuse much of NixOS’s scaffolding, and why I chose to try a different init system, finit. But more than the implementation details, I want to share how having a small, purpose-built codebase has created space to rapidly prototype ideas — like alternative service frameworks or minimal module sets — and see what works. finix isn’t meant to replace anything, but it could serve as a useful place to explore concepts that might one day feed back into the broader NixOS ecosystem, or at least help us think differently about how it’s designed. Beyond finix itself, I’d like to use this talk to advocate for a more diverse ecosystem of sibling projects in the Nix community — especially to better support efforts like the Nix-based BSD project. Valuable ideas don’t always need to go upstream to have an impact. Though built for experimentation, I run finix as my daily driver — and on my laptop, it’s just as smooth and capable as NixOS. That reliability makes it a practical foundation for trying out new ideas in real-world use, and it’s convinced me that we need more room for experiments like this — and more space for alternative perspectives in our community. about this event: https://talks.nixcon.org/nixcon-2025/talk/Q8VUKL/ Sat, 06 Sep 2025 17:35:00 +0200 https://cdn.media.ccc.de/events/nixcon/2025/mp3/import-56380-eng-finix_-_an_experimental_os_featuring_finit_as_pid_1_to_explore_the_NixOS_design_space_mp3.mp3?1758205161 2d347780-1290-4a5e-9b53-1d9476be7d3e 2025-09-06T17:35:00+02:00 aanderse No 56380, 2025, nixcon2025, Aula, nixcon2025-eng NixOS is a remarkably flexible and powerful operating system, but its stability and scale can make it a challenging environment for exploring unconventional ideas. finix is an experimental Nix-based OS I built to break free from some of the constraints of upstream NixOS — a fully functional, Nix-built system that embraces rapid and bold experimentation over stability. This talk will walk through how I built finix, how I reuse much of NixOS’s scaffolding, and why I chose to try a different init system, finit. But more than the implementation details, I want to share how having a small, purpose-built codebase has created space to rapidly prototype ideas — like alternative service frameworks or minimal module sets — and see what works. finix isn’t meant to replace anything, but it could serve as a useful place to explore concepts that might one day feed back into the broader NixOS ecosystem, or at least help us think differently about how it’s designed. Beyond finix itself, I’d like to use this talk to advocate for a more diverse ecosystem of sibling projects in the Nix community — especially to better support efforts like the Nix-based BSD project. Valuable ideas don’t always need to go upstream to have an impact. Though built for experimentation, I run finix as my daily driver — and on my laptop, it’s just as smooth and capable as NixOS. That reliability makes it a practical foundation for trying out new ideas in real-world use, and it’s convinced me that we need more room for experiments like this — and more space for alternative perspectives in our community. about this event: https://talks.nixcon.org/nixcon-2025/talk/Q8VUKL/ 00:19:50 https://media.ccc.de/v/nixcon2025-56396-kubernetes-on-nix Running a production grade kubernetes cluster is a non trivial task. Although many commercial and non-commercial solutions are available, each comes with its own limitations. Some are primarily meant to set up a single node development cluster, others have hardly any flexibility. Here NixOS comes to the rescue, allowing us to build our cluster the way we want. However, because of the complexity of such a multi host setup, this is a bit more work than a services.kubernetes.enable = true;. We will look into the Kubernetes modules in NixOS, and how we can use them to set up a production grade cluster. For this we will consider what certificates we need, and how we can utilize a secret management solution like agenix to deploy them. We will also analyze how we can utilize Nix and the kubernetes addon-manager to configure our cluster from nix. Being able to install tools like ingress or the cert-manager is the final piece to describe the entire cluster in our nix config. about this event: https://talks.nixcon.org/nixcon-2025/talk/AZF8PR/ Sat, 06 Sep 2025 18:50:00 +0200 https://cdn.media.ccc.de/events/nixcon/2025/mp3/import-56396-eng-Kubernetes_on_Nix_mp3.mp3?1758211493 e7ea7c76-3f27-4978-a028-8bcbb3763092 2025-09-06T18:50:00+02:00 Lux No 56396, 2025, nixcon2025, Lecture Hall, nixcon2025-eng Running a production grade kubernetes cluster is a non trivial task. Although many commercial and non-commercial solutions are available, each comes with its own limitations. Some are primarily meant to set up a single node development cluster, others have hardly any flexibility. Here NixOS comes to the rescue, allowing us to build our cluster the way we want. However, because of the complexity of such a multi host setup, this is a bit more work than a services.kubernetes.enable = true;. We will look into the Kubernetes modules in NixOS, and how we can use them to set up a production grade cluster. For this we will consider what certificates we need, and how we can utilize a secret management solution like agenix to deploy them. We will also analyze how we can utilize Nix and the kubernetes addon-manager to configure our cluster from nix. Being able to install tools like ingress or the cert-manager is the final piece to describe the entire cluster in our nix config. about this event: https://talks.nixcon.org/nixcon-2025/talk/AZF8PR/ 00:25:30 https://media.ccc.de/v/nixcon2025-56402-flatpaks-the-nix-way Nix and Flatpak are often seen as solving similar problems from different angles: one declarative and reproducible, the other sandboxed and user-friendly. But what happens when you try to make them work together? And why would you want to do it? In this talk, I’ll present nix-flatpak (https://github.com/gmodena/nix-flatpak), an open-source project to declaratively manage Flatpak apps with Nix. This project started as a personal learning experiment to understand Nix, flakes, and module design, and grew into a practical tool