Changelog: a whole bevy of small improvements for Determinate Nix

We’re excited to announce that Determinate Nix version 3.13.2, based on version 2.32.4 of upstream Nix, is now available! This release doesn’t bring any bold leaps forward but it does come with some changes that you should be aware of, including a major change in which systems we support.

Dropping support for macOS on Intel

A major part of our mission at Determinate Systems is to make macOS a first-class platform for Nix—and that includes knowing when continuing to support a macOS architecture is no longer a good use of our resources.

Now that Apple is well on its way to transitioning to Apple Silicon, we feel it’s time to discontinue our support for Determinate Nix on Intel Macs (x86_64-darwin in Nix terms) and support Apple Silicon (aarch64-darwin) exclusively. We’ve come to this conclusion because usage of Determinate Nix on x86_64-darwin has dwindled to well under 1% of macOS usage and under .01% of overall usage—and that usage generally happens in CI environments where switching to Apple Silicon runners is likely to be fairly straightforward.

We announced the intention to make this transition last month and version 3.13.2 of Determinate Nix will be the first to support Apple Silicon only.

Users can now customize the native Linux builder

The native Linux builder has been extremely popular since its release a while back, but when first released we hadn’t yet provided any customization hooks. In 3.13.2, you can now specify how much memory and how many CPUs you want to allocate to macOS’s Virtualization framework in your Determinate Nixd configuration. Here’s an example:

{
  "builder": {
    "state": "enabled",
    "memoryBytes": 8589934592, // 16 GiB, the default
    "cpuCount": 1 // the default
  },
  // other params
}

It’s important to note here that we strongly recommend that you not set the CPU count higher than 1 unless you’re sure that it improves performance. In our internal testing, we’ve found that increasing the CPU counts tends to hurt performance, potentially due to coordination overhead. We plan to continue investigating ways to make the builder more efficient and have some ideas up our sleeves, so stay tuned (no pun intended?).

Git sources have a progress indicator again

Nix used to feel “stuck” while it was cloning large repositories, providing little indication that it was doing much of anything while that was happening. Determinate Nix now shows Git’s native progress indicator while fetching, which should provide a nice little UX boost.

Faster revCount computation

When using Git repositories with a long history (and thus many revisions), calculating the revCount attribute can take a long time. Determinate Nix now computes revCount using multiple threads, making it much faster.

Note that if you don’t need revCount, you can disable it altogether by setting the flake input attribute shallow = false. Here’s an example:

{
  inputs.my-input = {
    url = "https://flakehub.com/f/my-org/my-flake/0.1";
    shallow = false;
  };
}

Don’t compute revCount/lastModified if they’re already specified

Determinate Nix no longer computes Git attributes like revCount or lastModified if they’re already specified. Our reasoning is that Nix shouldn’t care if the user—or, more likely, the lockfile—specifies an incorrect value for these attributes, since it doesn’t matter for security (unlike content hashes, like narHash, that matter a great deal). This can save time when operating in large repos, as needing to recalculate these attributes can slow things down significantly.

More readable flake references in error messages

Previously, Nix showed full flake references inside of error messages such as stack traces. Here’s how that used to look:

   … from call site
     at «github:NixOS/nixpkgs/3bea86e918d8b54aa49780505d2d4cd9261413be?narHash=sha256-Ica%2B%2BSXFuLyxX9Q7YxhfZulUif6/gwM8AEQYlUxqSgE%3D»/lib/customisation.nix:69:16:
       68|     let
       69|       result = f origArgs;
         |                ^
       70|

That felt noisy to us, so Determinate Nix now abbreviates these by leaving out narHash and shortening the Git revisions:

   … from call site
     at «github:NixOS/nixpkgs/3bea86e»/lib/customisation.nix:69:16:
       68|     let
       69|       result = f origArgs;
         |                ^
       70|

We find that substantially more readable.

Fixed some issues with flakes with a ?dir= parameter

Some users were experiencing issues when their flake registry contained a flake that included a ?dir= parameter, causing commands like nix eval registry-with-flake-in-subdir#output and those that use --inputs-from to fail or behave incorrectly.

This is now fixed, so use your flakes inside subdirectories without fear!

Only substitute inputs if they haven’t already been fetched

When using lazy trees, you might have noticed Nix fetching some source inputs from a cache, even though you could have sworn that it had already fetched those inputs. Well, you weren’t wrong, because that was indeed happening in some cases.

We’ve fixed that behavior in version 3.13.2. Now, Nix attempts to fetch inputs from their original location and falls back to fetching from a substituter only if the original fetch fails.

nix flake prefetch-inputs now skips build-time inputs

Build-time inputs can already be fetched in parallel, which means that pre-fetching them is usually not what you want. This can be especially noticeable in projects that make extensive use of build-time flake inputs.

Mirrored flake registry

The flake registry is security critical and thus should be as highly available as possible. In Determinate Nix 3.13.2, the upstream flake registry is now mirrored in the nix binary itself. Mirroring makes it far less likely that a GitHub outage—like the one just this past week—blocks resolution from the registry.

Bug fixes

How to get Determinate Nix

If you already have Determinate Nix installed, you can upgrade to 3.13.2 with one Determinate Nixd command:

sudo determinate-nixd upgrade

If you don’t yet have Determinate Nix installed, you can upgrade or migrate to Determinate Nix on macOS using our graphical installer:

Install Determinate Nix on macOS now 🍎

With support for Apple Silicon (aarch64-darwin)

On Linux:

curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | \
  sh -s -- install --determinate

On NixOS, we recommend using our dedicated NixOS module or our NixOS ISO (NixOS installer for x86_64, NixOS installer for ARM) with Determinate Nix pre-installed.

On GitHub Actions:

on:
  pull_request:
  workflow_dispatch:
  push:
    branches:
      - main

jobs:
  nix-ci:
    runs-on: ubuntu-latest
    # Include this block to log in to FlakeHub and access private flakes
    permissions:
      id-token: write
      contents: read
    steps:
      - uses: actions/checkout@v5
      - uses: DeterminateSystems/flake-checker-action@main
      - uses: DeterminateSystems/determinate-nix-action@v3
      - uses: DeterminateSystems/flakehub-cache-action@main
      - run: nix flake check

In Amazon Web Services:

data "aws_ami" "detsys_nixos" {
  most_recent = true
  owners      = ["535002876703"]

  filter {
    name   = "name"
    values = ["determinate/nixos/epoch-1/*"]
  }

  filter {
    name   = "architecture"
    values = ["x86_64"]
  }
}