diff --git a/builders/cuda-selector/builder.toml b/builders/cuda-selector/builder.toml
index 0b303be..f00bb24 100644
--- a/builders/cuda-selector/builder.toml
+++ b/builders/cuda-selector/builder.toml
@@ -70,9 +70,17 @@ value = "vscodium"
   uri = "../../buildpacks/homebrew"
   version = "0.3.1"
 
+[[buildpacks]]
+  uri = "../../buildpacks/nix-packages"
+  version = "0.3.1"
+
 [[extensions]]
   uri="../../extensions/r-deps"
-  version= "0.2.3"
+  version= "0.3.1"
+
+[[extensions]]
+  uri="../../extensions/nix"
+  version= "0.3.1"
 
 [lifecycle]
   version = "0.20.19"
@@ -113,6 +121,10 @@ value = "vscodium"
     id = "renku/init-scripts"
     version = "0.3.1"
     optional = true
+  [[order.group]]
+    id = "renku/nix-packages"
+    version = "0.3.1"
+    optional = true
 
 [[order]]
   [[order.group]]
@@ -143,6 +155,10 @@ value = "vscodium"
     id = "renku/init-scripts"
     version = "0.3.1"
     optional = true
+  [[order.group]]
+    id = "renku/nix-packages"
+    version = "0.3.1"
+    optional = true
 
 [[order]]
 
@@ -174,6 +190,10 @@ value = "vscodium"
     id = "renku/init-scripts"
     version = "0.3.1"
     optional = true
+  [[order.group]]
+    id = "renku/nix-packages"
+    version = "0.3.1"
+    optional = true
 
 [[order]]
 
@@ -204,11 +224,21 @@ value = "vscodium"
     id = "renku/init-scripts"
     version = "0.3.1"
     optional = true
+  [[order.group]]
+    id = "renku/nix-packages"
+    version = "0.3.1"
+    optional = true
 
 [[order-extensions]]
 [[order-extensions.group]]
   id = "renku/r-deps"
-  version = "0.2.3"
+  version = "0.3.1"
+  optional = true
+
+[[order-extensions]]
+[[order-extensions.group]]
+  id = "renku/nix"
+  version = "0.3.1"
   optional = true
 
 [build]
diff --git a/builders/selector/builder.toml b/builders/selector/builder.toml
index c8eb24d..3cf04c8 100644
--- a/builders/selector/builder.toml
+++ b/builders/selector/builder.toml
@@ -66,13 +66,21 @@ value = "vscodium"
   uri = "docker://docker.io/heroku/buildpack-deb-packages:0.2.0"
   version = "0.2.0"
 
+[[buildpacks]]
+  uri = "../../buildpacks/nix-packages"
+  version = "0.3.1"
+
 [[buildpacks]]
   uri = "../../buildpacks/homebrew"
   version = "0.3.1"
 
 [[extensions]]
   uri="../../extensions/r-deps"
-  version= "0.2.3"
+  version= "0.3.1"
+
+[[extensions]]
+  uri="../../extensions/nix"
+  version= "0.3.1"
 
 [lifecycle]
   version = "0.20.19"
@@ -113,6 +121,10 @@ value = "vscodium"
     id = "renku/init-scripts"
     version = "0.3.1"
     optional = true
+  [[order.group]]
+    id = "renku/nix-packages"
+    version = "0.3.1"
+    optional = true
 
 [[order]]
   [[order.group]]
@@ -143,6 +155,10 @@ value = "vscodium"
     id = "renku/init-scripts"
     version = "0.3.1"
     optional = true
+  [[order.group]]
+    id = "renku/nix-packages"
+    version = "0.3.1"
+    optional = true
 
 [[order]]
 
@@ -174,6 +190,10 @@ value = "vscodium"
     id = "renku/init-scripts"
     version = "0.3.1"
     optional = true
+  [[order.group]]
+    id = "renku/nix-packages"
+    version = "0.3.1"
+    optional = true
 
 [[order]]
 
@@ -204,11 +224,21 @@ value = "vscodium"
     id = "renku/init-scripts"
     version = "0.3.1"
     optional = true
+  [[order.group]]
+    id = "renku/nix-packages"
+    version = "0.3.1"
+    optional = true
+
+[[order-extensions]]
+[[order-extensions.group]]
+  id = "renku/nix"
+  version = "0.3.1"
+  optional = true
 
 [[order-extensions]]
 [[order-extensions.group]]
   id = "renku/r-deps"
-  version = "0.2.3"
+  version = "0.3.1"
   optional = true
 
