API design for immutable cloud NixOS instances

We’re experimenting with some APIs for NixOS cloud instances and would like to seek feedback from the community. We’re a small cloud
provider
focused on security and privacy.

Here’s a 60 second demo video lauching a NixOS 24.11 instance with Terraform.

For NixOS instance creation, we’d like to accept a firstboot shell
script that runs on initial boot as for other instance types, but also
a configuration.nix as an alternate parameter which could trigger a
rebuild on the instance’s first boot. It could import the hardware-configuration.nix that’s already present on the machine.

It could also be interesting to implement an API call for running
instances that accepted a configuration as parameter, also triggering
a rebuild.

Is there any prior art here? Does that sound like an interesting
approach?

Thanks in advance for any ideas or suggestions!

3 Likes

I think having people have the ability to push nix store paths next to nix configurations is a nice option. So that eval and build happens in CI. You push to cache. And then you just tell which store path to boot in your Terraform config.

You’d specify the substituter, the public key, and the store path in your cloud API.

3 Likes

Very clever idea @arianvp. Thanks for the suggestion.