Julian Stecklina · 3 min read
Cyberus at OceanSprint 2025
Cyberus embraces open-source communities and contributions. We joined other Nix enthusiasts at OceanSprint in Lanzarote and worked on NixOS improvements for embedded systems.
At Cyberus, Nix and NixOS are everywhere. We use Nix for everything from packaging our software to running our infrastructure. This wide-ranging usefulness is only possible because we stand on the shoulders of giants. The thriving Nix ecosystem is the product of the work of many individuals who contribute to the project.
This year, we participated again at OceanSprint. Contributing to open-source projects is best done in person. Besides the bigger Nix community events, such as NixCon, plenty of work gets done in smaller events. The OceanSprint is such a small event, where around 30 Nix hackers of all skill levels come together to advance Nix-related projects. Cyberus was of course part of it!
Slimming Down NixOS
At this year’s OceanSprint, we focussed our attention on slimming down NixOS for embedded use cases. While NixOS is already, in our opinion, the best choice to build your embedded product, there are always opportunities to optimize this further. One area of improvement is the size and security of system images.
One long-standing project is eliminating the need for interpreters for small systems. Bash and Perl are useful tools, but they should not be in your embedded product if you don’t need them! Removing interpreters improves the security of the systems because it adds another layer of defense. Attackers have a harder time gaining a foothold on the system, if they can’t just pipe commands into a shell.
Besides supporting the interpreter-less NixOS effort, we also worked on more low-level topics. For example, in image-based NixOS systems, deduplicating the content of initrd and /nix/store can reduce the size of system images. We also experimented with using erofs as an initrd to reduce the RAM footprint of a system. This endeavour brought us all the way to cleaning up the initrd code in the Linux kernel.
Welcome Snix!
At the OceanSprint, the Snix developers announced their project. Snix is a library-first reimplementation of Nix tooling. Having reusable libraries for the Nix language is a great way to foster a community of amazing tooling.
While it’s early days for Snix as an implementation of the Nix language, it comes with a wide range of libraries for common tasks, for example parsing NAR files, one of the building blocks of Nix binary caches. You can learn about using Snix in your project here.
We at Cyberus were excited to experiment with Snix and are eager to see the project grow and mature.
Find Out More
There are too many projects at OceanSprint to give them all proper credit here. If you like to find out more about the topics that people worked on, you can find the full report here. We want to thank the organizers for organizing such a productive event. We are already looking forward to the next OceanSprint!
If you have any question about using NixOS on your embedded device or need commercial support, please contact us!