Send in your ideas. Deadline June 1, 2024
Source code :
Theme fund: Internet Hardening Fund
Start: 2017-02
End: 2019-05


Declarative internet services based on NixOS

This project aims to make NixOS the first computer operating system to package TLS Pool as a service component, and will allow to combine the power of declarative packaging with the unique security characteristics of TLS Pool to create a solid and versatile delivery channel for decentralised internet applications.

Why does this actually matter to end users?

Creating secure webservices is non-trivial. Every application has its own security configuration mechanism, which means there is lots of room to make mistakes, neglect flaws and end up with vulnerable systems. TLS Pool is a ground-breaking mechanism from the ARPA2 project to isolate security processes and key material from actual applications themselves, and allows to manage transport layer security at a system level.

NixOS is a Linux distribution with a unique approach to package and configuration management. Built on top of the Nix package manager, it is completely declarative, makes upgrading systems reliable, and has many other advantages. It is used increasingly in complex environments where reproducible behaviour and configurability matter, from desktop systems to some of the top 500 supercomputers.

The results of this project should greatly simplify the creation and delivery of robust and secure services, on the web and beyond. We will validate and demonstrate the new capabilities resulting from the project by providing a number of examples of different types of web services, such as classic LAMP applications, NodeJS and Java application containers.

Run by Nixcloud

Logo NLnet: abstract logo of four people seen from above Logo Netherlands Ministry of Economic Affairs and Climate Policy

This project was funded through the Internet Hardening Fund, a fund established by NLnet with financial support from the Netherlands Ministry of Economic Affairs and Climate Policy.