Calls: Send in your ideas. Deadline August 1st, 2023.
Source code :


Declarative internet services based on NixOS

This project aims to make NixOS the first computer operating system to package <a href="">TLS Pool</a> as a service component, and will allow to combine the power of declarative packaging with the unique security characteristics of TLS Pool to create a solid and versatile delivery channel for decentralised internet applications.

Why does this actually matter to end users?

Creating secure webservices is non-trivial. Every application has its own security configuration mechanism, which means there is lots of room to make mistakes, neglect flaws and end up with vulnerable systems. TLS Pool is a ground-breaking mechanism from the <a href="">ARPA2</a> project to isolate security processes and key material from actual applications themselves, and allows to manage transport layer security at a system level.

<a href="">NixOS</a> is a Linux distribution with a unique approach to package and configuration management. Built on top of the <a href="">Nix</a> package manager, it is completely declarative, makes upgrading systems reliable, and has many other advantages. It is used increasingly in complex environments where reproducible behaviour and configurability matter, from desktop systems to some of the top 500 supercomputers.

The results of this project should greatly simplify the creation and delivery of robust and secure services, on the web and beyond. We will validate and demonstrate the new capabilities resulting from the project by providing a number of examples of different types of web services, such as classic LAMP applications, NodeJS and Java application containers.

Run by Nixcloud

Logo NLnet: abstract logo of four people seen from above Logo Netherlands Ministry of Economic Affairs and Climate Policy

This project was funded through the Internet Hardening Fund, a fund established by NLnet with financial support from the Netherlands Ministry of Economic Affairs and Climate Policy.

Navigate projects

Please check out NLnet's theme funds, such as NGI Assure and NGI Zero Entrust.

Want to help but no money to spend? Help us by protecting open source and its users.