to bridge the Nix and Flatpak ecosystems. We’ll cover: - A quick primer on Flatpaks and why they matter for desktop NixOS users - How Flatpak installations are managed declaratively in nix-flatpak - Architecture decisions and tradeoffs: convergent state vs full reproducibility - How to test and validate the module logic across system and user installations - What’s ahead: improving UX, stability, and community feedback The talk is intended to be interactive. I’ll share how the project evolved, but also open the floor to ideas, questions, and use cases from the community. Your feedback will directly shape the future of nix-flatpak. about this event: https://talks.nixcon.org/nixcon-2025/talk/XJ9JLH/ Fri, 05 Sep 2025 17:00:00 +0200 https://cdn.media.ccc.de/events/nixcon/2025/mp3/import-56402-eng-Flatpaks_the_Nix_way_mp3.mp3?1758233786 6bef6b1a-0a82-4b47-9855-b4b34dac85a6 2025-09-05T17:00:00+02:00 Gabriele Modena No 56402, 2025, nixcon2025, Aula, nixcon2025-eng Nix and Flatpak are often seen as solving similar problems from different angles: one declarative and reproducible, the other sandboxed and user-friendly. But what happens when you try to make them work together? And why would you want to do it? In this talk, I’ll present nix-flatpak (https://github.com/gmodena/nix-flatpak), an open-source project to declaratively manage Flatpak apps with Nix. This project started as a personal learning experiment to understand Nix, flakes, and module design, and grew into a practical tool to bridge the Nix and Flatpak ecosystems. We’ll cover: - A quick primer on Flatpaks and why they matter for desktop NixOS users - How Flatpak installations are managed declaratively in nix-flatpak - Architecture decisions and tradeoffs: convergent state vs full reproducibility - How to test and validate the module logic across system and user installations - What’s ahead: improving UX, stability, and community feedback The talk is intended to be interactive. I’ll share how the project evolved, but also open the floor to ideas, questions, and use cases from the community. Your feedback will directly shape the future of nix-flatpak. about this event: https://talks.nixcon.org/nixcon-2025/talk/XJ9JLH/ 00:26:34 https://media.ccc.de/v/nixcon2025-56395-from-pixels-to-pure-der When we think of reproducibility, we often focus on software builds, but what about the logos and visuals that represent our projects? In this talk, I’ll share how I approached logo design for the NixOS project with the same rigor we apply to software: deterministic outputs, minimal storage overhead, and fully free tooling. I’ll discuss the journey of building my own FOSS tooling to generate NixOS logos as SVGs from source code. Existing tools like Inkscape or Blender were either not parametric enough or not designed for clean, annotated vector outputs. By combining principles of CAD, typography, and color theory, I created a pipeline for reproducible, fixed-output derivations (FODs) that ensure all branding assets are versioned, verifiable, and easy to regenerate. This talk will cover: 1. The challenges of finding FOSS tools for parametric logo design. 2. Deep dives into fonts, kerning, and color spaces to build a consistent design language. 3. How I integrated FODs with verification tooling to ensure logo correctness. 4. Lessons learned about repository hygiene and why developers should expose overlays and NixOS modules rather than forcing consumers to hack around flake outputs. about this event: https://talks.nixcon.org/nixcon-2025/talk/HWQRXK/ Sat, 06 Sep 2025 18:15:00 +0200 https://cdn.media.ccc.de/events/nixcon/2025/mp3/import-56395-eng-From_Pixels_to_Pure_Derivations_Deterministic_Logos_with_Nix_mp3.mp3?1758205980 56c7b23a-a1b2-409a-9b07-cebe702c6d69 2025-09-06T18:15:00+02:00 Daniel Baker No 56395, 2025, nixcon2025, Lecture Hall, nixcon2025-eng When we think of reproducibility, we often focus on software builds, but what about the logos and visuals that represent our projects? In this talk, I’ll share how I approached logo design for the NixOS project with the same rigor we apply to software: deterministic outputs, minimal storage overhead, and fully free tooling. I’ll discuss the journey of building my own FOSS tooling to generate NixOS logos as SVGs from source code. Existing tools like Inkscape or Blender were either not parametric enough or not designed for clean, annotated vector outputs. By combining principles of CAD, typography, and color theory, I created a pipeline for reproducible, fixed-output derivations (FODs) that ensure all branding assets are versioned, verifiable, and easy to regenerate. This talk will cover: 1. The challenges of finding FOSS tools for parametric logo design. 2. Deep dives into fonts, kerning, and color spaces to build a consistent design language. 3. How I integrated FODs with verification tooling to ensure logo correctness. 4. Lessons learned about repository hygiene and why developers should expose overlays and NixOS modules rather than forcing consumers to hack around flake outputs. about this event: https://talks.nixcon.org/nixcon-2025/talk/HWQRXK/ 00:26:27 https://media.ccc.de/v/nixcon2025-56391-nixos-compose-local-dev When working on a software project, it can often be useful to spin up local development versions of services that run in production. This can be as simple as running a database to run your tests against, or as complicated as spinning up dozens of machines that talk to each other, while allowing you to observe and debug complex interactions. In some non-Nix projects, docker-compose is used for this successfully, but it requires a lot of manual configuration. In projects where production machines are declared as NixOS configurations, the Nix ecosystem provides a lot of powerful building blocks for running VMs. But existing tools require a lot of manual configuration in order to run networks of VMs locally. They also have unintuitive interfaces and poor documentation, making it hard to use them (and, often, even to know about them!). nixos-compose addresses these problems. It's a polished CLI tool that makes it remarkably easy to: Start one or more VMs from a flake file, SSH into them for debugging, enable network