New Nix CI SaaS: Hercules CI


Domen Kožar and Robert Hensing are working on a brand new Continuous Integration service for Nix users. Check out!

Some distinguishing features:

  • First class integration with Nix
  • Host build agents where you want
  • Free plan for open source

We’ve anticipated some questions on the site, but feel free to ask them here.



I will pitch that in my company HolidayCheck. Maybe we jump on the train after testing the preview. We have need for darwin to support our fellow js/jvm developers. How is that going to work when our agents are behind VPN mostly ipsec?

1 Like

Thank you. We only require that agents be able to reach Hercules CI, Cachix and GitHub, not the other way around. So unless your firewall severely restricts outgoing traffic, you will not have to reconfigure network security at all.


Everything that you run on your systems, including the agent is open source, but the backend services are closed source.

We are not planning to open source the backend services.

As someone who has been dying for a modern Hydra replacement, this was incredibly disheartening to read.


Hey @ledettwy I’ve given a verbose answer behind this decision at

1 Like

I think companies would be willing to pay for automation of packaging tools and especially as long term relationships are being built, because that actually increases the overall efficiency.

Similarly, Cachix also identified a problem (a fairly small one for our use case) and that might result in some people to pay for it.

Having yet another CI seems to be a rather risky investment, because CI systems are a crowded space already.

I don’t think anyone should say that you should or shouldn’t do something open-source or not.

Regarding the severely restricted outgoing traffic, this is a serious problem. The days that there was a “single Internet” are long gone. You already have two people here who could potentially be in your target market and both of them say this is a problem.

In short, I would like to see your talents applied elsewhere, but you are free to make your own business choices, of course.

Hey @coretemp,

Thank you for your insights.

We have optimized our architecture to support firewalled customers. Typical corporate network configurations are supported with little to no effort. Consumer networks require no extra effort. You could even host an agent from a coffee shop’s wifi, although obviously I would not consider that a good practice for general security reasons.

We are committed to make this a success.

1 Like