diff --git a/content/doc/mn5.md b/content/doc/mn5.md new file mode 100644 index 0000000..84eb2d4 --- /dev/null +++ b/content/doc/mn5.md @@ -0,0 +1,147 @@ +--- +title: "Using nix in marenostrum" +description: "How to use nix-portable to run nix on marenostrum without privileges" +date: 2026-03-04 +--- + +# Obtaining nix-portable + +[nix-portable][1] provides a static nix with a virtualised `/nix/store` that +allows running `nix` without root. + +There is version already installed in `/gpfs/projects/bsc15/nix-portable/bin`, +you can use that and skip to [Set up](#set-up). + +If you want to obtain it yourself by following the instructions on [nix-portable][1] +summarized below: + +```bash +curl -L https://github.com/DavHau/nix-portable/releases/latest/download/nix-portable-$(uname -m) > ./nix-portable +chmod +x ./nix-portable + +ln -s nix-portable nix +ln -s nix-portable nix-build +ln -s nix-portable nix-channel +ln -s nix-portable nix-collect-garbage +ln -s nix-portable nix-copy-closure +ln -s nix-portable nix-daemon +ln -s nix-portable nix-env +ln -s nix-portable nix-hash +ln -s nix-portable nix-instantiate +ln -s nix-portable nix-prefetch-url +ln -s nix-portable nix-shell +ln -s nix-portable nix-store +``` + +# Set up + +Add `nix-portable` and the symlinks to your `$PATH`. The default virtualisation +method does not work, so you must set `NP_RUNTIME` to `bwrap` to override it. If +that is not set, you will get an error when setting up the namespace. + +Optionally, you can set `NP_LOCATION` to change the location of your `/nix/store`. +By default it will be at `$HOME/.nix-portable`: + +```bash +export PATH="$PATH:/gpfs/projects/bsc15/nix-portable/bin" # or the path of your install +export NP_RUNTIME=bwrap +export NP_LOCATION="$HOME" # defaults to $HOME if not set +``` + +## Configuring nix + +After its first run, `nix-portable` will download and populate a local +`/nix/store` along with `bwrap`, `busybox` and all the other tools it needs. + +These files are located inside `$NP_LOCATION/.nix-portable` with the nix store in `$NP_LOCATION/.nix-portable/nix` and the nix configuration file (`man nix.conf`) +in `$NP_LOCATION/.nix-portable/conf/nix.conf`. +When using jungle, we recommend adding our substituter to `nix.conf` with: + +```ini +extra-substituters = https://jungle.bsc.es/cache +extra-trusted-public-keys = jungle.bsc.es:pEc7MlAT0HEwLQYPtpkPLwRsGf80ZI26aj29zMw/HH0= +``` + +See [hut#binary-cache][2] for more details. + +Additionally, you can add an registry entry for jungle: + +``` +nix registry add jungle git+https://jungle.bsc.es/git/rarias/jungle +``` + +This should allow running builds with: `nix build jungle#`. + +**NOTE:** This does not pin jungle to any commit, and it may move once +the repository changes. To have proper reproducible builds, use [flakes][3]. + + +# Building and Running + +If everything has gone well, you should now be able to use nix in marenostrum, +provided your node has internet access. + +```bash +nix build nixpkgs#hello +``` + +Keep in mind that the resulting symlink will be broken, since it requires the +`nix-portable` virtualised filesystem to run: + +```console +$ file result +result: broken symbolic link to /nix/store/8qi947kixhz1nw83dkwxm6d0wndprqkj-hello-2.12.2 +``` + +You will have to either use `nix run` to run the binary through nix or enter +a shell with `nix shell/develop` where `/nix/store` will be available: + +```console +$ nix run nixpkgs#hello +Hello, world! + +$ nix shell nixpkgs#hello +bash-5.1$ hello +Hello, world! +bash-5.1$ exit + +$ nix run nixpkgs#bashInteractive +[user@glogin4 ~]$ readlink -f result +/nix/store/8qi947kixhz1nw83dkwxm6d0wndprqkj-hello-2.12.2 +[user@glogin4 ~]$ ./result/bin/hello +Hello, world! +[user@glogin4 ~]$ exit +``` + + +# Transferring derivations + +You can transfer derivations between your local machine and marenostrum. You can +check if communication works with `nix store info`: + +```console +$ nix store info --store ssh-ng://@glogin1.bsc.es +Store URL: ssh://@glogin1.bsc.es +Version: 2.20.6 +Trusted: 1 +``` + +Then, you can send derivations between mn5 and another nix machine through ssh +with: + +```bash +nix copy --to ssh-ng://@glogin1.bsc.es jungle#ovni +nix copy --from ssh-ng://@glogin1.bsc.es /nix/store/ +``` + +Note that when copying *from* mn5, you must provide the full path in the nix +store. + +# Known issues + +- `builtins.fetchGit` is currently broken due to permission issues with the ssh +configuration files. + +[1]: https://github.com/DavHau/nix-portable +[2]: /hut/#binary-cache +[3]: /doc/quickstart/#creating-a-flakenix