communication between them, and access VMs from the host. In this talk, we’ll tour through the features and implementation of nixos-compose. nixos-compose is an open-source tool built by garnix: https://github.com/garnix-io/nixos-compose about this event: https://talks.nixcon.org/nixcon-2025/talk/BRJ8XS/ Sat, 06 Sep 2025 16:05:00 +0200 https://cdn.media.ccc.de/events/nixcon/2025/mp3/import-56391-eng-nixos-compose_Local_development_VMs_made_easy_mp3.mp3?1758205116 40b43a63-54d6-4eac-95f1-4223ceed2ca6 2025-09-06T16:05:00+02:00 Sönke Hahn No 56391, 2025, nixcon2025, Lecture Hall, nixcon2025-eng When working on a software project, it can often be useful to spin up local development versions of services that run in production. This can be as simple as running a database to run your tests against, or as complicated as spinning up dozens of machines that talk to each other, while allowing you to observe and debug complex interactions. In some non-Nix projects, docker-compose is used for this successfully, but it requires a lot of manual configuration. In projects where production machines are declared as NixOS configurations, the Nix ecosystem provides a lot of powerful building blocks for running VMs. But existing tools require a lot of manual configuration in order to run networks of VMs locally. They also have unintuitive interfaces and poor documentation, making it hard to use them (and, often, even to know about them!). nixos-compose addresses these problems. It's a polished CLI tool that makes it remarkably easy to: Start one or more VMs from a flake file, SSH into them for debugging, enable network communication between them, and access VMs from the host. In this talk, we’ll tour through the features and implementation of nixos-compose. nixos-compose is an open-source tool built by garnix: https://github.com/garnix-io/nixos-compose about this event: https://talks.nixcon.org/nixcon-2025/talk/BRJ8XS/ 00:26:53 https://media.ccc.de/v/nixcon2025-56385-agenix-shell-secrets-in Leveraging age and agenix, this project makes it easy to inject secret-containing environment variables into your flake-based devShells. It simplifies onboarding for new developers by enabling secure secret sharing, and helps make projects more self-contained by removing the need for external secrets managers. https://github.com/aciceri/agenix-shell about this event: https://talks.nixcon.org/nixcon-2025/talk/BABGSX/ Sat, 06 Sep 2025 19:10:00 +0200 https://cdn.media.ccc.de/events/nixcon/2025/mp3/import-56385-eng-agenix-shell_secrets_in_your_flakes_shells_the_Nix_Way_mp3.mp3?1758211152 b8ab6607-5148-4633-a499-7d1672219205 2025-09-06T19:10:00+02:00 Andrea Ciceri No 56385, 2025, nixcon2025, Aula, nixcon2025-eng Leveraging age and agenix, this project makes it easy to inject secret-containing environment variables into your flake-based devShells. It simplifies onboarding for new developers by enabling secure secret sharing, and helps make projects more self-contained by removing the need for external secrets managers. https://github.com/aciceri/agenix-shell about this event: https://talks.nixcon.org/nixcon-2025/talk/BABGSX/ 00:04:49 https://media.ccc.de/v/nixcon2025-56388-nixos-on-loongarch64 Explain the current state of the LoongArch64 ecosystem, issues encountered with the Nixpkgs/NixOS port, and what to expect next about this event: https://talks.nixcon.org/nixcon-2025/talk/BMXTFW/ Sat, 06 Sep 2025 13:00:00 +0200 https://cdn.media.ccc.de/events/nixcon/2025/mp3/import-56388-eng-NixOS_on_LoongArch64_mp3.mp3?1758205081 3512c744-b98b-43dd-ab0b-d0b207e23b52 2025-09-06T13:00:00+02:00 Aleksana, Weijia Wang No 56388, 2025, nixcon2025, Lecture Hall, nixcon2025-eng Explain the current state of the LoongArch64 ecosystem, issues encountered with the Nixpkgs/NixOS port, and what to expect next about this event: https://talks.nixcon.org/nixcon-2025/talk/BMXTFW/ 00:26:03 https://media.ccc.de/v/nixcon2025-56394-embarrassingly-parallel Nix offers an unparalleled collection of readily packaged C/C++ libraries, with the added benefits of cross-compilation support and a declarative configuration language. That's why we chose it to manage third-party dependencies for our Bazel-built monorepo. This not-too-common use of Nix as a polyglot build system for external libraries and tools led us to approach Nix in a different way, both in how we think about it and how we used it. Our usage scenarios seemed rarely exercised an we found several opportunities for optimization in Nix code itself. At the core of the problem, we had 300+ packages that we needed to evaluate and build on demand. These evaluation times quickly added up, and we had to rethink the design to get some optimizations. This task set is embarrassingly parallel as each package evaluation is independent. But we realized along the way that full parallelism wasn’t the best we could do. We will explain how we leveraged nix evaluation caches (plural!), flakes, manually crafted store paths and parallel execution to reduce evaluation time from 5 minutes to 5 seconds, and bring other less quantifiable improvements. The work led to a few interesting scripts and two main PRs to nix itself (see below), one of which is already merged and released while the second is subject to discussion because of its impact on other cached operations. We will use that discussion to illustrate the tradeoffs of caching parallel evaluation. about this event: https://talks.nixcon.org/nixcon-2025/talk/FZNRLC/ Sat, 06 Sep 2025 17:45:00 +0200 https://cdn.media.ccc.de/events/nixcon/2025/mp3/import-56394-eng-Embarrassingly_parallel_evaluations_mp3.mp3?1758210806 eafa360a-5d45-4050-bce2-31be5ece5f24 2025-09-06T17:45:00+02:00 Guillaume Maudoux (@layus) No 56394, 2025, nixcon2025, Lecture Hall, nixcon2025-eng Nix offers an unparalleled collection of readily packaged C/C++ libraries, with the added benefits of cross-compilation support and a declarative configuration language. That's why we chose it to manage third-party dependencies for our Bazel-built monorepo. This not-too-common use of Nix as a polyglot build system for external libraries and tools led us to approach Nix in a different way, both in how we think about it and how we used it. Our