# datomic-pro-flake Nix flake packaging Datomic Pro with NixOS modules and OCI images ## Changelog # Changelog All notable changes to this project will be documented in this file. This project uses https://www.taoensso.com/break-versioning[*Break Versioning*]. ## [UNRELEASED] ## v0.12.0 (2026-02-03) This is a version bump release: * Added package versions for [version 1.0.7491](https://docs.datomic.com/changes/pro.html#1.0.7491) `pkgs.datomic-pro` will always be the latest release, but the following specific versions are also available: * `pkgs.datomic-pro_1_0_7491` (latest) * `pkgs.datomic-pro_1_0_7482` * `pkgs.datomic-pro_1_0_7469` * `pkgs.datomic-pro_1_0_7394` * `pkgs.datomic-pro_1_0_7387` * `pkgs.datomic-pro_1_0_7364` * `pkgs.datomic-pro_1_0_7277` And for peer: * `pkgs.datomic-pro-peer_1_0_7491` (latest) * `pkgs.datomic-pro-peer_1_0_7482` * `pkgs.datomic-pro-peer_1_0_7469` * `pkgs.datomic-pro-peer_1_0_7394` * `pkgs.datomic-pro-peer_1_0_7387` * `pkgs.datomic-pro-peer_1_0_7364` * `pkgs.datomic-pro-peer_1_0_7277` ## v0.11.0 (2026-02-03) ### Breaking * NixOS module: The `services.datomic-pro.package` option is now required. You must explicitly pin your Datomic version. This change prevents unexpected upgrades that could affect your data. * Switch from [SemVer](https://semver.org/spec/v2.0.0.html) to [BreakVer](https://www.taoensso.com/break-versioning). I actually had meant to use BreakVer all along and thought we were, but didn’t see the copy paste error until just now (yes this is a violation of SemVer by not bumping the major version number). ### Added * Add automatic version bumping. Thanks to @licht1stein for contributing. ## v0.10.0 (2026-02-03) This is a version bump release: * Added package versions for [version 1.0.7482](https://docs.datomic.com/changes/pro.html#1.0.7482) `pkgs.datomic-pro` will always be the latest release, but the following specific versions are also available: * `pkgs.datomic-pro_1_0_7482` (latest) * `pkgs.datomic-pro_1_0_7469` * `pkgs.datomic-pro_1_0_7394` * `pkgs.datomic-pro_1_0_7387` * `pkgs.datomic-pro_1_0_7364` * `pkgs.datomic-pro_1_0_7277` And for peer: * `pkgs.datomic-pro-peer_1_0_7482` (latest) * `pkgs.datomic-pro-peer_1_0_7469` * `pkgs.datomic-pro-peer_1_0_7394` * `pkgs.datomic-pro-peer_1_0_7387` * `pkgs.datomic-pro-peer_1_0_7364` * `pkgs.datomic-pro-peer_1_0_7277` ## v0.9.0 (2025-12-14) This is a version bump release: * Added package versions for [version 1.0.7469](https://docs.datomic.com/changes/pro.html#1.0.7469) `pkgs.datomic-pro` will always be the latest release, but the following specific versions are also available: * `pkgs.datomic-pro_1_0_7469` (latest) * `pkgs.datomic-pro_1_0_7394` * `pkgs.datomic-pro_1_0_7387` * `pkgs.datomic-pro_1_0_7364` * `pkgs.datomic-pro_1_0_7277` And for peer: * `pkgs.datomic-pro-peer_1_0_7469` (latest) * `pkgs.datomic-pro-peer_1_0_7394` * `pkgs.datomic-pro-peer_1_0_7387` * `pkgs.datomic-pro-peer_1_0_7364` * `pkgs.datomic-pro-peer_1_0_7277` ### New Contributors * @licht1stein made their first contribution in https://github.com/outskirtslabs/datomic-pro-flake/pull/6 ## v0.8.0 (2025-09-08) The project repository has moved from my personal github to my open-source project org: * from https://github.com/Ramblurr/datomic-pro-flake * to https://github.com/outskirtslabs/datomic-pro-flake/ This is also a version bump release: * Added package versions for [version 1.0.7394](https://docs.datomic.com/changes/pro.html#1.0.7394) `pkgs.datomic-pro` will always be the latest release, but the following specific versions are also available: * `pkgs.datomic-pro_1_0_7394` (latest) * `pkgs.datomic-pro_1_0_7387` * `pkgs.datomic-pro_1_0_7364` * `pkgs.datomic-pro_1_0_7277` And for peer: * `pkgs.datomic-pro-peer_1_0_7394` (latest) * `pkgs.datomic-pro-peer_1_0_7387` * `pkgs.datomic-pro-peer_1_0_7364` * `pkgs.datomic-pro-peer_1_0_7277` ## v0.7.0 (2025-07-09) This is a version bump release: * Added package versions for [version 