Stories with Tag NixOS

• Nvidia GPU on bare metal NixOS Kubernetes cluster explained

  permalink

  Posted: 2025-03-02 20:26:21

  Verbose tl;dr

  This blog post details setting up a bare-metal Kubernetes cluster on NixOS with Nvidia GPU support, focusing on simplicity and declarative configuration. It leverages NixOS's package management for consistent deployments across nodes and uses the toolkit's modularity to manage complex dependencies like CUDA drivers and container toolkits. The author emphasizes using separate NixOS modules for different cluster components—Kubernetes, GPU drivers, and container runtimes—allowing for easier maintenance and upgrades. The post guides readers through configuring the systemd unit for the Nvidia container toolkit, setting up the necessary kernel modules, and ensuring proper access for Kubernetes to the GPUs. Finally, it demonstrates deploying a GPU-enabled pod as a verification step.

  This blog post by Fang Pen Lin details the process of setting up a Kubernetes cluster on bare metal NixOS machines, with a specific focus on enabling GPU support provided by Nvidia cards. The author emphasizes a declarative and reproducible approach using NixOS's configuration language and the nixpkgs package repository.

  The core challenge lies in coordinating the necessary drivers, libraries, and daemons across both the host NixOS system and the containerized workloads within Kubernetes. The post meticulously outlines the steps involved, beginning with configuring the NixOS hosts. This includes installing the Nvidia driver, the CUDA toolkit, and related dependencies directly into the system's profile, ensuring they're available at boot. Critically, this avoids conflicts that might arise from installing these components within the Kubernetes cluster itself.

  A key component of this setup is the use of the Nvidia Container Toolkit. This toolkit facilitates the sharing of the host's GPU resources with containers, enabling Kubernetes pods to leverage the GPU for accelerated computing tasks. The blog post explains the installation and configuration of this toolkit on the NixOS hosts, highlighting the importance of proper device access and permissions.

  For orchestrating container deployments, the author opts for deploying a Kubernetes cluster using kubectl and a standard YAML manifest. This approach uses pre-built container images designed for CUDA development, ensuring compatibility and ease of deployment. To ensure the containers have access to the necessary GPU resources, the manifest includes specific configurations, including requesting GPU resources and mounting the necessary device paths. This setup allows users to define the required GPU resources directly in their pod specifications, ensuring proper allocation and usage.

  The author then elaborates on using a privileged DaemonSet to deploy the Nvidia device plugin. This plugin is crucial for communicating available GPU resources to the Kubernetes scheduler, enabling intelligent scheduling of GPU-dependent workloads. The post details the configuration of this DaemonSet, including security considerations related to running a privileged pod. It explains that this approach allows the Kubernetes scheduler to be aware of the GPUs present on each node and schedule pods requesting GPU resources accordingly.

  Finally, the blog post emphasizes the declarative and reproducible nature of the NixOS configuration. By defining the entire system configuration, including the Kubernetes cluster and GPU setup, in Nix code, the author ensures consistent deployments across different machines and facilitates easy reproducibility. This allows for easier maintenance, updates, and troubleshooting, as the entire system configuration can be easily replicated. The author highlights the benefits of this approach for managing complex infrastructure and minimizing configuration drift.

  • NixOS
  • Kubernetes
  • GPU
  • Nvidia
  • Bare Metal
  • cluster
  • Containerization
  • DevOps
  • system administration
  • Linux
  • Hardware Acceleration
  • High Performance Computing
  • machine learning
  • AI
  • Cloud Native
  • Infrastructure as Code

  Summary of Comments ( 6 )
  https://news.ycombinator.com/item?id=43234666

  Verbose tl;dr

  Hacker News users discussed various aspects of running Nvidia GPUs on a bare-metal NixOS Kubernetes cluster. Some questioned the necessity of NixOS for this setup, suggesting that its complexity might outweigh its benefits, especially for smaller clusters. Others countered that NixOS provides crucial advantages for reproducible deployments and managing driver dependencies, particularly valuable in research and multi-node GPU environments. Commenters also explored alternatives like using Ansible for provisioning and debated the performance impact of virtualization. A few users shared their personal experiences, highlighting both successes and challenges with similar setups, including issues with specific GPU models and kernel versions. Several commenters expressed interest in the author's approach to network configuration and storage management, but the author didn't elaborate on these aspects in the original post.