usage scenarios seemed rarely exercised an we found several opportunities for optimization in Nix code itself. At the core of the problem, we had 300+ packages that we needed to evaluate and build on demand. These evaluation times quickly added up, and we had to rethink the design to get some optimizations. This task set is embarrassingly parallel as each package evaluation is independent. But we realized along the way that full parallelism wasn’t the best we could do. We will explain how we leveraged nix evaluation caches (plural!), flakes, manually crafted store paths and parallel execution to reduce evaluation time from 5 minutes to 5 seconds, and bring other less quantifiable improvements. The work led to a few interesting scripts and two main PRs to nix itself (see below), one of which is already merged and released while the second is subject to discussion because of its impact on other cached operations. We will use that discussion to illustrate the tradeoffs of caching parallel evaluation. about this event: https://talks.nixcon.org/nixcon-2025/talk/FZNRLC/ 00:20:37 https://media.ccc.de/v/nixcon2025-56378-garn-a-faster-friendlie Nix is a powerful tool, but it also comes with some well-known problems: a steep learning curve, bad error messages, and slow evaluation. What if we could solve these three problems in one stroke? garn is an experiment in doing just that. With garn, you define derivations with TypeScript instead of in the Nix language. TypeScript is familiar to most developers, well-documented, and supported by rich editor tooling - thus lowering the learning barrier. And instead of stack traces, you mostly get (much nicer) type errors. garn also rethinks the CLI, clarifying the core user-facing concepts in Nix, and how they relate to one another. What exactly is a devshell? A check? A NixOS configuration? What operations make sense with them? By thinking of these as first-class objects instead of "just derivations", garn makes the UX more approachable, and more powerful. The currently-released version of garn generates Nix code, which means we still incur the cost of (often slow) Nix evaluation. But we are working on a second version which ditches Nix evaluation altogether, and uses Nix only to build .drv files. This opens the door to substantial speed improvements, with techniques such as pre-evaluating Nix (FFI) code, caching evaluation in a finer-grained way, async IFD, and even using WASM as an alternative to IFD. This talk will show how garn works both above and under the hood. It's aimed at anyone interested in making Nix faster and more accessible. about this event: https://talks.nixcon.org/nixcon-2025/talk/RJSMCA/ Sat, 06 Sep 2025 16:25:00 +0200 https://cdn.media.ccc.de/events/nixcon/2025/mp3/import-56378-eng-garn_A_Faster_Friendlier_Nix_in_TypeScript_mp3.mp3?1758171200 1611cc30-729c-4a8a-88ac-b0529b2255b5 2025-09-06T16:25:00+02:00 Julian Kirsten Arni No 56378, 2025, nixcon2025, Aula, nixcon2025-eng Nix is a powerful tool, but it also comes with some well-known problems: a steep learning curve, bad error messages, and slow evaluation. What if we could solve these three problems in one stroke? garn is an experiment in doing just that. With garn, you define derivations with TypeScript instead of in the Nix language. TypeScript is familiar to most developers, well-documented, and supported by rich editor tooling - thus lowering the learning barrier. And instead of stack traces, you mostly get (much nicer) type errors. garn also rethinks the CLI, clarifying the core user-facing concepts in Nix, and how they relate to one another. What exactly is a devshell? A check? A NixOS configuration? What operations make sense with them? By thinking of these as first-class objects instead of "just derivations", garn makes the UX more approachable, and more powerful. The currently-released version of garn generates Nix code, which means we still incur the cost of (often slow) Nix evaluation. But we are working on a second version which ditches Nix evaluation altogether, and uses Nix only to build .drv files. This opens the door to substantial speed improvements, with techniques such as pre-evaluating Nix (FFI) code, caching evaluation in a finer-grained way, async IFD, and even using WASM as an alternative to IFD. This talk will show how garn works both above and under the hood. It's aimed at anyone interested in making Nix faster and more accessible. about this event: https://talks.nixcon.org/nixcon-2025/talk/RJSMCA/ 00:25:06 https://media.ccc.de/v/nixcon2025-56377-steering-committee-foun Discussion & Q&A about this event: https://talks.nixcon.org/nixcon-2025/talk/RZPTFK/ Sat, 06 Sep 2025 15:30:00 +0200 https://cdn.media.ccc.de/events/nixcon/2025/mp3/import-56377-eng-Steering_Committee_Foundation_Board_Panel_mp3.mp3?1758171632 6b6957fc-ea12-45ad-bc43-942a066ec63f 2025-09-06T15:30:00+02:00 Nix Steering Committee, NixOS Foundation board No 56377, 2025, nixcon2025, Aula, nixcon2025-eng Discussion & Q&A about this event: https://talks.nixcon.org/nixcon-2025/talk/RZPTFK/ 00:43:45 https://media.ccc.de/v/nixcon2025-56387-closing-ceremony Closing ceremony So long, and thanks for all the bees! about this event: https://talks.nixcon.org/nixcon-2025/talk/TEPUWK/ Sat, 06 Sep 2025 19:45:00 +0200 https://cdn.media.ccc.de/events/nixcon/2025/mp3/import-56387-eng-Closing_Ceremony_mp3.mp3?1758205175 1e3649c1-0ba2-4866-98bf-8b7305ece476 2025-09-06T19:45:00+02:00 Farhad Mehta No 56387, 2025, nixcon2025, Aula, nixcon2025-eng Closing ceremony So long, and thanks for all the bees! about this event: https://talks.nixcon.org/nixcon-2025/talk/TEPUWK/ 00:07:50 https://media.ccc.de/v/nixcon2025-56381-when-not-to-nix-working Nix has got so many bells and whistles to meet most of the requirements, staying declarative with modularised setup to allow code reuse. However, this comes with a bit of a challenge for those who are starting the Nix journey -- it can be quite complex, or at least so does it seem. This talk focuses on some simpler approaches to use separate non-Nix files such as JSON, YAML and/or TOML for the configuration management. There are some gotchas around using file content, file as path, and potentially mixing and