Changelog: Google Cloud Platform auth, parallel eval unleashed, and more

Determinate Nix version 3.16.3, based on upstream Nix 2.33.3, brings some nice new improvements. Parallel evaluation now defaults to unlimited cores, FlakeHub now supports authentication with Google Cloud Platform, Determinate now has a simple Home Manager module, Determinate Nixd is not a bit more robust, and the Determinate Nix CLI has seen a handful of updates, including a fix for an annoying “too many open files” error.

Parallel evaluation fully unleashed

When parallel evaluation was initially released, we set the default number of cores used by parallel operations to 1 in Determinate Nix users’ configurations. We did this because we wanted to proceed with due care and gather feedback from users before using cores more aggressively. Fortunately, all signs told us that parallel eval was working exactly as hoped and so we’ve made the decision to bump the number of cores to unlimited (that is, all available cores).

This covers all available parallelized operations in Determinate Nix, including things like nix flake check.

Home Manager module for Determinate

Determinate now has a Home Manager module! But before you get too excited, it doesn’t actually do a whole lot. If you apply the module to your Home Manager configuration, it sets nix.package = null for you, which ensures that you don’t accidentally end up with a Nix that isn’t Determinate Nix on your PATH.

Most Determinate users probably don’t need this but can be a nice safeguard in some scenarios.

Pruning older AMIs

Determinate Systems publishes NixOS AMIs with Determinate Nix installed to facilitate deploying NixOS systems AWS using features like private flakes and FlakeHub Cache. Our internal metrics have shown that older AMIs are barely being used so we’ve opted to begin pruning AMIs after 90 days. If you’re using our AMIs, we recommend changing your workflows to accommodate this change as soon as possible.

Determinate Nixd changes

This release sees a wide range of improvements for Determinate Nixd, particularly surrounding reliability.

• Improved robustness surrounding timeouts in interactions with FlakeHub
• Google Cloud Platform support using the determinate-nixd auth login gcp command. Stay tuned for more updates around this next week!
• Users can now override the bash-prompt-prefix and extra-nix-path settings in nix.custom.conf instead of having to accept Determinate Nix’s defaults.

Determinate Nix CLI changes

Support .gitattributes in subdirectories

For historical reasons, Nix previously forbade using .gitattributes files in subdirectories. Some real-world repositories, however, rely on such files, so we assessed possible impacts and came to the conclusion that Determinate Nix should allow them.

builtins.getFlake now supports relative paths

Nix’s builtins.getFlake function now supports using relative paths in addition to absolute paths, FlakeHub URLs, and others. Here’s an example:

builtins.getFlake ./..

Previously, you needed hacks like this to use a local flake:

builtins.getFlake (builtins.flakeRefToString { type = "path"; path = self.sourceInfo.outPath; narHash = self.narHash; });

Note that allowing builtins.getFlake to fetch from Nix store paths is pretty much always a bad idea, since it’s ambiguous when using chroot stores. Determinate Nix now prints a warning when you do this.

Fixed a bug with too many open files

Recently, some users have reported seeing annoying errors like this when using the Determinate Nix CLI:

error: creating git packfile indexer: failed to create temporary file '/Users/anon/.cache/nix/tarball-cache-v2/objects/pack/pack_git2_56d617039ac17c2b': Too many open files

This should now be fixed.

nix store info now correctly supports --refresh and --offline

Previously, Nix had a hard-coded time-to-live (TTL) of seven days. Determinate Nix has moved that TTL to a new setting, narinfo-cache-meta-ttl, and has been update to make nix store info respect the --refresh and --offline flags.

This change makes it possible to freshly validate authenticating to a remote store.

Corrected builtins.hashString behavior under lazy trees

builtins.hashString now devirtualizes lazy paths, making the hash result stable. This means that Determinate Nix now forces lazy path references to be fully resolved to their final store path before computing the hash, which ensures that you always get the same hash for the same content regardless of when or how the path is evaluated.

How to get Determinate Nix

If you already have Determinate Nix installed, you can upgrade to 3.16.3 with one Determinate Nixd command:

sudo determinate-nixd upgrade

If you don’t yet have Determinate Nix installed, you can upgrade or migrate to Determinate Nix on macOS using our graphical installer:

Install Determinate Nix on macOS now 🍎

With support for Apple Silicon (aarch64-darwin)

On Linux:

curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | \
  sh -s -- install --determinate

On NixOS, we recommend using our dedicated NixOS module or our NixOS ISO (NixOS installer for x86_64, NixOS installer for ARM) with Determinate Nix pre-installed.

On GitHub Actions:

on:
  pull_request:
  workflow_dispatch:
  push:
    branches:
      - main

jobs:
  nix-ci:
    runs-on: ubuntu-latest
    # Include this block to log in to FlakeHub and access private flakes
    permissions:
      id-token: write
      contents: read
    steps:
      - uses: actions/checkout@v5
      - uses: DeterminateSystems/flake-checker-action@main
      - uses: DeterminateSystems/determinate-nix-action@v3
      - uses: DeterminateSystems/flakehub-cache-action@main
      - run: nix flake check

In Amazon Web Services:

data "aws_ami" "detsys_nixos" {
  most_recent = true
  owners      = ["535002876703"]

  filter {
    name   = "name"
    values = ["determinate/nixos/epoch-1/*"]
  }

  filter {
    name   = "architecture"
    values = ["x86_64"]
  }
}