1.0.7387](https://docs.datomic.com/changes/pro.html#1.0.7387) `pkgs.datomic-pro` will always be the latest release, but the following specific versions are also available: * `pkgs.datomic-pro_1_0_7387` (latest) * `pkgs.datomic-pro_1_0_7364` * `pkgs.datomic-pro_1_0_7277` And for peer: * `pkgs.datomic-pro-peer_1_0_7387` (latest) * `pkgs.datomic-pro-peer_1_0_7364` * `pkgs.datomic-pro-peer_1_0_7277` ## v0.6.1 (2025-05-15) No changes, just ci wrangling. ## v0.6.0 (2025-05-15) This release brings versioned packages! We recommend you pin your deployments to specific versions and upgrade intentionally. ### Changed Package versions: `pkgs.datomic-pro` will always be the latest release, but the following specific versions are also available: * `pkgs.datomic-pro_1_0_7364` (latest) * `pkgs.datomic-pro_1_0_7277` And for peer: * `pkgs.datomic-pro-peer_1_0_7364` (latest) * `pkgs.datomic-pro-peer_1_0_7277` ## v0.5.0 (2025-05-15) This release brings a Datomic version bump to [version 1.0.7364](https://docs.datomic.com/changes/pro.html#1.0.7364). Also notably the container image size is now 433M, down from over 750M, thanks to Datomic’s efforts to slim down the release jar! ### Changed * nix pkg: Updated `datomic-pro` and `datomic-pro-peer` to [version 1.0.7364](https://docs.datomic.com/changes/pro.html#1.0.7364) * docs: Improved SQLite example with rails 8 inspired tuning ## v0.4.0 (2025-03-14) ### Changed * nix pkg: Updated `datomic-pro` and `datomic-pro-peer` to version 1.0.7277 ## v0.3.0 (2024-11-01) Nothing changed in 0.3.0, I just am struggling with [flakehub’s](https://flakehub.com/flake/ramblurr/datomic-pro?view=releases) release process. ## v0.2.0 (2024-11-01) ### Breaking * nix pkg: `transactor` bin renamed to `datomic-transactor` * nix pkg: `console` bin renamed to `datomic-console` * nixos module: removed the default settings that leaned towards dev/h2 storage by default ### Added * oci image: Added Docker container image with lots of customizable features * Includes sqlite, postgresql, and mysql JDBC drivers by default * Ability to customize the CLASSPATH and LD_LIBRARY_PATH * `unstable` container image tag that follows the `main` branch * nix pkg: Added ability to override the build and add extra native libs or java libs * nix pkg: Exposed more packages: `datomic-shell`, `datomic-run`, `datomic-repl`, `datomic-peer-server` * nixos module: You can now configure: logging, extra classpath entries, and extra java options. * nix pkg: Added datomic-pro-peer package which is the datomic peer library with all of its dependencies * nix pkg: Added option to build slimmed down JRE for datomic-pro ### Changed * nix pkg: Updated datomic-pro to version 1.0.7260 * nix pkg: Switched to Nix’s JDK 21 headless package (which is supported by Datomic) * oci image: Use the slimmed down JRE and a custom babashka build to reduce size of the image ### Fixed * This changelog formatting ## v0.1.0 (2024-06-12) ### Added * Created this flake with datomic-pro version 1.0.7075 ## Docker/OCI Container # Docker/OCI Container `datomic-pro-flake` publishes an OCI image that can run Datomic Pro transactor or Datomic Console. * Image: `ghcr.io/outskirtslabs/datomic-pro` * Default command: transactor * Console command: `console` If you do not want to build with nix, pull a published image: ```shell docker pull ghcr.io/outskirtslabs/datomic-pro:1.0.7491 ``` Package tags are listed at: https://github.com/orgs/outskirtslabs/packages/container/package/datomic-pro ## Transactor Mode Transactor mode runs when no command is provided. * Default port: `4334` * Required rw volume: `/config` * Optional rw volume: `/data` (for local/H2 or sqlite-style setups) * PostgreSQL, MySQL, and SQLite JDBC drivers are included You can provide `/config/transactor.properties` directly, or configure via env vars. ### Supported Environment Variables
❗ IMPORTANT
Every supported variable can also be passed with `_FILE` to load the value from a file. Example: `DATOMIC_STORAGE_ADMIN_PASSWORD_FILE=/run/secrets/admin-password`.
