Changelog: build-time flake inputs and unauthenticated upgrades

Determinate Nix 3.9.0 brings an important optimization to flakes: build-time flake inputs. These inputs are sources that have no Nix expressions of their own and aren’t required at evaluation time, such as some non-Nix Git repos. When you mark a flake input as a build-time input, Nix downloads the source only when it’s needed, at build time, and never before, which in turn provides generally much speedier and cleaner evaluation. This is an exciting improvement because it provides the most benefit to precisely those folks who use flakes most intensively.
The other major change in 3.9.0 is that upgrading Determinate no longer requires you to be logged into FlakeHub. A nice quality-of-life boost to accompany build-time inputs.
Build-time flake inputs
Some of our users have flakes with hundreds or even thousands of flake inputs. In those cases, it can be painfully slow for Nix to fetch all the inputs during evaluation of the flake.
Determinate Nix now offers an experimental feature that, when enabled, makes Nix defer fetching those inputs until dependent derivations are actually built.
This feature is currently in developer preview.
If you’d like to try it, add this experimental feature to your custom Determinate Nix configuration at /etc/nix/nix.custom.conf:
extra-experimental-features = build-time-fetch-treeThen, change one of your inputs to be fetched at build time:
{ inputs.nonNixInput = { type = "github"; owner = "my-org"; repo = "non-nix-repo"; flake = false; # currently required buildTime = true; };}It’s important to note that build-time fetching is performed by the Nix daemon and not by the Nix client. This means that authenticated fetches only succeed if the daemon has access to any required credentials, such as GitHub access tokens. Fetching Git repositories over SSH is currently not supported.
Let us know what you think on Discord or via email at hello@determinate-systems.
Relevant pull request
Corrected inconsistent behavior of nix flake check
Users reported that the nix flake check command wouldn’t consistently validate the entire flake.
We’ve fixed this issue and improved our testing around nix flake check.
Relevant pull request
Say goodbye to slow Determinate Nix Installer downloads
The Determinate Nix Installer now cancels and restarts downloads if the connection appears stalled. Specifically, the connection is restarted if the connection is unable to transfer at least 250kb/sec over a 15-second period.
This is designed to avoid stalled and stuck connections and resume with a healthier backend. Previously, users would occasionally see a stalled download take ten minutes or more.
We picked this threshold as it’s approximately 20% of a typical and modern DSL connection. If your network connection is normally below this rate, please get in touch and we’ll tune it.
Relevant pull request
Upgrade without logging in
Previously, running determinate-nixd upgrade required you to be logged into FlakeHub.
With version 3.9.0, this is no longer necessary, which should streamline keeping up to date with the latest and greatest Determinate Nix.
How to get Determinate Nix
If you already have Determinate Nix installed, you can upgrade to 3.9.0 with one Determinate Nixd command:
sudo determinate-nixd upgradeIf you don’t yet have Determinate Nix installed, you can upgrade or migrate to Determinate Nix on macOS using our graphical installer:
Install Determinate Nix on macOS
With support for Apple Silicon (aarch64-darwin)
On Linux:
curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | \ sh -s -- installOn NixOS, we recommend using our dedicated NixOS module or our NixOS ISO (NixOS installer for x86_64, NixOS installer for ARM) with Determinate Nix pre-installed.
On GitHub Actions:
on: pull_request: workflow_dispatch: push: branches: - main
jobs: nix-ci: runs-on: ubuntu-latest # Include this block to log in to FlakeHub and access private flakes permissions: id-token: write contents: read steps: - uses: actions/checkout@v4 - uses: DeterminateSystems/determinate-nix-action@v3 - uses: DeterminateSystems/flakehub-cache-action@main - uses: DeterminateSystems/flake-checker-action@main - run: nix flake checkIn Amazon Web Services:
data "aws_ami" "detsys_nixos" { most_recent = true owners = ["535002876703"]
filter { name = "name" values = ["determinate/nixos/epoch-1/*"] }
filter { name = "architecture" values = ["x86_64"] }}Written by
Graham is a Nix and Rust developer with a passion and focus on reliability in the lower levels of the stack. He is a co-founder of Determinate Systems, alongside Eelco Dolstra, as well as its Chief Technology Officer.