matching with Nix managed configs. The integration with other tools such as SOPS Nix will also be an interesting mix, where it is simpler to create a separate config file and substitute secret information with SOPS. Once you know the tools and solutions of not using Nix to get started, the Nix journey will be an easier one to get started with, and perhaps actually lead you to further Nix usage for areas where Nix language makes it easier. about this event: https://talks.nixcon.org/nixcon-2025/talk/CPF8EH/ Sat, 06 Sep 2025 18:05:00 +0200 https://cdn.media.ccc.de/events/nixcon/2025/mp3/import-56381-eng-When_Not_to_Nix_Working_with_External_Config_and_SOPS_Nix_mp3.mp3?1758205926 4908454e-6c43-4a4d-bde8-70cbe30b3eeb 2025-09-06T18:05:00+02:00 Ryota No 56381, 2025, nixcon2025, Aula, nixcon2025-eng Nix has got so many bells and whistles to meet most of the requirements, staying declarative with modularised setup to allow code reuse. However, this comes with a bit of a challenge for those who are starting the Nix journey -- it can be quite complex, or at least so does it seem. This talk focuses on some simpler approaches to use separate non-Nix files such as JSON, YAML and/or TOML for the configuration management. There are some gotchas around using file content, file as path, and potentially mixing and matching with Nix managed configs. The integration with other tools such as SOPS Nix will also be an interesting mix, where it is simpler to create a separate config file and substitute secret information with SOPS. Once you know the tools and solutions of not using Nix to get started, the Nix journey will be an easier one to get started with, and perhaps actually lead you to further Nix usage for areas where Nix language makes it easier. about this event: https://talks.nixcon.org/nixcon-2025/talk/CPF8EH/ 00:19:46 https://media.ccc.de/v/nixcon2025-56383-nixci-demo In this demo I will demo https://nix-ci.com/ to showcase how Nix can give us zero-config locally reproducible CI. about this event: https://talks.nixcon.org/nixcon-2025/talk/FHMLKZ/ Sat, 06 Sep 2025 18:50:00 +0200 https://cdn.media.ccc.de/events/nixcon/2025/mp3/import-56383-eng-NixCI_Demo_mp3.mp3?1758210827 c2c78a98-cc46-43a9-9681-edb72835bf73 2025-09-06T18:50:00+02:00 syd No 56383, 2025, nixcon2025, Aula, nixcon2025-eng In this demo I will demo https://nix-ci.com/ to showcase how Nix can give us zero-config locally reproducible CI. about this event: https://talks.nixcon.org/nixcon-2025/talk/FHMLKZ/ 00:05:36 https://media.ccc.de/v/nixcon2025-56386-nix-in-the-wild In this talk, we’ll share lessons from real teams using Nix in the wild: from startups building AI workflows to large orgs managing cloud infrastructure. Based on a series of interviews and stories, we’ll cover what’s working, what’s not, and how teams are making Nix part of their day-to-day development. We’ll talk about: * Why teams decide to use Nix * How they roll it out across engineering * Common challenges and how people solve them * Real-world examples of Nix in CI, AI, and production environments If you’ve ever wondered what it’s like to bring Nix to work — this talk will give you a clear, honest look. about this event: https://talks.nixcon.org/nixcon-2025/talk/XSRZH8/ Sat, 06 Sep 2025 19:20:00 +0200 https://cdn.media.ccc.de/events/nixcon/2025/mp3/import-56386-eng-Nix_in_the_Wild_mp3.mp3?1758211159 8b188180-5886-4f1d-851d-a1c809cbf767 2025-09-06T19:20:00+02:00 Ross Turk No 56386, 2025, nixcon2025, Aula, nixcon2025-eng In this talk, we’ll share lessons from real teams using Nix in the wild: from startups building AI workflows to large orgs managing cloud infrastructure. Based on a series of interviews and stories, we’ll cover what’s working, what’s not, and how teams are making Nix part of their day-to-day development. We’ll talk about: * Why teams decide to use Nix * How they roll it out across engineering * Common challenges and how people solve them * Real-world examples of Nix in CI, AI, and production environments If you’ve ever wondered what it’s like to bring Nix to work — this talk will give you a clear, honest look. about this event: https://talks.nixcon.org/nixcon-2025/talk/XSRZH8/ 00:05:11 https://media.ccc.de/v/nixcon2025-56384-recreational-receipt-pr I bought a receipt printer on eBay for $50, and it is one of the best purchases I've ever made. Here's how I packaged the drivers for Nix, how I legitimately use it in my every day life, and some significantly sillier Nix-related uses. about this event: https://talks.nixcon.org/nixcon-2025/talk/WNQEA8/ Sat, 06 Sep 2025 19:00:00 +0200 https://cdn.media.ccc.de/events/nixcon/2025/mp3/import-56384-eng-Recreational_Receipt_Printing_mp3.mp3?1758210837 9149f103-c631-4693-8cc8-0757bbe676f0 2025-09-06T19:00:00+02:00 Lillith "Infinidoge" No 56384, 2025, nixcon2025, Aula, nixcon2025-eng I bought a receipt printer on eBay for $50, and it is one of the best purchases I've ever made. Here's how I packaged the drivers for Nix, how I legitimately use it in my every day life, and some significantly sillier Nix-related uses. about this event: https://talks.nixcon.org/nixcon-2025/talk/WNQEA8/ 00:05:09 https://media.ccc.de/v/nixcon2025-56376-derivationbuilder-extra The most subtle part of Nix's store layer is the exact logic used to sandbox derivations. Mess up the daemon protocol, Local Store SQLite usage, drv file parsing, or other such things, and things should blow up immediately. Fail Fast helps a lot! Mess up the sandboxing logic, however, and you might not notice for a while until you try to build just the right sort of derivation. For most of Nix's history, the sandboxing logic has been embedded within the build scheduling logic (which builds or downloades dependencies) thus entangling it with hefty other machinery that makes all sorts of assumption about how IO, concurrency, etc. should work. In other words, it was not written in a way that made it easy to use from any other program but Nix itself. In the last few months, however, we've finally untangled it and moved it into its own component, and then reworked it to give it a simple interface for FFI. In this talk, we'll briefly go over that work, and then demonstrate its use a simple example