* `DATOMIC_TRANSACTOR_PROPERTIES_PATH` (`/config/transactor.properties`) * `DATOMIC_ALT_HOST` (`alt-host`) * `DATOMIC_DATA_DIR` (`data-dir`, default `/data`) * `DATOMIC_ENCRYPT_CHANNEL` (`encrypt-channel`) * `DATOMIC_HEARTBEAT_INTERVAL_MSEC` (`heartbeat-interval-msec`) * `DATOMIC_HOST` (`host`, default `0.0.0.0`) * `DATOMIC_MEMCACHED` (`memcached`) * `DATOMIC_MEMCACHED_AUTO_DISCOVERY` (`memcached-auto-discovery`) * `DATOMIC_MEMCACHED_CONFIG_TIMEOUT_MSEC` (`memcached-config-timeout-msec`) * `DATOMIC_MEMCACHED_PASSWORD` (`memcached-password`) * `DATOMIC_MEMCACHED_USERNAME` (`memcached-username`) * `DATOMIC_MEMORY_INDEX_MAX` (`memory-index-max`, default `256m`) * `DATOMIC_MEMORY_INDEX_THRESHOLD` (`memory-index-threshold`, default `32m`) * `DATOMIC_OBJECT_CACHE_MAX` (`object-cache-max`, default `128m`) * `DATOMIC_PID_FILE` (`pid-file`) * `DATOMIC_HEALTHCHECK_CONCURRENCY` (`ping-concurrency`) * `DATOMIC_HEALTHCHECK_HOST` (`ping-host`) * `DATOMIC_HEALTHCHECK_PORT` (`ping-port`) * `DATOMIC_PORT` (`port`, default `4334`) * `DATOMIC_PROTOCOL` (`protocol`, default `dev`) * `DATOMIC_READ_CONCURRENCY` (`read-concurrency`) * `DATOMIC_SQL_DRIVER_CLASS` (`sql-driver-class`) * `DATOMIC_SQL_URL` (`sql-url`) * `DATOMIC_STORAGE_ACCESS` (`storage-access`, default `remote`) * `DATOMIC_STORAGE_ADMIN_PASSWORD` (`storage-admin-password`) * `DATOMIC_STORAGE_DATOMIC_PASSWORD` (`storage-datomic-password`) * `DATOMIC_VALCACHE_MAX_GB` (`valcache-max-gb`) * `DATOMIC_VALCACHE_PATH` (`valcache-path`) * `DATOMIC_WRITE_CONCURRENCY` (`write-concurrency`) To disable env-to-properties generation and use your own full config file, set: * `DOCKER_DATOMIC_GENERATE_PROPERTIES_SKIP` to any non-empty value ## Console Mode Run with `console` as the first argument. * Default port: `8080` * `DB_URI` sets the connection URI * `DB_URI_FILE` loads the URI from a file ## Example Compose ### Datomic Pro With Local Storage ```yaml --- services: datomic-transactor: image: ghcr.io/outskirtslabs/datomic-pro:1.0.7491 environment: DATOMIC_STORAGE_ADMIN_PASSWORD: unsafe DATOMIC_STORAGE_DATOMIC_PASSWORD: unsafe volumes: - ./data:/data ports: - 127.0.0.1:4334:4334 datomic-console: image: ghcr.io/outskirtslabs/datomic-pro:1.0.7491 command: console environment: DB_URI: datomic:dev://datomic-transactor:4334/?password=unsafe ports: - 127.0.0.1:8081:8080 ``` ### Datomic Pro With SQLite Storage Prepare the sqlite database first: ```shell mkdir -p data/ config/ sqlite3 data/datomic-sqlite.db ' PRAGMA foreign_keys = ON; PRAGMA journal_mode = WAL; PRAGMA synchronous = NORMAL; PRAGMA mmap_size = 134217728; PRAGMA journal_size_limit = 67108864; PRAGMA cache_size = 2000; CREATE TABLE datomic_kvs ( id TEXT NOT NULL, rev INTEGER, map TEXT, val BYTEA, CONSTRAINT pk_id PRIMARY KEY (id) );' ``` Then run compose: ```yaml --- services: datomic-transactor: image: ghcr.io/outskirtslabs/datomic-pro:unstable environment: DATOMIC_PROTOCOL: sql DATOMIC_SQL_URL: jdbc:sqlite:/data/datomic-sqlite.db DATOMIC_SQL_DRIVER_CLASS: org.sqlite.JDBC DATOMIC_JAVA_OPTS: -Dlogback.configurationFile=/config/logback.xml DATOMIC_HOST: datomic-transactor DATOMIC_ALT_HOST: "127.0.0.1" volumes: - "./data:/data:z" - "./config:/config:z" ports: - 