Today, I’m excited to announce Determinate Nix, Determinate Systems’ distribution of Nix built for teams and optimized for the enterprise.
Nix is extremely versatile and powerful, but as is often the case with free software projects, it is also unopinionated and “low policy.” As a result, getting Nix to work well in a development team requires a frustrating amount of configuration. For instance:
-
Setting up access to a private binary cache requires figuring out access control, distributing credentials, and configuring files like
nix.conf. -
While Determinate Nix Installer has greatly improved the installation experience on macOS, enterprise users still lack features like Mobile Device Management (MDM) support, proper Amazon EC2 integration and Keychain support.
-
Nix doesn’t enable garbage collection by default, so users’ disks have a tendency to fill up.
With Determinate Nix, our goal is to transform Nix from what it is today—a tool with great potential but with too many hard edges to be ready for prime time—into a part of your stack that does the Right Thing out of the box for teams big and small.
To begin making that a reality, the initial launch includes:
-
Simple binary cache configuration: to get access to your organization’s FlakeHub binary cache, you just need to run
determinate-nixd login(more on Determinate Nixd below). -
A much-improved experience on macOS. For instance, Determinate Nix automatically uses certificates from the macOS Keychain, and it supports fully automated installation on AWS EC2 instances.
-
Automatic garbage collection quietly guards your system against Nix store bloat.
-
Amazon Web Services integration: Determinate Nix can automatically log in to FlakeHub using AWS IAM roles.
Determinate Nix is not a fork of Nix—it is a downstream Nix distribution. Its features are implemented through a separate daemon called Determinate Nixd. It’s written in Rust (for the sake of memory safety) and it supervises the regular Nix daemon while also providing some other utilities.
Our Nix distribution is carefully vetted to ensure compatibility and stability, guided by the telemetry collected by our Determinate Nix Installer GitHub Action.
The big picture
Determinate Nix is part of a broader product experience that we call Determinate, which you’ll be hearing much more about in the coming days. Our goal for Determinate is to enable fearless innovation by bringing Nix to teams, providing a complete Nix-based workflow from installation through collaboration and CI to deployment.
The other central component of Determinate is FlakeHub, a service that provides a place for teams to privately publish flakes. It provides a binary cache called FlakeHub Cache that supports fine-grained access control policies as well as support for private flakes. But to use FlakeHub and FlakeHub Cache on developer workstations and in CI requires a fair amount of error-prone configuration when you’re using regular Nix. So one of the main reasons why we created Determinate Nix is to make Nix “just work” with the Determinate platform. We’ll talk more about private flakes, binary cache, and the Determinate big picture in upcoming blog posts!
Future plans
We will continue to add new features to Determinate Nix to make the Nix user experience ever smoother for teams. These include better authentication support for flakes and binary caches, flake schemas, parallel evaluation, and much more.
Getting Determinate Nix
If you’re using the Determinate Nix Installer, then getting Determinate Nix is as easy as adding the --determinate flag to the installation command:
curl --proto '=https' --tlsv1.2 -sSf -L \ https://install.determinate.systems/nix | \ sh -s -- install --determinateFor NixOS users, we provide a flake that makes switching to Determinate Nix very easy.
For more information on installation and use, see the Determinate documentation.
We’re very interested in your feedback and would love to hear from you on our Discord at https://determinate.systems/discord.
