Deploy Nix on macOS EC2
This guide explains how to deploy Determinate Nix on Amazon EC2 macOS instances with fully automated installation and FlakeHub integration covering secure IAM authentication, instance store configuration, and auto-scaling deployment patterns for enterprise CI/CD workloads.
Prerequisites
- An AWS account with access to macOS EC2 instances
- Determinate Nix installed locally
- A FlakeHub organization account
Security considerations
Instance store persistence
When deploying Nix on EC2 macOS instances, the Nix store is installed to the instance’s ephemeral instance store. This means:
- The Nix store is erased when the instance is stopped
- EBS snapshots do not capture the Nix store
- Standard macOS reboots are safe
IAM authentication
Use AWS IAM roles to control access to FlakeHub Cache:
- Create an IAM role with appropriate permissions
- Attach the role to your EC2 instance
- Register the role ARN in your FlakeHub organization settings
- Install/restart Determinate to authenticate with FlakeHub using the role
Supported use cases
| Use Case | Status | Notes |
|---|---|---|
| Ephemeral instances | ✅ Supported | Ideal for CI/CD and batch processing |
| Auto-scaled fleet | ✅ Supported | Works with ASG and launch templates |
| Long-running instances | ❌ Not supported | Instance store is wiped on stop/start |
| Snapshotted instances | ❌ Not supported | Store not captured in EBS snapshots |
Installation
Launch
Launch your macOS EC2 instance with an appropriate IAM role.
Install
Install Determinate Nix with EC2 instance store support:
curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | \
sh -s -- install macos \
--no-confirm \
--determinate \
--use-ec2-instance-storeVerify
Verify the installation:
# Check Nix works
nix --version
# Verify FlakeHub authentication
determinate-nixd statusUsing with AWS Auto Scaling
Create template
Create a launch template that includes the installation script in user data:
#!/bin/bash
curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | \
sh -s -- install macos \
--no-confirm \
--determinate \
--use-ec2-instance-storeConfigure
Configure your Auto Scaling Group to use the launch template.
Sit back and relax
New instances automatically install Nix and authenticate with FlakeHub using their IAM role.
Next steps
- Set up CI/CD with FlakeHub Cache
- Configure AWS Systems Manager integration
- Learn about resolved store paths for efficient deployments
Troubleshooting
If you encounter issues:
- Verify the instance IAM role has correct permissions
- Check instance store availability and capacity
- Review logs with
determinate-nixd status - Join our Discord for assistance