127.0.0.1:4334:4334 datomic-console: image: ghcr.io/outskirtslabs/datomic-pro:unstable command: console environment: DB_URI: "datomic:sql://?jdbc:sqlite:/data/datomic-sqlite.db" volumes: - "./data:/data:z" ports: - 127.0.0.1:8081:8080 ``` ### Datomic Pro With PostgreSQL And Memcached ```yaml --- services: datomic-memcached: image: docker.io/memcached:latest command: memcached -m 1024 ports: - 127.0.0.1:11211:11211 restart: always datomic-storage: image: docker.io/library/postgres:latest environment: POSTGRES_PASSWORD: unsafe command: postgres -c 'max_connections=1024' volumes: - ./data:/var/lib/postgresql/data ports: - 127.0.0.1:5432:5432 restart: always datomic-storage-migrator: image: ghcr.io/outskirtslabs/datomic-pro:1.0.7491 environment: PGUSER: postgres PGPASSWORD: unsafe volumes: - "./postgres-migrations:/migrations" entrypoint: /bin/sh command: > -c '(psql -h datomic-storage -lqt | cut -d \| -f 1 | grep -qw "datomic" || psql -h datomic-storage -f /opt/datomic-pro/bin/sql/postgres-db.sql) && (psql -h datomic-storage -d datomic -c "\\dt" | grep -q "datomic_kvs" || psql -h datomic-storage -d datomic -f /opt/datomic-pro/bin/sql/postgres-table.sql) && (psql -h datomic-storage -d datomic -c "\\du" | cut -d \| -f 1 | grep -qw "datomic" || psql -h datomic-storage -d datomic -f /opt/datomic-pro/bin/sql/postgres-user.sql)' datomic-transactor: image: ghcr.io/outskirtslabs/datomic-pro:1.0.7491 environment: DATOMIC_STORAGE_ADMIN_PASSWORD: unsafe DATOMIC_STORAGE_DATOMIC_PASSWORD: unsafe DATOMIC_PROTOCOL: sql DATOMIC_SQL_URL: jdbc:postgresql://datomic-storage:5432/datomic?user=datomic&password=datomic DATOMIC_HEALTHCHECK_HOST: 127.0.0.1 DATOMIC_HEALTHCHECK_PORT: 9999 DATOMIC_MEMCACHED: datomic-memcached:11211 ports: - 127.0.0.1:4334:4334 restart: always datomic-console: image: ghcr.io/outskirtslabs/datomic-pro:1.0.7491 command: console environment: DB_URI: datomic:sql://?jdbc:postgresql://datomic-storage:5432/datomic?user=datomic&password=datomic ports: - 127.0.0.1:8081:8080 ``` ## Discussion If something is missing for your deployment style, open an issue: https://github.com/outskirtslabs/datomic-pro-flake/issues/new ## datomic-pro-flake # datomic-pro-flake > Datomic Pro packaged for Nix w/ NixOS modules and OCI container images. ![doc](https://img.shields.io/badge/doc-outskirtslabs-orange.svg) ![status: stable](https://img.shields.io/badge/status-stable-brightgreen.svg) [![License](https://github.com/outskirtslabs/datomic-pro-flake/blob/main/LICENSE)(https://img.shields.io/github/license/outskirtslabs/datomic-pro-flake)] `datomic-pro-flake` provides: * Versioned `datomic-pro` and `datomic-pro-peer` nix packages. * NixOS modules for running Datomic Pro transactor and Datomic Console. * An OCI image (no nix requiredd!) for running transactor or console with environment variables and `_FILE` secrets. All outputs are tested end-to-end in this repository. Project status: **[Stable](https://docs.outskirtslabs.com/open-source-vital-signs#stable)**. ## Quick Start ```nix { inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; datomic-pro.url = "github:outskirtslabs/datomic-pro-flake"; datomic-pro.inputs.nixpkgs.follows = "nixpkgs"; }; outputs = { nixpkgs, datomic-pro, ... }: let system = "x86_64-linux"; in { nixosConfigurations.example = nixpkgs.lib.nixosSystem { inherit system; modules = [ ./configuration.nix datomic-pro.nixosModules.