  The Hacker News post titled "Nvidia GPU on bare metal NixOS Kubernetes cluster explained" (https://news.ycombinator.com/item?id=43234666) has a moderate number of comments, generating a discussion around the complexities and nuances of using NixOS with Kubernetes and GPUs.

  Several commenters focus on the challenges and trade-offs of this specific setup. One commenter highlights the complexity of managing drivers, particularly the Nvidia driver, within NixOS and Kubernetes, questioning the overall maintainability and whether the benefits outweigh the added complexity. This sentiment is echoed by another commenter who mentions the difficulty of keeping drivers updated and synchronized across the cluster, suggesting that the approach might be more trouble than it's worth for smaller setups.

  Another discussion thread centers around the choice of NixOS itself. One user questions the wisdom of using NixOS for Kubernetes, arguing that its immutability can conflict with Kubernetes' dynamic nature and that other, more established solutions might be more suitable. This sparks a counter-argument where a proponent of NixOS explains that its declarative configuration and reproducibility can be valuable assets for managing complex infrastructure, especially when dealing with things like GPU drivers and kernel modules. They emphasize that while there's a learning curve, the long-term benefits in terms of reliability and maintainability can be substantial.

  The topic of hardware support and specific GPU models also arises. One commenter inquires about compatibility with consumer-grade GPUs, expressing interest in utilizing gaming GPUs for tasks like machine learning. Another comment thread delves into the specifics of PCI passthrough and the complexities of ensuring proper resource allocation and isolation within a Kubernetes environment.

  Finally, there are some comments appreciating the author's effort in documenting their process. They acknowledge the value of sharing such specialized knowledge and the insights it provides into managing complex infrastructure setups involving NixOS, Kubernetes, and GPUs. One commenter specifically expresses gratitude for the detailed explanation of the networking setup, which they found particularly helpful.

  In summary, the comments section reflects a mixture of skepticism and appreciation. While some users question the practicality and complexity of the approach, others recognize the potential benefits and value the author's contribution to sharing their experience and knowledge in navigating this complex technological landscape. The discussion highlights the ongoing challenges and trade-offs involved in integrating technologies like NixOS, Kubernetes, and GPUs for high-performance computing and machine learning workloads.

• Improved evaluation times with pre-resolved Nix store paths

  permalink

  Posted: 2025-02-12 15:05:17

  Verbose tl;dr

  The blog post details a performance optimization for Nix's evaluation process. By pre-resolving store paths for built-in functions, specifically fetchers, Nix can avoid redundant computations during evaluation, leading to significant speed improvements. This is achieved by introducing a new builtins attribute in the Nix expression language containing pre-computed hashes for commonly used fetchers. This change eliminates the need to repeatedly calculate these hashes during each evaluation, resulting in faster build times, particularly noticeable in projects with many dependencies. The post demonstrates benchmark results showing a substantial reduction in evaluation time with this optimization, highlighting its potential to improve the overall Nix user experience.

  The blog post "Improved evaluation times with pre-resolved Nix store paths" by Graham Christensen on determinate.systems discusses a significant performance optimization technique for Nix, a powerful package manager known for its reproducibility and declarative configuration. The core issue addressed is the overhead incurred during Nix expression evaluation, specifically the repeated resolution of store paths. Every time a Nix expression is evaluated, Nix needs to determine the final output path in the Nix store for each derivation. This process involves hashing the derivation's inputs and dependencies, which can be computationally expensive, especially for complex projects with many dependencies.

  Christensen introduces the concept of "pre-resolved store paths" as a solution. This technique involves pre-computing and caching these store paths ahead of time, decoupling path resolution from the main evaluation phase. By storing these pre-computed paths, subsequent evaluations can simply look up the path instead of recalculating it, drastically reducing evaluation time.