executable written in a friendlier language than C++. about this event: https://talks.nixcon.org/nixcon-2025/talk/ZAHLMN/ Sat, 06 Sep 2025 13:35:00 +0200 https://cdn.media.ccc.de/events/nixcon/2025/mp3/import-56376-eng-DerivationBuilder_extracting_Nixs_sandboxing_logic_for_library_use_mp3.mp3?1758170440 17dccd12-35e0-482a-9978-9383c986d148 2025-09-06T13:35:00+02:00 John Ericson No 56376, 2025, nixcon2025, Aula, nixcon2025-eng The most subtle part of Nix's store layer is the exact logic used to sandbox derivations. Mess up the daemon protocol, Local Store SQLite usage, drv file parsing, or other such things, and things should blow up immediately. Fail Fast helps a lot! Mess up the sandboxing logic, however, and you might not notice for a while until you try to build just the right sort of derivation. For most of Nix's history, the sandboxing logic has been embedded within the build scheduling logic (which builds or downloades dependencies) thus entangling it with hefty other machinery that makes all sorts of assumption about how IO, concurrency, etc. should work. In other words, it was not written in a way that made it easy to use from any other program but Nix itself. In the last few months, however, we've finally untangled it and moved it into its own component, and then reworked it to give it a simple interface for FFI. In this talk, we'll briefly go over that work, and then demonstrate its use a simple example executable written in a friendlier language than C++. about this event: https://talks.nixcon.org/nixcon-2025/talk/ZAHLMN/ 00:20:10 https://media.ccc.de/v/nixcon2025-56403-the-nix-binary-cache-an Behind the Scenes of cache.nixos.org: Scaling Nix’s Binary Cache to Infinity The Nix binary cache is the silent powerhouse of the Nix ecosystem: every day, it fields thousands of requests per second—amounting to nearly 6 billion requests per month!—for NixOS and Nix users worldwide. But what makes it work at scale, how—or why—is its simplicity a virtue, and how does an ongoing partnership between AWS and the Nix Foundation ensure its availability for years to come? In this fireside chat, join Ron (Flox), Tarus (AWS), Tom Bereknyei and moderator Ross (Flox) for a conversation about: - What the Nix binary cache actually is… - …and why it matters for the community, reproducibility, and even the survival of historical software; - How AWS came to support cache.nixos.org - Why the binary cache’s “dumb” design is a feature, not a bug; - What goes in the cache? - Challenges and lessons learned: scaling, cost optimization, and keeping things simple - Why this partnership is important for the Nix ecosystem Whether you’re a builder, a Nix maintainer, a user, or just curious about how open source infra runs at global scale, this conversation will offer insights, anecdotes, and a look at how communities and clouds can support each other. about this event: https://talks.nixcon.org/nixcon-2025/talk/QXZJ9H/ Fri, 05 Sep 2025 17:35:00 +0200 https://cdn.media.ccc.de/events/nixcon/2025/mp3/import-56403-eng-The_Nix_Binary_Cache_and_AWS_mp3.mp3?1758233252 a7d90376-dcba-4650-a5e8-e0f570d8d659 2025-09-05T17:35:00+02:00 Tarus Balog No 56403, 2025, nixcon2025, Aula, nixcon2025-eng Behind the Scenes of cache.nixos.org: Scaling Nix’s Binary Cache to Infinity The Nix binary cache is the silent powerhouse of the Nix ecosystem: every day, it fields thousands of requests per second—amounting to nearly 6 billion requests per month!—for NixOS and Nix users worldwide. But what makes it work at scale, how—or why—is its simplicity a virtue, and how does an ongoing partnership between AWS and the Nix Foundation ensure its availability for years to come? In this fireside chat, join Ron (Flox), Tarus (AWS), Tom Bereknyei and moderator Ross (Flox) for a conversation about: - What the Nix binary cache actually is… - …and why it matters for the community, reproducibility, and even the survival of historical software; - How AWS came to support cache.nixos.org - Why the binary cache’s “dumb” design is a feature, not a bug; - What goes in the cache? - Challenges and lessons learned: scaling, cost optimization, and keeping things simple - Why this partnership is important for the Nix ecosystem Whether you’re a builder, a Nix maintainer, a user, or just curious about how open source infra runs at global scale, this conversation will offer insights, anecdotes, and a look at how communities and clouds can support each other. about this event: https://talks.nixcon.org/nixcon-2025/talk/QXZJ9H/ 00:24:39 https://media.ccc.de/v/nixcon2025-56375-the-bikes-have-been-she The history of how the official Nix formatter was successfully established, along with its struggles and lessons. We go over: - How Nix didn't have a formatter for its first 15 years before the first ones were written - How an RFC to standardise the formatter took 3 years, 50 meetings and 600 comments to get accepted - How one of the most active codebases with 40k Nix files and 15k monthly commits got fully reformatted - What problems still exist and what the future of Nix formatting holds about this event: https://talks.nixcon.org/nixcon-2025/talk/GCGE7K/ Sat, 06 Sep 2025 13:00:00 +0200 https://cdn.media.ccc.de/events/nixcon/2025/mp3/import-56375-eng-The_bikes_have_been_shed_The_official_Nix_formatter_mp3.mp3?1758170429 c0b94de2-405c-49ac-ab2b-984d71b238da 2025-09-06T13:00:00+02:00 Silvan Mosberger No 56375, 2025, nixcon2025, Aula, nixcon2025-eng The history of how the official Nix formatter was successfully established, along with its struggles and lessons. We go over: - How Nix didn't have a formatter for its first 15 years before the first ones were written - How an RFC to standardise the formatter took 3 years, 50 meetings and 600 comments to get accepted - How one of the most active codebases with 40k Nix files and 15k monthly commits got fully reformatted - What problems still exist and what the future of Nix formatting holds about this event: https://talks.nixcon.org/nixcon-2025/talk/GCGE7K/ 00:20:08 https://media.ccc.de/v/nixcon2025-56382-share-your-daemons-with The ssh-ng store implementation allows connecting to remote daemons over ssh. However, between server management, key exchanges, and