${system}.datomic-pro ]; }; }; } ``` ## Documentation To learn how to configure the module and OCI container, see: * [NixOS Module](nixos-module.adoc) * [Docker/OCI Container](docker-oci-container.adoc) * [Docs Home](https://docs.outskirtslabs.com/datomic-pro-flake/next/) * [Support via GitHub Issues](https://github.com/outskirtslabs/datomic-pro-flake/issues) ## Security See [Security](security.adoc) for security reporting and policy links. ## License Copyright © 2025-2026 Casey Link <casey@outskirtslabs.com> Distributed under the [Apache License 2.0](https://spdx.org/licenses/Apache-2.0.html). ## NixOS Module # NixOS Module This flake provides NixOS modules for Datomic Pro transactor and Datomic Console. ## Add The Module ```nix { inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; datomic-pro.url = "github:outskirtslabs/datomic-pro-flake"; datomic-pro.inputs.nixpkgs.follows = "nixpkgs"; }; outputs = { nixpkgs, datomic-pro, ... }: let system = "x86_64-linux"; in { nixosConfigurations.machine = nixpkgs.lib.nixosSystem { inherit system; modules = [ ./configuration.nix datomic-pro.nixosModules.${system}.datomic-pro datomic-pro.nixosModules.${system}.datomic-console ]; }; }; } ``` ## Secrets File Create `/etc/datomic-pro/secrets.properties`: ```properties storage-admin-password=changeme storage-datomic-password=changeme ```
❗ IMPORTANT
Do not use `environment.etc` for secrets. That writes data to the nix store, which is globally readable and can be cached remotely.
Lock down permissions: ```shell chown root:root /etc/datomic-pro/secrets.properties chmod 0600 /etc/datomic-pro/secrets.properties ``` ## Example Configuration A basic dev-mode transactor storing data under `/var/lib/datomic-pro`: ```nix { services.datomic-pro = { enable = true; package = pkgs.datomic-pro_1_0_7491; secretsFile = "/etc/datomic-pro/secrets.properties"; settings = { host = "localhost"; port = 4334; memory-index-max = "256m"; memory-index-threshold = "32m"; object-cache-max = "128m"; protocol = "dev"; storage-access = "remote"; }; }; services.datomic-console = { enable = true; port = 8080; dbUriFile = "/etc/datomic-pro/console-db-uri"; }; } ``` ## Available Packages `pkgs.datomic-pro` and `pkgs.datomic-pro-peer` track the latest supported Datomic release. Specific versions are also exposed, for example: * `pkgs.datomic-pro_1_0_7491` * `pkgs.datomic-pro_1_0_7482` * `pkgs.datomic-pro_1_0_7469` * `pkgs.datomic-pro-peer_1_0_7491` * `pkgs.datomic-pro-peer_1_0_7482` * `pkgs.datomic-pro-peer_1_0_7469` New upstream Datomic releases are typically added within 24 hours. ## Security # Security Security issues should be reported privately. Please review the Outskirts Labs policy first: [Outskirts Labs Security Policy](https://docs.outskirtslabs.com/security-policy) For this repository specifically: * [Security advisories](https://github.com/outskirtslabs/datomic-pro-flake/security/advisories) * [Report a vulnerability](https://github.com/outskirtslabs/datomic-pro-flake/security/advisories/new)