  The blog post details the implementation of this optimization within Determinate Systems' "dnix" tool, which leverages a content-addressed build cache. This cache stores build outputs and metadata, including the pre-calculated store paths. When a Nix expression is evaluated with dnix, the tool first checks the cache for a matching entry. If found, the pre-resolved store path is retrieved, bypassing the traditional path resolution process. If not found, dnix proceeds with the standard evaluation and then stores the resulting path in the cache for future use.

  The author demonstrates the performance gains achieved through this optimization with benchmarks comparing dnix to the standard Nix evaluator. These benchmarks show significant improvements in evaluation time, particularly for larger projects and repeated evaluations where the caching mechanism can be most effective. The blog post also highlights how this optimization benefits continuous integration (CI) workflows, where frequent evaluations are common and speed is crucial.

  Furthermore, Christensen emphasizes the importance of reproducible builds, which are a core tenet of Nix. He explains how pre-resolved store paths are compatible with reproducibility by ensuring that the cached paths are still consistent with the derivation inputs. If the inputs change, the hash changes, and a new store path is generated, maintaining the integrity of the Nix build process. The post concludes by suggesting that this optimization has the potential to significantly improve the overall user experience of working with Nix, making it faster and more efficient for larger projects and complex workflows.

  • Nix
  • NixOS
  • Nixpkgs
  • performance
  • Evaluation Time
  • Store Paths
  • Build Systems
  • package management
  • Functional Package Management
  • deterministic builds
  • Reproducibility

  Summary of Comments ( 30 )
  https://news.ycombinator.com/item?id=43026071

  Verbose tl;dr

  Hacker News users generally praised the technique described in the article for improving Nix evaluation performance. Several commenters highlighted the cleverness of pre-computing store paths, noting that it bypasses a significant bottleneck in Nix's evaluation process. Some expressed surprise that this optimization wasn't already implemented, while others discussed potential downsides, like the added complexity to the tooling and the risk of invalidating the cache if the store path changes. A few users also shared their own experiences with Nix performance issues and suggested alternative optimization strategies. One commenter questioned the significance of the improvement in practical scenarios, arguing that derivation evaluation is often not the dominant factor in overall build time.

  The Hacker News post "Improved evaluation times with pre-resolved Nix store paths" discussing the linked blog post about optimizing Nix evaluation times has generated a moderate number of comments, mostly focusing on the technical aspects and implications of the proposed optimization.

  Several commenters express interest and appreciation for the performance improvements achieved by pre-resolving Nix store paths. One commenter specifically mentions how significant the improvements are, particularly for larger projects where evaluation time can be a bottleneck. Another highlights the potential benefits this optimization could bring to projects using Nix flakes, which often involve numerous dependencies and complex evaluation graphs.

  A significant portion of the discussion revolves around the intricacies of Nix's evaluation model and how this optimization interacts with it. One commenter delves into the technical details of how Nix resolves paths and how pre-resolution can avoid redundant work, leading to faster evaluation times. Another discusses the trade-offs involved in pre-computing these paths, noting that while it improves evaluation speed, it might introduce complexity in other areas. There's also a comment exploring the potential implications of this change for Nix's caching mechanisms.

  Some commenters also raise questions about the implementation and practical applications of this optimization. One inquires about the feasibility of integrating this technique into Nix itself, while another asks about potential compatibility issues with existing Nix projects. A user questions the overall impact on real-world usage, wondering if the improvement is noticeable in typical development workflows. There is further discussion around specific aspects of the implementation, including the use of SHA256 hashes and the handling of dynamic dependencies.

  Finally, there are a few comments that offer alternative perspectives or suggestions. One commenter proposes a different approach to optimizing Nix evaluation, suggesting that focusing on reducing the number of dependencies might be more effective. Another mentions related work in other build systems, drawing parallels and highlighting potential areas for cross-pollination.

• Persistent packages on Steam Deck using Nix

  permalink

  Posted: 2025-02-09 18:15:44

  Verbose tl;dr

  This blog post details how to use Nix to manage persistent software installations on a Steam Deck, separate from the read-only SteamOS filesystem. The author leverages a separate ext4 partition formatted and mounted at /opt, where Nix stores its packages. This setup allows users to install and manage software without affecting the integrity of the core system, offering a robust and reproducible environment. The guide covers partitioning, mounting, installing Nix, configuring the system to recognize the Nix store, and provides practical examples for installing and running applications like Discord and installing desktop environments like KDE Plasma. This approach offers a significant advantage for users seeking a more flexible and powerful software management solution on their Steam Deck.