device discovery, SSH is not the most user friendly. Unfortunately ssh-ng is also the only store implementation for active remotes built into nix. Let's ignore that fact and forward a remote daemon via P2P instead. Why would you do this? Does this work? And what can we learn from it? This talk might answer any or all of that. about this event: https://talks.nixcon.org/nixcon-2025/talk/FBZBUS/ Sat, 06 Sep 2025 18:45:00 +0200 https://cdn.media.ccc.de/events/nixcon/2025/mp3/import-56382-eng-Share_your_daemons_with_your_peers_mp3.mp3?1758210810 25069f95-103c-4e09-a486-2f0b4e189fcd 2025-09-06T18:45:00+02:00 Yannik Sander No 56382, 2025, nixcon2025, Aula, nixcon2025-eng The ssh-ng store implementation allows connecting to remote daemons over ssh. However, between server management, key exchanges, and device discovery, SSH is not the most user friendly. Unfortunately ssh-ng is also the only store implementation for active remotes built into nix. Let's ignore that fact and forward a remote daemon via P2P instead. Why would you do this? Does this work? And what can we learn from it? This talk might answer any or all of that. about this event: https://talks.nixcon.org/nixcon-2025/talk/FBZBUS/ 00:05:12 https://media.ccc.de/v/nixcon2025-56379-how-nixos-is-built-from Let's follow the lifecycle of a change in Nixpkgs; from opening the Pull Request until the change makes it our local /nix/store. We'll explore all the CI systems involved in this process, how they interact, where and how they're defined in our codebases, and finally the security implications of each step. about this event: https://talks.nixcon.org/nixcon-2025/talk/RF93ZE/ Sat, 06 Sep 2025 17:00:00 +0200 https://cdn.media.ccc.de/events/nixcon/2025/mp3/import-56379-eng-How_NixOS_is_built_From_Pull_Request_to_your_nix_store_mp3.mp3?1758205139 578badc6-06d8-4d69-9c8f-d38afb20c1d1 2025-09-06T17:00:00+02:00 Dionysis Grigoropoulos No 56379, 2025, nixcon2025, Aula, nixcon2025-eng Let's follow the lifecycle of a change in Nixpkgs; from opening the Pull Request until the change makes it our local /nix/store. We'll explore all the CI systems involved in this process, how they interact, where and how they're defined in our codebases, and finally the security implications of each step. about this event: https://talks.nixcon.org/nixcon-2025/talk/RF93ZE/ 00:18:05 https://media.ccc.de/v/nixcon2025-56393-a-field-guide-to-nix-at In this most remarkable presentation, I chronicle my extensive explorations through the untamed wilderness of enterprise landscape and the experiences of applying Nix within said corporate domain. The audience shall discover the arcane rituals of cargo cults development, learn to navigate the treacherous waters of organisational silos and master the craft of sanctifying Nix usage. Like a seasoned naturalist cataloging the flora and fauna of some newly discovered archipelago, I have meticulously documented the peculiar behaviors of people unfamiliar with Nix, the resistance patterns towards making the effort to learn it, and the curious customs of playing the responsibility ping-pong. This tongue-in-cheek talk aims to share a collection of arguments and concrete actions one can make, to convince others to use Nix at their workplace. The rebuttal of frequent misconceptions (Docker makes nix not needed) included. about this event: https://talks.nixcon.org/nixcon-2025/talk/3RHWND/ Sat, 06 Sep 2025 17:10:00 +0200 https://cdn.media.ccc.de/events/nixcon/2025/mp3/import-56393-eng-A_field_guide_to_Nix_at_the_Corporate_mp3.mp3?1758205149 0b9843ed-8c94-40d6-9c9d-8b1dc8029343 2025-09-06T17:10:00+02:00 Aleksander Gondek No 56393, 2025, nixcon2025, Lecture Hall, nixcon2025-eng In this most remarkable presentation, I chronicle my extensive explorations through the untamed wilderness of enterprise landscape and the experiences of applying Nix within said corporate domain. The audience shall discover the arcane rituals of cargo cults development, learn to navigate the treacherous waters of organisational silos and master the craft of sanctifying Nix usage. Like a seasoned naturalist cataloging the flora and fauna of some newly discovered archipelago, I have meticulously documented the peculiar behaviors of people unfamiliar with Nix, the resistance patterns towards making the effort to learn it, and the curious customs of playing the responsibility ping-pong. This tongue-in-cheek talk aims to share a collection of arguments and concrete actions one can make, to convince others to use Nix at their workplace. The rebuttal of frequent misconceptions (Docker makes nix not needed) included. about this event: https://talks.nixcon.org/nixcon-2025/talk/3RHWND/ 00:25:34 https://media.ccc.de/v/nixcon2025-56390-internet-scale-routing This talk will be in the format of an experience report. We will go over how to use the module system to declaratively manage BGP sessions, set up routing policies to manage traffic between hosts using addresses within advertised prefixes using systemd-networkd and nftables in a multi-upstream setup, and how to run a primitive anycast CDN. The talk will also include hiccups encountered while experimenting with the BIRD Internet Routing Daemon, Tailscale, and improvement plans. GitHub: https://github.com/stepbrobd/router about this event: https://talks.nixcon.org/nixcon-2025/talk/7YWTUC/ Sat, 06 Sep 2025 15:30:00 +0200 https://cdn.media.ccc.de/events/nixcon/2025/mp3/import-56390-eng-Internet_scale_routing_with_NixOS_mp3.mp3?1758205101 666d25ad-b71f-4737-9077-7ffb1f47a02c 2025-09-06T15:30:00+02:00 Yifei Sun No 56390, 2025, nixcon2025, Lecture Hall, nixcon2025-eng This talk will be in the format of an experience report. We will go over how to use the module system to declaratively manage BGP sessions, set up routing policies to manage traffic between hosts using addresses within advertised prefixes using systemd-networkd and nftables in a multi-upstream setup, and how to run a primitive anycast CDN. The talk will also include hiccups encountered while experimenting with the BIRD Internet Routing Daemon, Tailscale, and improvement plans. GitHub: https://github.com/stepbrobd/router about this event: https://talks.nixcon.org/nixcon-2025/talk/7YWTUC/ 00:17:17 