Add guide on using nix in marenostrum 5

content/doc/mn5.md

@@ -0,0 +1,147 @@
+---
+title: "Using nix in marenostrum"
+description: "How to use nix-portable to run nix on marenostrum without privileges"
+date: 2026-03-04
+---
+
+# Obtaining nix-portable
+
+[nix-portable][1] provides a static nix with a virtualised `/nix/store` that
+allows running `nix` without root.
+
+There is version already installed in `/gpfs/projects/bsc15/nix-portable/bin`,
+you can use that and skip to [Set up](#set-up).
+
+If you want to obtain it yourself by following the instructions on [nix-portable][1]
+summarized below:
+
+```bash
+curl -L https://github.com/DavHau/nix-portable/releases/latest/download/nix-portable-$(uname -m) > ./nix-portable
+chmod +x ./nix-portable
+
+ln -s nix-portable nix
+ln -s nix-portable nix-build
+ln -s nix-portable nix-channel
+ln -s nix-portable nix-collect-garbage
+ln -s nix-portable nix-copy-closure
+ln -s nix-portable nix-daemon
+ln -s nix-portable nix-env
+ln -s nix-portable nix-hash
+ln -s nix-portable nix-instantiate
+ln -s nix-portable nix-prefetch-url
+ln -s nix-portable nix-shell
+ln -s nix-portable nix-store
+```
+
+# Set up
+
+Add `nix-portable` and the symlinks to your `$PATH`. The default virtualisation
+method does not work, so you must set `NP_RUNTIME` to `bwrap` to override it. If
+that is not set, you will get an error when setting up the namespace.
+
+Optionally, you can set `NP_LOCATION` to change the location of your `/nix/store`.
+By default it will be at `$HOME/.nix-portable`:
+
+```bash
+export PATH="$PATH:/gpfs/projects/bsc15/nix-portable/bin" # or the path of your install
+export NP_RUNTIME=bwrap
+export NP_LOCATION="$HOME" # defaults to $HOME if not set
+```
+
+## Configuring nix
+
+After its first run, `nix-portable` will download and populate a local
+`/nix/store` along with `bwrap`, `busybox` and all the other tools it needs.
+
+These files are located inside `$NP_LOCATION/.nix-portable` with the nix store in `$NP_LOCATION/.nix-portable/nix` and the nix configuration file (`man nix.conf`)
+in `$NP_LOCATION/.nix-portable/conf/nix.conf`.
+When using jungle, we recommend adding our substituter to `nix.conf` with:
+
+```ini
+extra-substituters = https://jungle.bsc.es/cache
+extra-trusted-public-keys = jungle.bsc.es:pEc7MlAT0HEwLQYPtpkPLwRsGf80ZI26aj29zMw/HH0=
+```
+
+See [hut#binary-cache][2] for more details.
+
+Additionally, you can add an registry entry for jungle:
+
+```
+nix registry add jungle git+https://jungle.bsc.es/git/rarias/jungle
+```
+
+This should allow running builds with: `nix build jungle#<package>`.
+
+**NOTE:** This does not pin jungle to any commit, and it may move once
+the repository changes. To have proper reproducible builds, use [flakes][3].
+
+
+# Building and Running
+
+If everything has gone well, you should now be able to use nix in marenostrum,
+provided your node has internet access.
+
+```bash
+nix build nixpkgs#hello
+```
+
+Keep in mind that the resulting symlink will be broken, since it requires the
+`nix-portable` virtualised filesystem to run:
+
+```console
+$ file result
+result: broken symbolic link to /nix/store/8qi947kixhz1nw83dkwxm6d0wndprqkj-hello-2.12.2
+```
+
+You will have to either use `nix run` to run the binary through nix or enter
+a shell with `nix shell/develop` where `/nix/store` will be available:
+
+```console
+$ nix run nixpkgs#hello
+Hello, world!
+
+$ nix shell nixpkgs#hello
+bash-5.1$ hello
+Hello, world!
+bash-5.1$ exit
+
+$ nix run nixpkgs#bashInteractive
+[user@glogin4 ~]$ readlink -f result
+/nix/store/8qi947kixhz1nw83dkwxm6d0wndprqkj-hello-2.12.2
+[user@glogin4 ~]$ ./result/bin/hello
+Hello, world!
+[user@glogin4 ~]$ exit
+```
+
+
+# Transferring derivations
+
+You can transfer derivations between your local machine and marenostrum. You can
+check if communication works with `nix store info`:
+
+```console
+$ nix store info --store ssh-ng://<user>@glogin1.bsc.es
+Store URL: ssh://<user>@glogin1.bsc.es
+Version: 2.20.6
+Trusted: 1
+```
+
+Then, you can send derivations between mn5 and another nix machine through ssh
+with:
+
+```bash
+nix copy --to ssh-ng://<user>@glogin1.bsc.es jungle#ovni
+nix copy --from ssh-ng://<user>@glogin1.bsc.es /nix/store/<path>
+```
+
+Note that when copying *from* mn5, you must provide the full path in the nix
+store.
+
+# Known issues
+
+- `builtins.fetchGit` is currently broken due to permission issues with the ssh
+configuration files.
+
+[1]: https://github.com/DavHau/nix-portable
+[2]: /hut/#binary-cache
+[3]: /doc/quickstart/#creating-a-flakenix