SwissDataScienceCenter · olevski · Apr 7, 2026 · Apr 7, 2026 · Apr 7, 2026 · Apr 7, 2026
diff --git a/builders/cuda-selector/builder.toml b/builders/cuda-selector/builder.toml
@@ -70,9 +70,17 @@ value = "vscodium"
   uri = "../../buildpacks/homebrew"
   version = "0.3.1"
 
+[[buildpacks]]
+  uri = "../../buildpacks/nix-packages"
+  version = "0.3.1"
+
 [[extensions]]
   uri="../../extensions/r-deps"
-  version= "0.2.3"
+  version= "0.3.1"
+
+[[extensions]]
+  uri="../../extensions/nix"
+  version= "0.3.1"
 
 [lifecycle]
   version = "0.20.19"
@@ -113,6 +121,10 @@ value = "vscodium"
     id = "renku/init-scripts"
     version = "0.3.1"
     optional = true
+  [[order.group]]
+    id = "renku/nix-packages"
+    version = "0.3.1"
+    optional = true
 
 [[order]]
   [[order.group]]
@@ -143,6 +155,10 @@ value = "vscodium"
     id = "renku/init-scripts"
     version = "0.3.1"
     optional = true
+  [[order.group]]
+    id = "renku/nix-packages"
+    version = "0.3.1"
+    optional = true
 
 [[order]]
 
@@ -174,6 +190,10 @@ value = "vscodium"
     id = "renku/init-scripts"
     version = "0.3.1"
     optional = true
+  [[order.group]]
+    id = "renku/nix-packages"
+    version = "0.3.1"
+    optional = true
 
 [[order]]
 
@@ -204,11 +224,21 @@ value = "vscodium"
     id = "renku/init-scripts"
     version = "0.3.1"
     optional = true
+  [[order.group]]
+    id = "renku/nix-packages"
+    version = "0.3.1"
+    optional = true
 
 [[order-extensions]]
 [[order-extensions.group]]
   id = "renku/r-deps"
-  version = "0.2.3"
+  version = "0.3.1"
+  optional = true
+
+[[order-extensions]]
+[[order-extensions.group]]
+  id = "renku/nix"
+  version = "0.3.1"
   optional = true
 
 [build]

diff --git a/builders/selector/builder.toml b/builders/selector/builder.toml
@@ -66,13 +66,21 @@ value = "vscodium"
   uri = "docker://docker.io/heroku/buildpack-deb-packages:0.2.0"
   version = "0.2.0"
 
+[[buildpacks]]
+  uri = "../../buildpacks/nix-packages"
+  version = "0.3.1"
+
 [[buildpacks]]
   uri = "../../buildpacks/homebrew"
   version = "0.3.1"
 
 [[extensions]]
   uri="../../extensions/r-deps"
-  version= "0.2.3"
+  version= "0.3.1"
+
+[[extensions]]
+  uri="../../extensions/nix"
+  version= "0.3.1"
 
 [lifecycle]
   version = "0.20.19"
@@ -113,6 +121,10 @@ value = "vscodium"
     id = "renku/init-scripts"
     version = "0.3.1"
     optional = true
+  [[order.group]]
+    id = "renku/nix-packages"
+    version = "0.3.1"
+    optional = true
 
 [[order]]
   [[order.group]]
@@ -143,6 +155,10 @@ value = "vscodium"
     id = "renku/init-scripts"
     version = "0.3.1"
     optional = true
+  [[order.group]]
+    id = "renku/nix-packages"
+    version = "0.3.1"
+    optional = true
 
 [[order]]
 
@@ -174,6 +190,10 @@ value = "vscodium"
     id = "renku/init-scripts"
     version = "0.3.1"
     optional = true
+  [[order.group]]
+    id = "renku/nix-packages"
+    version = "0.3.1"
+    optional = true
 
 [[order]]
 
@@ -204,11 +224,21 @@ value = "vscodium"
     id = "renku/init-scripts"
     version = "0.3.1"
     optional = true
+  [[order.group]]
+    id = "renku/nix-packages"
+    version = "0.3.1"
+    optional = true
+
+[[order-extensions]]
+[[order-extensions.group]]
+  id = "renku/nix"
+  version = "0.3.1"
+  optional = true
 
 [[order-extensions]]
 [[order-extensions.group]]
   id = "renku/r-deps"
-  version = "0.2.3"
+  version = "0.3.1"
   optional = true
 