https://media.ccc.de/v/nixcon2025-56407-jailnix-a-library-to-ea Given the amount of software written in memory unsafe languages, and the rise in supply chain attacks, I prefer to run as much software as possible within some kind of security boundary (mostly using bubblewrap and qemu). Bubblewrap is the sandboxing tool at the core of Flatpak, but it is intentionally designed to be very low level. Using bubblewrap, one can write wrappers for every package on their system, but getting the flags right can be error prone, and often lead to annoying debug cycles to get a program to run correctly. jail.nix is a nix library I have been working on to make wrapping Nix derivations in bubblewrap jails more ergonomic by using higher level combinators to achieve concrete objectives (like giving a program access to the network, or allowing it to render to a Wayland compositor). The library is open source, the source can be found here: https://git.sr.ht/~alexdavid/jail.nix This talk will give a tour of the features of jail.nix and how to integrate it with a NixOS configuration. about this event: https://talks.nixcon.org/nixcon-2025/talk/3QH3PZ/ Fri, 05 Sep 2025 19:35:00 +0200 https://cdn.media.ccc.de/events/nixcon/2025/mp3/import-56407-eng-jailnix_-_A_library_to_easily_jail_your_NixOS_derivations_in_Bubblewrap_mp3.mp3?1758231743 a7d32c5a-76d9-45c1-b87e-66e8e9e884b8 2025-09-05T19:35:00+02:00 Alex David No 56407, 2025, nixcon2025, Aula, nixcon2025-eng Given the amount of software written in memory unsafe languages, and the rise in supply chain attacks, I prefer to run as much software as possible within some kind of security boundary (mostly using bubblewrap and qemu). Bubblewrap is the sandboxing tool at the core of Flatpak, but it is intentionally designed to be very low level. Using bubblewrap, one can write wrappers for every package on their system, but getting the flags right can be error prone, and often lead to annoying debug cycles to get a program to run correctly. jail.nix is a nix library I have been working on to make wrapping Nix derivations in bubblewrap jails more ergonomic by using higher level combinators to achieve concrete objectives (like giving a program access to the network, or allowing it to render to a Wayland compositor). The library is open source, the source can be found here: https://git.sr.ht/~alexdavid/jail.nix This talk will give a tour of the features of jail.nix and how to integrate it with a NixOS configuration. about this event: https://talks.nixcon.org/nixcon-2025/talk/3QH3PZ/ 00:05:07 https://media.ccc.de/v/nixcon2025-56374-saturday-opening-ceremo Opening day 2 about this event: https://talks.nixcon.org/nixcon-2025/talk/XVBSXD/ Sat, 06 Sep 2025 12:45:00 +0200 https://cdn.media.ccc.de/events/nixcon/2025/mp3/import-56374-eng-Saturday_Opening_Ceremony_mp3.mp3?1758170418 eb5e1a58-19c6-4516-87f4-445f18488f8a 2025-09-06T12:45:00+02:00 Farhad Mehta No 56374, 2025, nixcon2025, Aula, nixcon2025-eng Opening day 2 about this event: https://talks.nixcon.org/nixcon-2025/talk/XVBSXD/ 00:04:06 https://media.ccc.de/v/nixcon2025-56389-python-packaging-with-n There is a broad range of possibilities when packaging Python with Nix. The amount of Python formats alone can be overwhelming: requirements.txt, setup.py & pyproject.toml, not to mention Conda! This talk aims to explain Python packaging with Nix, focusing on pyproject.nix & uv2nix, but I will also talk about other approaches and their trade-offs. We'll start off with a short primer on the different Python packaging formats & methods while explaining a few of the things that make Python packaging particularly murky & difficult. Then we'll go through a range of Nix packaging possibilities, starting with using plain nixpkgs & culminating in pyproject.nix & uv2nix. Along the way the pros and cons of each will be explored and what approach to use when and where. about this event: https://talks.nixcon.org/nixcon-2025/talk/Y8TSAW/ Sat, 06 Sep 2025 13:35:00 +0200 https://cdn.media.ccc.de/events/nixcon/2025/mp3/import-56389-eng-Python_packaging_with_nixpkgs_pyprojectnix_uv2nix_mp3.mp3?1758205094 650a8d7a-8042-4e43-81e3-06993ffa78ff 2025-09-06T13:35:00+02:00 adisbladis No 56389, 2025, nixcon2025, Lecture Hall, nixcon2025-eng There is a broad range of possibilities when packaging Python with Nix. The amount of Python formats alone can be overwhelming: requirements.txt, setup.py & pyproject.toml, not to mention Conda! This talk aims to explain Python packaging with Nix, focusing on pyproject.nix & uv2nix, but I will also talk about other approaches and their trade-offs. We'll start off with a short primer on the different Python packaging formats & methods while explaining a few of the things that make Python packaging particularly murky & difficult. Then we'll go through a range of Nix packaging possibilities, starting with using plain nixpkgs & culminating in pyproject.nix & uv2nix. Along the way the pros and cons of each will be explored and what approach to use when and where. about this event: https://talks.nixcon.org/nixcon-2025/talk/Y8TSAW/ 00:28:42 https://media.ccc.de/v/nixcon2025-56406-ricochets I made a thing to manage the Linux machines of my friends and family: https://sraka.xyz/posts/ricochets.html, it's a hack with a custom NixOS default channel :) about this event: https://talks.nixcon.org/nixcon-2025/talk/RDSBZN/ Fri, 05 Sep 2025 19:25:00 +0200 https://cdn.media.ccc.de/events/nixcon/2025/mp3/import-56406-eng-Ricochets_mp3.mp3?1758231564 74b88818-42ae-4285-be35-59caec3bed69 2025-09-05T19:25:00+02:00 Yvan Sraka No 56406, 2025, nixcon2025, Aula, nixcon2025-eng I made a thing to manage the Linux machines of my friends and family: https://sraka.xyz/posts/ricochets.html, it's a hack with a custom NixOS default channel :) about this event: https://talks.nixcon.org/nixcon-2025/talk/RDSBZN/ 00:03:17 media.ccc.de / RSS 0.3.2 CCC media team media@c3voc.de CCC media team No CCC Congress Hacking Security Netzpolitik A wide variety of video material distributed by the CCC. All content is taken from cdn.media.ccc.de and media.ccc.de A wide variety of video material distributed by the Chaos Computer Club. This feed contains all events from nixcon2025 as mp3