Private flakes

On FlakeHub, private flakes are Nix flakes that are accessible only to users who are both authenticated and granted access to the flake.

Private flakes are available only on paid plans.

Publishing private flakes

Like all flakes on FlakeHub, you can only publish private flakes from a supported platform. That currently includes:

To make a flake private, set visibility to "private" in your publishing configuration.

GitHub Actions

Here’s an example flakehub-push configuration:

.gitlab-ci.yml

- name: Push private flake to flakehub
  uses: determinatesystems/flakehub-push@main
  with:
    visibility: "private"

GitLab CI

Here’s an example flakehub-push configuration:

.gitlab-ci.yml

stages:
  - "release"
 
include:
  - component: "gitlab.com/DeterminateSystems/flakehub-push/component@main"
    inputs:
      stage: "release"
      visibility: "private"

Accessing private flakes

Once you’ve published a private flake to FlakeHub, you can access it as a Nix user if you (a) are a member of the flake’s organization and (b) have been granted access to that flake.

All Nix users can access public flakes like Nixpkgs:

Show flake outputs for Nixpkgs

nix flake show "https://flakehub.com/f/NixOS/nixpkgs/*"

If you were a member of, for example, the organization super-duper-secret and granted access to the flake important-stuff, this would work for you:

Show flake outputs for private flake

nix flake show "https://flakehub.com/f/super-duper-secret/important-stuff/*"

Users not granted access to that flake, however, would see a warning like this:

Flake `super-duper-secret/important-stuff` not found.

FlakeHub Cache Resolved store paths