Adopt Determinate in your organization

Determinate is an end-to-end toolchain for using Nix consisting of Determinate Nix and FlakeHub. Determinate is available on macOS, most Linux systems (including SELinux), and Windows Subsystem for Linux (WSL), and it’s designed for organizations of all sizes and types, from lean, agile startups to large enterprises with exacting requirements.

Here, we’ll show you how to adopt Determinate in your organization, taking you from no one in your org having Nix installed all the way to everyone having access to industry-leading features like FlakeHub Cache and private flakes.

This guide is intended for people who are responsible for Determinate adoption in their organization, such as a CTO, engineering manager, or principal engineer (though not limited to these).

Install Determinate Nix

Each team member can use this selector to choose the appropriate installation method for their use case:

Get Determinate for macOS

Package icon representing the graphical installer

Download Determinate Nix

You can also install Determinate using a Mobile Device Management (MDM) platform, which can be a great solution in larger organizations.

Refer team members to the advanced installation guide if they’d like to install Determinate on NixOS.

As an admin, you’ll need a GitHub account to begin adopting Determinate, as later on you’ll need to register your organization with FlakeHub’s GitHub app. Log in to GitHub under the user account associated with your organization.

If you do not have a GitHub account but would still like to adopt Determinate, contact us to discuss other ways to onboard.

Once Determinate Nix is installed on your machine, you need to authenticate with FlakeHub using your GitHub account. First, log in using your browser to gain access to FlakeHub’s web UI:

Log into FlakeHub

Authenticate with FlakeHub via GitHub.

Then log in your workstation using Determinate Nixd, a daemon that comes installed Determinate Nix:

determinate-nixd login

When you run this command, it provides you with a URL to navigate to create a token. You’ll see output like this:

Log in to FlakeHub: https://flakehub.com/token/create?description=Determinate+NixD+on+my-workstation-hostname.local

Navigate to that URL in your browser, select Coarse grained under Token type, provide a description for the token, and click Create token. After that, you’ll see a window with a long token string that begins with flakehub1_. Make sure to copy that token, as you won’t be able to see it again.

Go back to your terminal and paste that token in after the > Paste your FlakeHub token prompt and hit Enter. Then you’ll see output like this telling you about your login status:

Logged in: true
FlakeHub user name: my-flakehub-username
FlakeHub organizations: []
Installation is not bound to a FlakeHub customer.

And that’s it! FlakeHub now knows who you are and which orgs you belong to (potentially none yet, but that will change).

Install FlakeHub’s GitHub app

Now that you’re logged into both GitHub and FlakeHub, you need to install FlakeHub’s GitHub app to your organization on GitHub. Select your organization from the list on that page and click Install.

See this page for more information about FlakeHub’s GitHub app and to make changes to the app installation, such as configuring GitHub repository access or suspending or uninstalling the app.

⚠️

If you suspend or uninstall FlakeHub’s GitHub app, you will no longer be able to use FlakeHub features like FlakeHub Cache and private flakes.

💡

If you’d like to use Microsoft Entra for user authentication, there are some additional steps at this stage. Complete the steps in the Entra onboarding guide and return to this guide.

Sign up for a paid plan

In order to use features like FlakeHub Cache and private flakes, you’ll need to select a paid plan. Go to the Billing tab of your organization settings at the URL with this structure:

https://flakehub.com/:org/settings?editview=billing

Make sure to substitute :org for your own organization name. An example for my-org would be https://flakehub.com/my-org/settings?editview=billing.

Click Sign up and select the number of seats—or users—for your organization. Enter your payment information in the Stripe checkout interface, click Subscribe, and you’re ready to go.

Invite users to your FlakeHub organization

Your organization is now fully set up to use FlakeHub! A good next step is to add other team members to your FlakeHub organization at this URL:

https://flakehub.com/:org/settings?editview=members

Make sure to substitute :org for your own organization name. An example for my-org would be https://flakehub.com/my-org/settings?editview=members.

Under Add member, enter the GitHub username of team members to add and click Enter. They will receive invitations via email that they need to confirm.

Publish your flakes to FlakeHub

Flakes are the basic unit of distribution for Nix expressions, enabling you to specify flake inputs and flake outputs in a structured way. FlakeHub is Determinate’s platform for publishing flakes, with SemVer support, and caching Nix store paths.

To get started using Flakehub, you need to start publishing whichever flakes you’d like to use and share in your org. In the repo for each of these flakes, use the flakehub-push GitHub Action. Here’s an example configuration:

.github/workflows/flakehub-push.yaml

name: Publish every Git push to main to FlakeHub
on:
  push:
    branches:
      - main
 
jobs:
  flakehub-publish:
    runs-on: ubuntu-latest
    permissions:
      id-token: write
      contents: read
    steps:
      - uses: actions/checkout@v4
      - uses: DeterminateSystems/nix-installer-action@main
      - uses: DeterminateSystems/flakehub-push@main
        with:
          rolling: true
          visibility: private
          include-output-paths: true

Easy configuration with the FlakeHub publishing wizard

While you can always write flakehub-push configuration files by hand, our publishing wizard enables you to quickly generate config files tailored to the requirements of your specific flakes.

Keep in mind that there’s effectively no limit to how many flakes your org can publish on FlakeHub and in fact we generally encourage a more decentralized approach. So always feel free to divide your flake outputs across different flakes in whichever way best suits your use cases.

Turn existing projects into flakes

If you have existing projects that aren’t yet flakes—or aren’t even Nix projects!—you can turn them into flakes by hand or use the fh init command to generate flakes for your projects (make sure to install fh first):

Initialize a new flake

fh init

This generates a new flake.nix for your project using a combination of your responses to interactive questions and the actual contents of the repository in which you run the command.

Expand Determinate usage in your organization

Once you’ve had some initial successes with Determinate, there’s a variety of ways in which you can expand usage in your organization. You can:

Add new team members to your organization on FlakeHub and get them up and running.
Create and publish more Nix flakes to FlakeHub to accommodate your various Nix development environments, packages, NixOS, nix-darwin, and Home Manager configurations, and more.
Publish more of your flake outputs to FlakeHub Cache using tools like Determinate CI.

Introduction Individuals