Friday - August 8th, 2025
Nix Vegas Space
Nix Vegas Opening Ceremony
Kickoff and opening of the Nix Vegas space.
Learn Nix the Fun Way
Learning Nix can be off-putting, as many introductions dive into complex terminology and academic concepts, missing the chance to simplify Nix's advantages. Having given talks both internally and externally, I've shifted to showcasing fun, practical examples first, leaving the nuances for later. Join me to see some straightforward examples of what Nix can offer and why it might be worth adopting.
0 to Infra in 100 Days: A Nix Speedrun
What if learning Nix was like a speed-run? A few months ago, I'd never touched Nix. Then my friend's brother told me about PlanetNix at Scale22x. I flew from Florida to California with Nix on an old laptop and only four days of flailing experience. I felt grossly under prepared, but after the talks and meeting brilliant people, I was hooked. Today, I'm building Nix infrastructure full-time and manage every device I own declaratively with tools like Clan. This talk maps my route from 'what the hell is a derivation?' to contributing to Nix projects in 100 days. I'll share the exact learning path, struggles, and wins. As someone close enough to remember the pain but far enough to have some solutions, I'll crash-course some tough Nix concepts with live demos showing my real usage. For beginners and the Nix-curious, this can be a great launch point for YOUR speed-run. Nix's learning curve is infamous, but with the right fundamentals and some problem framing, it doesn't have to be.
Maybe A Few Hydra Failures
In this audience participation-heavy session, you can get your PRs to nixpkgs reviewed and maybe even merged... if the build on one of our Threadripper Pro or Ampere systems passes. Come with PRs in hand and call them out, and we'll review, build, and maybe even merge them on stage. Rejected name: Whose PR Is It Anyway
Mesh Network Sidecars for NixOS Services
Inspired by the popular container sidecar pattern, this talk demonstrates a generic, open source NixOS module that brings the same security and isolation to bare metal services. We’ll explore how to declaratively wrap any systemd service, placing it in an isolated network namespace with its own mesh network client (e.g., Tailscale or Netbird). This approach makes services securely accessible on your mesh, fully firewalled from the host—no application changes required. Good fit for folks exploring declarative infrastructure and looking for practical ways to apply modern security patterns to their own servers.
Source to Scale: Using Nix to Deploy Secure, Self-Hosted Data Lakehouses
Data is the foundation of AI. Data lakehouses are how that foundation is managed at scale. Deploying and maintaining lakehouse components like object storage, table formats, catalogs, and query engines remains complex, opaque, and often tied to cloud assumptions. This session explores how Nix and NixOS can be used to declaratively define and deploy a full, self-hosted lakehouse architecture. The stack includes MinIO AIStor for high-performance object storage, Apache Iceberg for open table formats, Nessie or Polaris for metadata, and query engines like Dremio or DuckDB. Topics include early design experiments, the benefits of reproducibility and portability, and current challenges around packaging, network policy, and secure deployment. The goal is to present an aspirational blueprint for building cloud-native data infrastructure that runs anywhere from source.
Reproduce This Build: How we built the Nix Badge
In our quest to spread Nix to the world, we created a fully Nix-based open source hardware pipeline. From reproducible KiCad PCB design to C and Zig code that serves a mesh networked Nix binary cache on your badge, you can now spin Gerber files to the fab or firmware with a single command. Follow along as we go over how we built the Nix Badge, what it can do, and, of course, how you can hack it.
Lightning Talks and Unconference
Give a talk about whatever you want, as long as it's less than 10 minutes! Or just come and chill in the Nix Vegas space for the Unconference.
Community Stage
Rebuild The World: Access to secure software dependency management everywhere with Nix
In a world full of unwanted app updates and SaaS providers who want your personal information, being able to self host the 120,000 Linux packages in Nixpkgs has the potential to change the game for anyone who's tired of the slow decline of cloud services. If you're curious about what NixOS can do for your homelab, or even if you're just worried about SBOMs or traceability of exactly where your software and all its dependencies came from, join us for an hour-long panel on the DEF CON Community Stage about how we can reclaim our services and software from vendor lockin and Docker image bitrot using Nix and NixOS. We'll be doing a deep dive into why Nix changes software deployment, and how you can get started and get involved in the quiet revolution that has been reshaping how we use software.
Saturday - August 9th, 2025
Nix Vegas Space
Autoformatting with Nix in Neovim
I love code autoformatters, but I jump between a lot of projects, and figuring out the rules for each project is tedious. Nix and Treefmt make this a whole lot better, but don't provide editor integrations. I'll talk about how I built a format-on-save Neovim plugin that Does the Right Thing. If you aren't a Neovim user, I hope to inspire you to build a similar integration for your preferred editor.