 [build]

diff --git a/buildpacks/nix-packages/bin/build b/buildpacks/nix-packages/bin/build
@@ -0,0 +1,28 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+layers_dir="$1"
+
+nix_layer="$layers_dir/nix-packages"
+mkdir -p "$nix_layer/nix/store"
+
+store_path=$(nix build --no-sandbox --no-link --print-out-paths .#)
+
+echo "---> Store path: $store_path"
+
+# Copy the entire closure into the layer with real files (no symlinks)
+while IFS= read -r path; do
+  echo "---> Copying $path"
+  cp -rL "$path" "$nix_layer/nix/store/"
+done < <(nix path-info --no-sandbox --recursive .#)
+
+cat >"$nix_layer.toml" <<TOML
+[types]
+  launch = true
+  build = false
+  cache = true
+TOML
+
+mkdir -p "$nix_layer/env.launch"
+printf '%s' "${store_path}/bin" >"$nix_layer/env.launch/PATH.prepend"
+printf '%s' ":" >"$nix_layer/env.launch/PATH.delim"
diff --git a/buildpacks/nix-packages/bin/detect b/buildpacks/nix-packages/bin/detect
@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+
+if [[ ! -f flake.nix ]]; then
+  echo "Could nout find flake.nix, skipping the nix packages buildpack."
+  exit 1
+fi
+echo "Found flake.nix, will apply the buildpack."
+
+cat >>"$CNB_BUILD_PLAN_PATH" <<'EOF'
+[[requires]]
+  name = "nix"
+
+[[requires]]
+  name = "nix-packages"
+
+[[provides]]
+  name = "nix-packages"
+EOF
+
+exit 0
diff --git a/buildpacks/nix-packages/buildpack.toml b/buildpacks/nix-packages/buildpack.toml
@@ -0,0 +1,13 @@
+api = "0.11"
+[buildpack]
+id = "renku/nix-packages"
+version = "0.3.1"
+name = "Nix Packages Buildpack"
+
+[[targets]]
+os = "linux"
+arch = "amd64"
+
+[[targets]]
+os = "linux"
+arch = "arm64"
diff --git a/buildpacks/nix-packages/package.toml b/buildpacks/nix-packages/package.toml
@@ -0,0 +1,2 @@
+[buildpack]
+uri = "."
diff --git a/extensions/nix/bin/detect b/extensions/nix/bin/detect
@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+plan_path=$CNB_BUILD_PLAN_PATH
+echo "Nix install image extension"
+
+cat >>"${plan_path}" <<EOL
+[[provides]]
+name = "nix"
+EOL
diff --git a/extensions/nix/bin/generate b/extensions/nix/bin/generate
@@ -0,0 +1,42 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+output_dir="$1"
+
+mkdir -p "$output_dir"
+
+cat >"$output_dir/build.Dockerfile" <<'EOF'
+ARG base_image
+FROM ${base_image}
+ARG user_id
+
+USER root
+RUN mkdir -p /nix && chmod 755 /nix
+RUN curl -fsSL https://install.determinate.systems/nix | \
+    sh -s -- install linux \
+      --no-confirm \
+      --init none \
+      --extra-conf "sandbox = false" \
+      ${NIX_VERSION:+--nix-package-url "https://releases.nixos.org/nix/nix-${NIX_VERSION}/nix-${NIX_VERSION}-$(uname -m)-linux.tar.xz"}
+# ENV PATH="/nix/var/nix/profiles/default/bin:\${PATH}"
+ENV PATH="${PATH}:/nix/var/nix/profiles/default/bin"
+
+# Enable flakes
+RUN /bin/mkdir -p /etc/nix && echo 'experimental-features = nix-command flakes' >> /etc/nix/nix.conf
+RUN chown -R ${CNB_USER_ID}:${CNB_GROUP_ID} /nix
+
+USER ${user_id}
+EOF
+
+BUILDPACK_ID="renku_nix-packages"
+LAYER_NAME="nix-packages"
+LAYER_PATH="/layers/${BUILDPACK_ID}/${LAYER_NAME}/nix/store"
+
+cat >"$output_dir/run.Dockerfile" <<EOF
+ARG base_image
+FROM \${base_image}
+
+USER root
+RUN mkdir -p /nix && ln -sf ${LAYER_PATH} /nix/store
+USER \${CNB_USER_ID}
+EOF
diff --git a/extensions/nix/extension.toml b/extensions/nix/extension.toml
@@ -0,0 +1,7 @@
+api = "0.11"
+
+[extension]
+id = "renku/nix"
+name = "Nix Installer"
+version = "0.3.1"
+description = "Installs Nix into the build image via image extension"
diff --git a/extensions/r-deps/extension.toml b/extensions/r-deps/extension.toml
@@ -2,5 +2,5 @@ api = "0.11"
 
 [extension]
 id = "renku/r-deps"
-version = "0.2.3"
+version = "0.3.1"
 name = "R dependencies"
diff --git a/samples/nix/flake.lock b/samples/nix/flake.lock
diff --git a/samples/nix/flake.nix b/samples/nix/flake.nix
@@ -0,0 +1,24 @@
+{
+  description = "A simple flake for testing the CNB nix buildpack";
+
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
+    flake-utils.url = "github:numtide/flake-utils";
+  };
+
+  outputs = { self, nixpkgs, flake-utils }:
+    flake-utils.lib.eachDefaultSystem (system:
+      let
+        pkgs = import nixpkgs { inherit system; };
+      in
+      {
+        packages.default = pkgs.buildEnv {
+          name = "cns-nix-env";
+          paths = [
+            pkgs.cowsay
+            pkgs.fortune
+          ];
+        };
+      }
+    );
+}
diff --git a/samples/nix/requirements.txt b/samples/nix/requirements.txt
@@ -0,0 +1 @@
+flask