Moon

Where Nix Builders Come Together

March 5th-6th, 2026 @ Pasadena, CA

Agenda

  • A Secure Nix, State of the Union

    Lets explore how to ensure the secure sustainability of the Nix ecosystem with community leads including the SC and Foundation. We will dive into what it takes to create and maintain a robust, reliable environment for years to come. Covering the community’s milestones in 2025, from infra to governance, and about both the hard-won lessons and the innovations shaping Nix’s future.

  • builtins.wasm: Nix Meets WebAssembly

    Nix users often need to do non-trivial computations at evaluation time like parsing YAML, but the Nix language lacks the performance and conveniences of general purpose languages. In this talk, we propose adding a function `builtins.wasm` that lets users execute WebAssembly code during evaluation. These functions are pure, can be written in many languages, and are fast. We'll also discuss other WASM uses in Nix, like platform-independent derivations.

  • From Unsustainable to Efficient: Runtime Package Layering Breaks the Container Bloat Cycle

    Managed services face unsustainable container bloat: images balloon to multi-GB artifacts with growth. Traditional "shift-left" approaches force an impossible tradeoff: bloated monolithic images or fragmented specialized images. Runtime package layering resolves this: containers provide isolation and security while remaining small; Flox environments deliver tool freshness without compromising security. This separation achieves stability through pinned packages and freshness through Nix/Flox.

  • htnl - rebuild the web

    Nix wants to take over your stack. Give in to it. Do your websites in Nix-lang and benefit from zero-cost cache busting.

    https://htnl.molybdenum.software/

  • Let's fix the OCI image format

    The OCI image format's layer dependency chain creates fundamental performance problems. Each layer must reference all layers below it, preventing true content deduplication and imposing arbitrary layer limits. Tools like nix2container could achieve far better deduplication if layers were content-addressed independently. This talk proposes treating layers as standalone content-addressable blobs and invites discussion on how we might move this idea toward standardization.

  • Mastering NixOS Integration Tests: VMs and Containers in end-to-end tests and Advanced Debugging

    Update your testing skills with the latest features of the NixOS Integration Test Driver! In this hands-on session, we will move beyond standard VMs to explore the new Container backend for high-speed, low-overhead testing. Learn to debug flaky tests by freezing the sandbox, utilize VSOCK for interactive shells, and set up GPU-enabled tests. Whether you are a maintainer or a DevOps engineer, you will leave with the code to build robust, cost-effective CI pipelines.

  • Nix Builds 🤝 K8s Dev Environments: A Love Hate Relationship in 5 Acts

    At Anthropic, developers expect Nix builds to Just Work on their K8s dev environments. But Nix's builds demand sandboxing support.
    This is the war story of "just" enabling sandboxing: upgrading K8s, deploying user namespaces, monkey-patching container runtimes, and rearchitecting our Docker stack.
    Audience: anyone interested in a good war story, with advanced details for systems specialists interested in any of Nix, K8s, Linux internals, and running stateful dev workloads on container infra.

  • Nix store path provenance

    Nix has always been bad at answering the question "what Nix expression/flake was this store path built from?", making it hard to identify, for instance, whether a Nix closure had build-time dependencies on packages with known vulnerabilities. We've implemented provenance tracking in Nix, providing a link back to the exact version of the flake a store path was built from.

  • NixBSD: A new frontier for NixOS

    NixOS has always locked you into Linux, but what if you could run NixOS on a FreeBSD file server, an OpenBSD firewall, or even an ancient NetBSD VAX? For the past several years we've been working on NixBSD, which gives you all the declarative and reusable configuration features of NixOS on another operating system.

  • NixOS on the NVIDIA DGX Spark

    The DGX Spark is a desktop AI workstation. NixOS provides a great user experience for installing, configuring and running AI workflows on it easily.

  • NixOS’ No-Turning-Back Journey on RISC-V: Vision, Porting Progress, and the Road Ahead

    This joint talk by DeepComputing and the NixOS community shares the journey of bringing NixOS to RISC-V as the architecture becomes first-class for Linux. We cover the vision for a fully open, reproducible ecosystem, the current RISC-V status in Nixpkgs/NixOS—from bootstrap work to the first successful port on DeepComputing hardware—and the roadmap ahead, including device support, upstream needs, testing, and community collaboration.

  • Steering the Future of NixOS: Governance, Growth, and Community

    As NixOS evolves from a passionate community project into a globally adopted platform, strong governance and clear vision are essential. Join leaders from the NixOS Foundation and the Steering Committee for an insider’s look at how we’re:

    Structuring for Sustainability
    Scaling Collaboration
    Thinking through the future of security

    Whether you’re an open-source maintainer, a developer evaluating NixOS for your organization, or simply curious, join us for a dive into Nix.

  • Tectonix: The bedrock of Shopify's Monorepo

    Get a tour of the build system we're building for Shopify's "World" Monorepo. Tectonix is Nix plumbing that assembles git sparse-checkouts, the NixOS module system, and a whole pile of supplemental tools into a working Nix-based monorepo.

  • The Missing Part of Nix (and where to find it)

    Nix gives you all the primitives you need to have robust and scalable builds, except the actual build distribution piece. In this talk we will cover what Nix does right for distributed builds, what options you have to implement build distribution, and how the project could fill this gap.

  • To Nixify or Dockerize?

    I like running headless server apps. But how am I suppose to pick between native Nixifying everything or using Docker for them?
    There are always trade-offs - some obvious, some not so obvious. Let's discuss some pragmatic solutions to figuring out which bits of your config belong where.

  • Under the Hood of the NixOS Test Driver: Architecture, Containers, and Hardware Passthrough

    The NixOS Integration Test Driver is evolving. This talk dives into recent architectural changes that separate the test frontend from the virtualization backend. We will demonstrate how this enables running tests in lightweight containers, unlocking GPU/CUDA testing inside the sandbox, and drastically reducing CI overhead. Learn how the new architecture works, how to utilize the VSOCK-based interactive mode, and what the future holds for NixOS testing.

  • When is the fix available? A 5-Minute Guide to Tracking Nixpkgs PRs!

    You saw that a PR with a fix being made available to Nixpkgs. It’s approved! It’s merged! But when you run nix flake update, your changes are nowhere to be found. Where did they go?

    Using the real-world example of PR #451386 (Ruby patches for GCC 15), I’ll show you how to navigate the "Staging" labyrinth. We’ll decode the CONTRIBUTING.md guidelines, learn why some PRs take the "slow lane," and master the PR Tracker to see exactly when your code hits the notable branches.

Session and Speaker Management powered by Sessionize.com