Stream: nix

Topic: home-manager without admin access


view this post on Zulip Krishnakumar Gopalakrishnan (Mar 01 2024 at 09:24):

Srid said:

home-manager online event

https://nixos.asia/en/event/nix-dev-home

We will demonstrate using Nix to declaratively manage your dotfiles, programs and services using home-manager, thus replacing the likes of legacy software like homebrew. The goal is to create an one-click environment to setup an user environment on any system, be it a Macbook or a Linux machine.

Highly interested in using home-manager with a non-root install of nix. I work on multiple remote servers for HPC development (where I don't have admin priveleges), and would like to have an identical dev environment everywhere with modern tools etc available in my $PATH. Would be nice if the talk will cover this aspect.

view this post on Zulip Notification Bot (Mar 01 2024 at 12:26):

A message was moved here from #nix > Nix events in India by Srid.

view this post on Zulip Srid (Mar 01 2024 at 12:26):

@Krishnakumar Gopalakrishnan Welcome!

I'm pretty sure home-manager on itself shouldn't require root access.

It is Nix installation that normally does, but I think there's a way to install it without requiring it.

view this post on Zulip Srid (Mar 01 2024 at 12:37):

Srid said:

[...] I think there's a way to install it without requiring it.

You can try this: https://nixos.wiki/wiki/Nix_Installation_Guide#Installing_without_root_permissions

view this post on Zulip Srid (Mar 01 2024 at 17:05):

Also https://github.com/DavHau/nix-portable

But has performance drawbacks,

If user namespaces are not available on a system, nix-portable will fall back to using proot instead of bubblewrap. Proot's virtualization can have a significant performance overhead depending on the workload. In that situation, it might be beneficial to use a remote builder or alternatively build the derivations on another host and sync them via a cache like cachix.org.

view this post on Zulip Tim DeHerrera (Mar 01 2024 at 17:08):

Nix only needs root if using the daemon. You can still run Nix in "single-user" daemonless mode, and the only requirement is that the user calling the binary own the /nix dir

view this post on Zulip Tim DeHerrera (Mar 01 2024 at 17:08):

Little known fact that a static nix binary will create its own chroot store automatically for the current user of called and no /nix dir exists as well

view this post on Zulip Tim DeHerrera (Mar 01 2024 at 17:09):

(making nix-portable somewhat obsolete)

view this post on Zulip Srid (Mar 01 2024 at 17:22):

Okay, so basically @Krishnakumar Gopalakrishnan can follow the "Single user" instructions here https://nixos.org/manual/nix/stable/installation/#single-user

view this post on Zulip tgunnoe (Mar 01 2024 at 17:42):

Tim DeHerrera said:

Little known fact that a static nix binary will create its own chroot store automatically for the current user of called and no /nix dir exists as well

now all we need is for that to work on macos as it does on linux and and something like nix bundle for distributing runtimes with guis much like the other pack formats on linux

view this post on Zulip Tim DeHerrera (Mar 01 2024 at 17:46):

Problem is, mac's kernel doesn't have the same namespace capabilities of Linux :sweat_smile:

view this post on Zulip Shivaraj B H (May 08 2024 at 04:16):

Related: https://x.com/matthewcroughan/status/1787886356762382563?s=46

view this post on Zulip Shivaraj B H (May 08 2024 at 04:17):

Probably a good candidate for a blog at nixos.asia?

view this post on Zulip Srid (May 08 2024 at 04:18):

Shivaraj B H said:

Probably a good candidate for a blog at nixos.asia?

Sure, or a tutorial.

view this post on Zulip Srid (May 08 2024 at 04:18):

Create an issue on GitHub so we don't forget.

view this post on Zulip Krishnakumar Gopalakrishnan (May 08 2024 at 05:42):

The static version of nix can't install binary executables and needs to
build every single package from source.

view this post on Zulip Shivaraj B H (May 08 2024 at 06:06):

@Krishnakumar Gopalakrishnan you mean to say that binary cache, such as cache.nixos.org isn’t used to fetch the packages in a single user installation?

view this post on Zulip Shivaraj B H (May 08 2024 at 06:07):

Anyways, I will check this out, here’s the issue to track progress: https://github.com/nixos-asia/website/issues/35

view this post on Zulip Krishnakumar Gopalakrishnan (May 08 2024 at 11:30):

That's right. Without root access, static nix will have to build every
single package declared in the home.nix file from scratch.

This is because the cached versions of the pre built binaries have
hardcoded locations that expect certain dynamic libraries to be loaded from
certain standard library paths in the user's system (which requires root
access typically eg. /usr/local/lib). The HPC package manager Spack from
Lawrence Livermore National Laboratories addresses this exact problem
(relocatable binary issue) by using clever RPATH redirection mechanism
embedded into the binary and by explicitly providing binary caches that
target user-space installs.

Most HPC and shared scientific computing clusters don't allow any kind of
write access to the /nix directory. In fact sysadmins don't even create
this directory.

view this post on Zulip Tim DeHerrera (May 09 2024 at 13:33):

Hey so, this isn't true unless you globally change the location of the /nix/store, which isn't necessary. The static version of Nix will automatically use a user namespace store in the users home directory if it doesn't have permission to write to /nix, which still uses /nix/store in the namespace, so the cache will work.

You can also just give your user ownership of the /nix directory in single-user mode. Also, you don't need a static Nix to run in single-user mode. Two different things

view this post on Zulip Krishnakumar Gopalakrishnan (May 09 2024 at 15:18):

Hmm. Interesting. When I tried static nix, it appeared to be building my
home-manager configured packages from source.

I think readers will benefit from a detailed study and writeup of how to
get a static version of nix without sudo privileges or ownership of /nix,
and still make it use pre-built binaries.

view this post on Zulip Tim DeHerrera (May 10 2024 at 02:11):

Did you check to make sure the cache was properly configured?

view this post on Zulip Tim DeHerrera (May 10 2024 at 02:12):

It should be as simple as "download static nix, excute a build", if that's not working something else has gone wrong.

I've done it several times

view this post on Zulip Tim DeHerrera (May 10 2024 at 02:12):

(on Linux anyway)


Last updated: Nov 13 2024 at 11:45 UTC