 [build]
diff --git a/buildpacks/nix-packages/bin/build b/buildpacks/nix-packages/bin/build
new file mode 100755
index 0000000..a9821b1
--- /dev/null
+++ b/buildpacks/nix-packages/bin/build
@@ -0,0 +1,28 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+layers_dir="$1"
+
+nix_layer="$layers_dir/nix-packages"
+mkdir -p "$nix_layer/nix/store"
+
+store_path=$(nix build --no-sandbox --no-link --print-out-paths .#)
+
+echo "---> Store path: $store_path"
+
+# Copy the entire closure into the layer with real files (no symlinks)
+while IFS= read -r path; do
+  echo "---> Copying $path"
+  cp -rL "$path" "$nix_layer/nix/store/"
+done < <(nix path-info --no-sandbox --recursive .#)
+
+cat >"$nix_layer.toml" <<TOML
+[types]
+  launch = true
+  build = false
+  cache = true
+TOML
+
+mkdir -p "$nix_layer/env.launch"
+printf '%s' "${store_path}/bin" >"$nix_layer/env.launch/PATH.prepend"
+printf '%s' ":" >"$nix_layer/env.launch/PATH.delim"
diff --git a/buildpacks/nix-packages/bin/detect b/buildpacks/nix-packages/bin/detect
new file mode 100755
index 0000000..1775547
--- /dev/null
+++ b/buildpacks/nix-packages/bin/detect
@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+
+if [[ ! -f flake.nix ]]; then
+  echo "Could nout find flake.nix, skipping the nix packages buildpack."
+  exit 1
+fi
+echo "Found flake.nix, will apply the buildpack."
+
+cat >>"$CNB_BUILD_PLAN_PATH" <<'EOF'
+[[requires]]
+  name = "nix"
+
+[[requires]]
+  name = "nix-packages"
+
+[[provides]]
+  name = "nix-packages"
+EOF
+
+exit 0
diff --git a/buildpacks/nix-packages/buildpack.toml b/buildpacks/nix-packages/buildpack.toml
new file mode 100644
index 0000000..820ed82
--- /dev/null
+++ b/buildpacks/nix-packages/buildpack.toml
@@ -0,0 +1,13 @@
+api = "0.11"
+[buildpack]
+id = "renku/nix-packages"
+version = "0.3.1"
+name = "Nix Packages Buildpack"
+
+[[targets]]
+os = "linux"
+arch = "amd64"
+
+[[targets]]
+os = "linux"
+arch = "arm64"
diff --git a/buildpacks/nix-packages/package.toml b/buildpacks/nix-packages/package.toml
new file mode 100644
index 0000000..54b0d2e
--- /dev/null
+++ b/buildpacks/nix-packages/package.toml
@@ -0,0 +1,2 @@
+[buildpack]
+uri = "."
diff --git a/extensions/nix/bin/detect b/extensions/nix/bin/detect
new file mode 100755
index 0000000..245912a
--- /dev/null
+++ b/extensions/nix/bin/detect
@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+plan_path=$CNB_BUILD_PLAN_PATH
+echo "Nix install image extension"
+
+cat >>"${plan_path}" <<EOL
+[[provides]]
+name = "nix"
+EOL
diff --git a/extensions/nix/bin/generate b/extensions/nix/bin/generate
new file mode 100755
index 0000000..e7ef304
--- /dev/null
+++ b/extensions/nix/bin/generate
@@ -0,0 +1,42 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+output_dir="$1"
+
+mkdir -p "$output_dir"
+
+cat >"$output_dir/build.Dockerfile" <<'EOF'
+ARG base_image
+FROM ${base_image}
+ARG user_id
+
+USER root
+RUN mkdir -p /nix && chmod 755 /nix
+RUN curl -fsSL https://install.determinate.systems/nix | \
+    sh -s -- install linux \
+      --no-confirm \
+      --init none \
+      --extra-conf "sandbox = false" \
+      ${NIX_VERSION:+--nix-package-url "https://releases.nixos.org/nix/nix-${NIX_VERSION}/nix-${NIX_VERSION}-$(uname -m)-linux.tar.xz"}
+# ENV PATH="/nix/var/nix/profiles/default/bin:\${PATH}"
+ENV PATH="${PATH}:/nix/var/nix/profiles/default/bin"
+
+# Enable flakes
+RUN /bin/mkdir -p /etc/nix && echo 'experimental-features = nix-command flakes' >> /etc/nix/nix.conf
+RUN chown -R ${CNB_USER_ID}:${CNB_GROUP_ID} /nix
+
+USER ${user_id}
+EOF
+
+BUILDPACK_ID="renku_nix-packages"
+LAYER_NAME="nix-packages"
+LAYER_PATH="/layers/${BUILDPACK_ID}/${LAYER_NAME}/nix/store"
+
+cat >"$output_dir/run.Dockerfile" <<EOF
+ARG base_image
+FROM \${base_image}
+
+USER root
+RUN mkdir -p /nix && ln -sf ${LAYER_PATH} /nix/store
+USER \${CNB_USER_ID}
+EOF
diff --git a/extensions/nix/extension.toml b/extensions/nix/extension.toml
new file mode 100644
index 0000000..1ecd56e
--- /dev/null
+++ b/extensions/nix/extension.toml
@@ -0,0 +1,7 @@
+api = "0.11"
+
+[extension]
+id = "renku/nix"
+name = "Nix Installer"
+version = "0.3.1"
+description = "Installs Nix into the build image via image extension"
diff --git a/extensions/r-deps/extension.toml b/extensions/r-deps/extension.toml
index 032bb85..991d9f8 100644
--- a/extensions/r-deps/extension.toml
+++ b/extensions/r-deps/extension.toml
@@ -2,5 +2,5 @@ api = "0.11"
 
