Pilot - 3 months, 5–15 hosts, free

Two starting points - pick yours

The pilot covers one regulated zone, not your entire fleet. Whether your fleet is already on NixOS or running on Ansible / Puppet / Chef, the deliverable is the same: 5–15 hosts converged, signed NIS2 (or DORA / ANSSI) evidence packet at month 3, no vendor lock-in afterward. Standard NixOS tooling operates the island once the pilot ends.

Where you are today	Pilot scope
Fleet already on NixOS	Direct operation: stand up self-hosted Git forge + binary cache + control plane + agents. 5–15 hosts converged on the regulated zone. Month-3 evidence packet.
Fleet on Ansible / Puppet / Chef	Accompanied migration: we port 5–15 hosts of your regulated zone (DMZ gateways, jumpboxes, NIS2 / DORA / ANSSI segments) to NixOS + NixFleet during the 12 weeks. The rest of your infrastructure stays on its existing stack.

The proposition is not "adopt NixOS company-wide" (multi-year strategic decision). It is "move the regulated zone onto a declarative substrate" (reversible, deliverable in a quarter, closes a specific audit point). The auditor question that no imperative tool can answer structurally - "can you prove the declared configuration is actually applied on these hosts, today, signed, without trusting your scanner vendor?" - is what the regulated zone needs a different paradigm for.

01The three-stage funnel

STAGE 1

Evaluate

10 min – 1 hour

Your commitment

Run nixfleet-demo locally

Our commitment

Open-source demo + 15-min Q&A

Deliverable: Internal confirmation that the GitOps loop works on your infra type

STAGE 2

Kickoff workshop

1 day (on-site or remote)

Your commitment

1–2 infra/security engineers

Our commitment

Pairing intensive, initial configuration

Deliverable: Working fleet.nix for 2–3 hosts. Git forge + binary cache + CP up at your site.

STAGE 3

Pilot

12 weeks

Your commitment

Autonomous ops, 30-min weekly checkin

Our commitment

Coaching, escalation channel, month-3 evidence packet

Deliverable: 5–15 hosts converged on the regulated zone, signed NIS2 evidence packet at month 3, operations runbook.

All three stages are free. In exchange, we get real-world validation on real infrastructure, a named reference (logo + citation if you accept), product feedback, and a Horizon Europe reference.

02In scope

5 to 15 Linux hosts in a regulated zone: existing NixOS or migrated from Ansible / Puppet / Chef during the 12 weeks (see "Two starting points" above)
1 channel (typically stable)
Full NIS2 / DORA / ANSSI compliance stack with signed evidence collected automatically
Wave rollout policies (canary + remainder)
Magic rollback with deadline active
Operational documentation adapted to your environment
Dedicated escalation channel (1 business day SLA during pilot)

03Out of scope (chargeable extensions or future work)

> 50 hosts: SQLite ceiling, planned shift to Postgres
Migration beyond the regulated zone: user workstations, non-critical business servers, dev hosts - stay on your existing stack
Multi-CP HA: architecture known, not yet validated end-to-end
Air-gap operation: RFC-0012, future work
Darwin fleet: agent works, multi-host rollouts not yet exercised by fleet-harness

04Conditions

Your engagement:

30-min weekly checkin during the 12 weeks
One designated technical correspondent (RSSI or infra engineer)
Operator SSH access to at least one host in the pilot scope for joint incident diagnosis
Permission to list your organisation as a reference on a future website page only if the pilot is successful (opt-out clause always available)
Structured feedback at month 3: what works, what rubs, what is missing

Our engagement:

Kickoff workshop by a core team member
Dedicated support channel during 12 weeks (email + call within 1 business day)
Framework and compliance updates during the pilot at no additional cost
Final NIS2 evidence packet delivered at month 3 in auditable format (signed JSON + PDF report)

05Data and IP

You retain the entirety of your Nix configuration, your Git repository, and your compliance evidence - including if the pilot is stopped.
No operator data leaves your infrastructure unless you explicitly authorise it (e.g., evidence snippet for a pilot report).
You can audit the code of the three repositories (nixfleet, nixfleet-compliance, nixfleet-demo) - MIT/AGPL public.

06Exit clause

You can stop the pilot at any time with 1 week notice, at no cost. You keep your configuration and your operational fleet - native NixOS tooling is enough to operate without NixFleet.

07Why now

NIS2 is transposed in France (Loi Résilience, March 2025). Full compliance required by end-2027.
DORA is applicable since January 2025 for financial entities.
Compliance budgets for 2026 are being allocated. A pilot starting now means you have signed evidence in hand before your auditor's next visit, not a slide deck.
The framework is stable today. The signed-artifact chain and the compliance stack are exercised by 14 end-to-end fleet-harness scenarios.
The regulated zone is the natural entry point. You don't have to migrate everything. 5 to 15 hosts that carry your NIS2 / DORA / ANSSI exposure is the pilot scope. The rest stays on what works today. The decision is reversible and the deliverable is auditor-grade.

08After the pilot

If the pilot is conclusive, two paths exist (conversion is not mandatory, self-service open-source remains available):

Path	For whom	Tier
Pro	10–200 hosts, standard NIS2 requirements	By quote
Enterprise	200+ hosts, SSO/SAML, SLA, dashboard, compliance reporting	By quote

Book the 15-min eligibility call →