Cypherpunk Java with Nix
Cypherpunks write code that is open source, privacy-oriented, decentralized, trust-minimized, verifiable/auditable, interoperable, and bundled in Linux distributions. Cypherpunks don't use Java. But in 2025 using Java 25 and Nix -- they can and should! We will review how functional-style programming, minimalism, pattern-matching, native compilation and integration with C/C++/Rust through a new FFM mechanism are game-changers for Java developers and worthy of a second look by those who dismissed Java years ago. In this session we will see how Nix can reliably build native and JIT-compiled tools and applications, how dependencies can be minimized and bootstrappability achieved. We will compare Maven's bytecode packaging to the Nix model and how the two can be integrated while also brining in native libraries. Real-world examples will be provided. We will look at the gaps that remain and how to close them so we can live the Java-cypherpunk dream and contribute to the "Great Tree".
Maybe A Few Hydra Failures
In this audience participation-heavy session, you can get your PRs to nixpkgs reviewed and maybe even merged... if the build on one of our Threadripper Pro or Ampere systems passes. Come with PRs in hand and call them out, and we'll review, build, and maybe even merge them on stage. Rejected name: Whose PR Is It Anyway
From Solo Nix to Team Infrastructure: Deploying NixOS with Clan
Most people discover NixOS as a solo pursuit: taming their laptop, configuring dotfiles, or spinning up a homelab. But what happens when you want to bring others along? How do you scale your reproducible setup across a team, startup, or organization? In this talk, I’ll share my path from managing a personal NixOS homelab to architecting infrastructure and developer environments for a growing startup. After many false starts and tangled configurations, I found Clan—a powerful framework that transformed how I manage machines, roles, and secrets. With Clan, I've replaced fragmented manual processes with a single source of truth for all my deployments, cutting through the clutter and reclaiming hours of maintenance time. We’ll look at how Clan makes it easy to keep your infrastructure organized, share reusable configuration modules, handle secrets securely with Clan Vars, and scale NixOS across teams without having to start from scratch each time.
Doing toolchains declaratively
Systems engineers may need different toolchains, whether its a specific configuration for a unique target or something so they can cross compile. On many distros, this requires either manually building the toolchain or finding the right packages. With Nix, we can do it declaratively. I will be going into the new toolchain attributes mechanism in nixpkgs and how my work on the Standard Environment team opens the door to many new things for embedded and systems engineering with nix.
T-Minus 24 Hours: From Source to Spaceflight in a Single Day
When the mission is launch-critical, time becomes a tactical asset. In this session, you'll learn how Defense Unicorns' Unicorn Delivery Service and NixOS work in unison to deliver secure, fully declarative software—on-prem or in disconnected, degraded, intermittent, and limited environments—in less than 24 hours. What began with a record-breaking delivery for the U.S. Space Force at Cape Canaveral evolved into a new paradigm of software delivery that spread department-wide like wildfire. Operational timelines of critical-software used by warfighters is no longer measured in weeks or even days: it's hours, and soon to be minutes. Join us to see how "T-Minus 24 Hours" isn't aspirational—it's operational. Learn how this approach is transforming the way we deliver trusted, resilient software to the warfighter at mission speed.
Getting to Top 250 on HtB with Nix and LLMs
In this talk, the speaker walks through how they used Nix to declare several AI models with full access to their computer in order to climb the Hack The Box (HtB) leaderboard—after being previously hardstuck at the "Hacker" rank while juggling the responsibilities of being a busy dad. They demonstrate a semi-autonomous workflow where they are (not) automating themselves out of a job. The talk explores the challenge of tackling numerous CTF problems with limited time and shows how the combination of Nix and AI offers a powerful workflow for solving CTFs that often require multiple, isolated testing environments. Finally, this custom Nix-based setup is compared to more traditional security-focused distros like Kali and AthenaOS. The talk ends by exploring how this approach transfers to real-world offensive security scenarios—pen testing, red teaming, and bug bounty hunting—and how much of it can be practically applied.
Lightning Talks and Unconference
Give a talk about whatever you want, as long as it's less than 10 minutes! Or just come and chill in the Nix Vegas space for the Unconference.
Sunday - August 10th, 2025
Nix Vegas Space
Nix Vegas Unconference
Pick a topic, talk about whatever you want, or just come and chill in the Nix Vegas space for the Unconference.