4.2 KiB
title, description, date
| title | description | date |
|---|---|---|
| Using nix in marenostrum | How to use nix-portable to run nix on marenostrum without privileges | 2026-03-04 |
Obtaining nix-portable
nix-portable provides a static nix with a virtualised /nix/store that
allows running nix without root.
There is version already installed in /gpfs/projects/bsc15/nix-portable/bin,
you can use that and skip to Set up.
If you want to obtain it yourself by following the instructions on nix-portable summarized below:
curl -L https://github.com/DavHau/nix-portable/releases/latest/download/nix-portable-$(uname -m) > ./nix-portable
chmod +x ./nix-portable
ln -s nix-portable nix
ln -s nix-portable nix-build
ln -s nix-portable nix-channel
ln -s nix-portable nix-collect-garbage
ln -s nix-portable nix-copy-closure
ln -s nix-portable nix-daemon
ln -s nix-portable nix-env
ln -s nix-portable nix-hash
ln -s nix-portable nix-instantiate
ln -s nix-portable nix-prefetch-url
ln -s nix-portable nix-shell
ln -s nix-portable nix-store
Set up
Add nix-portable and the symlinks to your $PATH. The default virtualisation
method does not work, so you must set NP_RUNTIME to bwrap to override it. If
that is not set, you will get an error when setting up the namespace.
Optionally, you can set NP_LOCATION to change the location of your /nix/store.
By default it will be at $HOME/.nix-portable:
export PATH="$PATH:/gpfs/projects/bsc15/nix-portable/bin" # or the path of your install
export NP_RUNTIME=bwrap
export NP_LOCATION="$HOME" # defaults to $HOME if not set
Configuring nix
After its first run, nix-portable will download and populate a local
/nix/store along with bwrap, busybox and all the other tools it needs.
These files are located inside $NP_LOCATION/.nix-portable with the nix store in $NP_LOCATION/.nix-portable/nix and the nix configuration file (man nix.conf)
in $NP_LOCATION/.nix-portable/conf/nix.conf.
When using jungle, we recommend adding our substituter to nix.conf with:
extra-substituters = https://jungle.bsc.es/cache
extra-trusted-public-keys = jungle.bsc.es:pEc7MlAT0HEwLQYPtpkPLwRsGf80ZI26aj29zMw/HH0=
See hut#binary-cache for more details.
Additionally, you can add an registry entry for jungle:
nix registry add jungle git+https://jungle.bsc.es/git/rarias/jungle
This should allow running builds with: nix build jungle#<package>.
NOTE: This does not pin jungle to any commit, and it may move once the repository changes. To have proper reproducible builds, use flakes.
Building and Running
If everything has gone well, you should now be able to use nix in marenostrum, provided your node has internet access.
nix build nixpkgs#hello
Keep in mind that the resulting symlink will be broken, since it requires the
nix-portable virtualised filesystem to run:
$ file result
result: broken symbolic link to /nix/store/8qi947kixhz1nw83dkwxm6d0wndprqkj-hello-2.12.2
You will have to either use nix run to run the binary through nix or enter
a shell with nix shell/develop where /nix/store will be available:
$ nix run nixpkgs#hello
Hello, world!
$ nix shell nixpkgs#hello
bash-5.1$ hello
Hello, world!
bash-5.1$ exit
$ nix run nixpkgs#bashInteractive
[user@glogin4 ~]$ readlink -f result
/nix/store/8qi947kixhz1nw83dkwxm6d0wndprqkj-hello-2.12.2
[user@glogin4 ~]$ ./result/bin/hello
Hello, world!
[user@glogin4 ~]$ exit
Transferring derivations
You can transfer derivations between your local machine and marenostrum. You can
check if communication works with nix store info:
$ nix store info --store ssh-ng://<user>@glogin1.bsc.es
Store URL: ssh://<user>@glogin1.bsc.es
Version: 2.20.6
Trusted: 1
Then, you can send derivations between mn5 and another nix machine through ssh with:
nix copy --to ssh-ng://<user>@glogin1.bsc.es jungle#ovni
nix copy --from ssh-ng://<user>@glogin1.bsc.es /nix/store/<path>
Note that when copying from mn5, you must provide the full path in the nix store.
Known issues
builtins.fetchGitis currently broken due to permission issues with the ssh configuration files.