Skip to content

Hop3 at OW2Con 2026 — NGI Zero Success Stories

June 03, 2026 Conference Talk NGI

We presented Hop3 at OW2Con 2026, in the NGI Zero "Success Stories" session (part of the NGI Zapp Accelerator Meetup, June 3, 09:30–10:40). The session gathered beneficiaries of the NGI Zero European funding programme for a round of short, ten-minute talks: what each project built, where it sits in its life cycle, and what its maintainers learned along the way.

Our talk, "Nix Integration for Hop3", reported on the NGI0 Commons Fund grant (#2024-04-365).

Slides

You can also view the slides directly on Speaker Deck.

The session line-up

Six NGI Zero projects presented:

  • MaDada — a request platform for access to public documents, by Laurent Savaëte
  • F3D-APP — a fast, minimalist 3D viewer, by F3D-APP Foundation maintainers Mathieu Westphal and Michael Migliore
  • FedCM for Solid, by Theo
  • Funkwhale — an open-source audio platform, by Pablo Durandoz
  • Nix Integration for Hop3, by Stéfane Fermigier, Abilian
  • Mobilizon, by Alexandra Cadet, Kaihuri

What we covered

Ten minutes is enough to land a thesis and the evidence for it. The talk moved through:

  • What Hop3 is — the push-to-deploy experience of Heroku, on infrastructure you own. git push or hop3 deploy, and an app is built, reverse-proxied, given TLS, and backed up — with no Kubernetes and no mandatory Docker. The timing argument: rising SaaS bills, vendor lock-in, and digital-sovereignty rules are pushing workloads back on-premises.
  • A backend-agnostic architecture — every layer is a swappable plugin: build (native / Docker / Nix), a dozen language toolchains, runtime, reverse proxy, addons, and OS family. Adding a language is one toolchain; adding a build backend is one engine across all the languages. That orthogonality is what lets each newly packaged application probe a single axis rather than the whole grid.
  • What the grant funded — one project, five work packages, three thrusts: Nix, build → runtime (reproducible builds and reproducible runtimes), Security & resilience (backing-service addons, backups, a network firewall and WAF, the web UI, and a redesigned CLI), and Apps & dissemination (real F/OSS applications as the test bed, plus documentation, a technical report, and talks like this one).
  • How the platform earns trust — testing was one of the two largest sustained efforts of the grant, alongside Nix reproducibility, and it runs at two altitudes: a code-level pytest pyramid, and deployment harnesses (hop3-test) that deploy real applications to Docker, SSH, and cloud targets and verify they actually serve traffic. Packaging a real application is a test — each one surfaces an edge the synthetic fixtures never reach.
  • Two reusable spin-offsLeWAF, an NGI-funded Python Web Application Firewall implementing the OWASP Core Rule Set (the same code that fulfils Hop3's firewall deliverable), and Validoc, a documentation-testing tool built to ship a deliverable, where a tutorial's code blocks are executed as tests so documentation rot fails CI.
  • Where we are — the v0.4 → v0.5 cycle went into load-bearing trust work: reproducibility, a real privilege boundary, security, and testing, with the remaining items wrapping up into 0.6.
  • What comes next — federated agents (using Promise Theory as the formal frame for node cooperation under degraded connectivity), the more speculative Punix builder, and collaborative EU R&D on sovereign edge and IoT infrastructure.

The close was deliberately frank: the idea was never the open question. Hop3 is real and runs in production today — the work ahead is adoption first, then revenue.

About NGI Zero and OW2Con

The NGI Zero Commons Fund supports free and open-source projects that build a more resilient, trustworthy, and sovereign internet. OW2Con is the annual conference of the OW2 open-source community.

Thank you to the NGI Zero team and the OW2 community for the session, and to the fellow grantees for a genuinely interesting morning.