 [extension]
 id = "renku/r-deps"
-version = "0.2.3"
+version = "0.3.1"
 name = "R dependencies"
diff --git a/samples/nix/flake.lock b/samples/nix/flake.lock
new file mode 100644
index 0000000..1cea3d7
--- /dev/null
+++ b/samples/nix/flake.lock
@@ -0,0 +1,61 @@
+{
+  "nodes": {
+    "flake-utils": {
+      "inputs": {
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1731533236,
+        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1775549110,
+        "narHash": "sha256-gCXSLBI1drlFwYlNqqPS9cFXvraaEGyLS8Sq45p7b/Q=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "a3db02183b5da6fbf728203492a5d1b9d109b7f9",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixpkgs-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "flake-utils": "flake-utils",
+        "nixpkgs": "nixpkgs"
+      }
+    },
+    "systems": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
diff --git a/samples/nix/flake.nix b/samples/nix/flake.nix
new file mode 100644
index 0000000..e4ec20a
--- /dev/null
+++ b/samples/nix/flake.nix
@@ -0,0 +1,24 @@
+{
+  description = "A simple flake for testing the CNB nix buildpack";
+
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
+    flake-utils.url = "github:numtide/flake-utils";
+  };
+
+  outputs = { self, nixpkgs, flake-utils }:
+    flake-utils.lib.eachDefaultSystem (system:
+      let
+        pkgs = import nixpkgs { inherit system; };
+      in
+      {
+        packages.default = pkgs.buildEnv {
+          name = "cns-nix-env";
+          paths = [
+            pkgs.cowsay
+            pkgs.fortune
+          ];
+        };
+      }
+    );
+}
diff --git a/samples/nix/requirements.txt b/samples/nix/requirements.txt
new file mode 100644
index 0000000..7e10602
--- /dev/null
+++ b/samples/nix/requirements.txt
@@ -0,0 +1 @@
+flask
diff --git a/tests/e2e/buildpacks_test.go b/tests/e2e/buildpacks_test.go
index add528f..b54d018 100644
--- a/tests/e2e/buildpacks_test.go
+++ b/tests/e2e/buildpacks_test.go
@@ -315,4 +315,51 @@ var _ = Describe("Testing samples", Label("samples"), Ordered, func() {
 		},
 		Entry("using homebrew sample", "../../samples/homebrew"),
 	)
+
+	DescribeTableSubtree(
+		"nix",
+		func(source string) {
+			var image string
+			var container string
+			var port int
+			BeforeAll(func(ctx SpecContext) {
+				image = strings.ToLower(fmt.Sprintf("test-image-%s", getULID()))
+				Expect(buildImage(ctx, builderImg, source, image, map[string]string{})).To(Succeed())
+				port = getFreePortOrDie()
+				envVars := []string{fmt.Sprintf("RENKU_SESSION_PORT=%d", port)}
+				ports := map[int]int{port: port}
+				container, err = runImage(ctx, client, image, envVars, ports)
+				Expect(err).ToNot(HaveOccurred())
+			})
+
+			AfterAll(func(ctx SpecContext) {
+				if container != "" && client != nil {
+					log.Println("Cleaning up container")
+					err = removeContainer(ctx, client, container)
+					if err != nil {
+						log.Println(err)
+					}
+				}
+				if image != "" && client != nil {
+					log.Println("Cleaning up image")
+					err = removeImage(ctx, client, image)
+					if err != nil {
+						log.Println(err)
+					}
+				}
+			})
+
+			Context("when the container is running", func() {
+				It("cowsay should exist in the container", func(ctx SpecContext) {
+					_, err := execInContainer(ctx, client, container, []string{"launcher", "cowsay", "moo"})
+					Expect(err).ToNot(HaveOccurred())
+				})
+				It("nix should not exist in the container", func(ctx SpecContext) {
+					_, err := execInContainer(ctx, client, container, []string{"launcher", "nix"})
+					Expect(err).To(HaveOccurred())
+				})
+			})
+		},
+		Entry("using nix sample", "../../samples/nix"),
+	)
 })