You’re probably familiar with containers and OCI images, and you’ve probably heard of Nix—usually from that one engineer who really, really likes it. This talk starts by breaking down how containerd actually creates a container from an OCI image: interpreting metadata, preparing a root filesystem, and assembling the runtime specification. We'll contrast that with how Nix hermetically builds reproducible artifacts—not full filesystems on their own, but components that can be composed into complete environments. Seeing the two models side-by-side makes clear where they overlap, where they differ, and why Nix’s approach to reproducibility fits naturally into the mechanics of container execution.
With that foundation, we’ll look at several practical ways Nix-built components can serve as container filesystems in Kubernetes without relying on traditional OCI image pipelines. These include assembling a rootfs from a Nix closure, generating OCI images from Nix expressions, and running Nix-based environments directly in containers. The goal is to give attendees a clear understanding of how containers are constructed, how Nix organizes software, and the range of techniques that connect the two when reproducible environments or alternative container workflows are desirable.
