ContainerDays London 2026
12 February 2026
London, United Kingdom
Beyond Docker Builds: Declarative, Reproducible and Secure OCI Containers with Nix
The Open Container Initiative (OCI) standardized the foundation of cloud-native infrastructure. However, most build systems lack determinism due to network access during builds, leading to non-reproducible artifacts and complicating software supply chain security (SSCS). While OCI supports layering for storage and cache efficiency, reflecting shared dependencies across artifacts remains complex.
Nix, as a package manager, enables declarative and reproducible builds in hermetic, network-isolated sandboxes, requiring all dependencies to be specified up front for long-term reproducibility.
Dependencies are treated as first-class citizens, making it easy to generate accurate Software Bill of Materials.
With `dockerTools` in the Nix standard library, these benefits reach the OCI ecosystem.
This talk highlights the advantages of fully declarative, reproducible OCI builds with Nix, offering deep insights and benefits to SSCS.
Let's not just build containers, let's declare them reproducibly!
12 February 2026 London, United Kingdom
Beyond Docker Builds: Declarative, Reproducible and Secure OCI Containers with Nix
The Open Container Initiative (OCI) standardized the foundation of cloud-native infrastructure. However, most build systems lack determinism due to network access during builds, leading to non-reproducible artifacts and complicating software supply chain security (SSCS). While OCI supports layering for storage and cache efficiency, reflecting shared dependencies across artifacts remains complex. Nix, as a package manager, enables declarative and reproducible builds in hermetic, network-isolated sandboxes, requiring all dependencies to be specified up front for long-term reproducibility. Dependencies are treated as first-class citizens, making it easy to generate accurate Software Bill of Materials. With `dockerTools` in the Nix standard library, these benefits reach the OCI ecosystem. This talk highlights the advantages of fully declarative, reproducible OCI builds with Nix, offering deep insights and benefits to SSCS. Let's not just build containers, let's declare them reproducibly!
OpenStack Europe October 2024
17 October 2024
online
NixOS: A Brief Introduction
This talk introduces NixOS and its fundamental concepts, clarifying the distinction between the Nix language (a functional, lazy, dynamically typed DSL for package management), the large and up-to-date Nixpkgs repository, and NixOS, an immutable Linux operating system with declarative configuration, atomic updates, and easy rollback capabilities.
Through practical examples and demonstrations, the unique workflow of NixOS is highlighted—including its management of system generations and reproducible builds via the Nix store and symlinks. The creation of deterministic, minimal container images with Nix is also demonstrated, emphasizing advantages over traditional Docker builds.
Attendees receive a concise overview of how Nix, Nixpkgs, and NixOS streamline package management, system configuration, and containerization.
17 October 2024 online
NixOS: A Brief Introduction
This talk introduces NixOS and its fundamental concepts, clarifying the distinction between the Nix language (a functional, lazy, dynamically typed DSL for package management), the large and up-to-date Nixpkgs repository, and NixOS, an immutable Linux operating system with declarative configuration, atomic updates, and easy rollback capabilities. Through practical examples and demonstrations, the unique workflow of NixOS is highlighted—including its management of system generations and reproducible builds via the Nix store and symlinks. The creation of deterministic, minimal container images with Nix is also demonstrated, emphasizing advantages over traditional Docker builds. Attendees receive a concise overview of how Nix, Nixpkgs, and NixOS streamline package management, system configuration, and containerization.