  The blog post "Persistent packages on Steam Deck using Nix" by Tomáš Chráštecký details a method for installing and managing software on a Steam Deck using the Nix package manager, achieving persistent installations that survive SteamOS updates. The author's motivation stems from the desire to have a consistent development environment and access to tools not readily available through the standard SteamOS image or its compatibility layer, Proton. He explains that simply installing packages through traditional means like apt within the desktop mode leads to these packages being wiped out whenever SteamOS receives an update.

  The solution revolves around leveraging Nix's declarative and reproducible build system. Instead of modifying the core system, Nix installs packages in a user-specific directory, making them independent of the underlying operating system. This isolation ensures that even after system updates, the Nix-managed packages remain untouched and functional. The post meticulously outlines the steps involved in setting up Nix on the Steam Deck, emphasizing a user-specific, non-root installation for safety and maintainability. This includes downloading the Nix installer script, executing it with appropriate flags to install to the user's home directory, and configuring the shell environment to utilize Nix.

  Chráštecký further elaborates on how to create a symbolic link from the user's Nix profile to a more accessible location, streamlining the process of running Nix-installed programs. He also discusses the creation of a shell.nix file, which acts as a manifest for specifying desired packages. This declarative approach allows users to define their software environment precisely and rebuild it consistently. The post provides concrete examples of a shell.nix file containing common development tools like git, gcc, and python3. The author emphasizes the advantage of using home-manager, a Nix tool that enables managing dotfiles and user-specific configurations in a declarative manner, further enhancing reproducibility and maintainability across different machines. The blog post concludes with a brief overview of how to launch programs installed via Nix, either directly through their paths within the Nix store or by using symbolic links in more convenient locations. This comprehensive guide allows Steam Deck users to maintain a persistent and customized software environment independent of the SteamOS update cycle, providing a stable platform for development and general-purpose computing.

  • Steam Deck
  • Nix
  • NixOS
  • Linux
  • Gaming
  • Packages
  • package management
  • persistence
  • Home Manager
  • Configuration Management
  • Software Management
  • Immutable Infrastructure
  • Declarative Configuration

  Summary of Comments ( 31 )
  https://news.ycombinator.com/item?id=42992345

  Verbose tl;dr

  Several commenters on Hacker News expressed skepticism about the practicality of using Nix on the Steam Deck, citing complexity, limited storage space, and potential performance impacts. Some suggested alternative solutions like using Flatpak or simply managing game installations through Steam directly. Others questioned the need for persistent packages at all for gaming. However, a few commenters found the approach interesting and appreciated the author's exploration of Nix on a non-traditional platform, showcasing its flexibility. Some acknowledged the potential benefits of reproducible environments, especially for development or modding. The discussion also touched on the steep learning curve of Nix and the need for better documentation and tooling to make it more accessible.

  The Hacker News post "Persistent packages on Steam Deck using Nix" has generated several comments discussing the use of Nix for package management on the Steam Deck, a handheld gaming PC. Many commenters express enthusiasm for Nix and its potential advantages on the platform.

  Several commenters highlight the benefits of declarative package management, which Nix offers. They appreciate the reproducibility and predictability it brings, ensuring consistent software environments and simplifying troubleshooting. This is particularly relevant on the Steam Deck, where managing software installations can be more complex than on a traditional desktop.

  One commenter specifically mentions using Nix to manage their development environment on the Steam Deck, appreciating the ability to easily switch between different project setups. Another details their experience using Nix to install software like GIMP and other desktop applications not readily available through the standard SteamOS interface.

  Some users discuss the complexities and learning curve associated with Nix. While acknowledging its power, they point out that it can be initially challenging to grasp its concepts and syntax. However, other commenters offer resources and suggestions to help newcomers get started with Nix, emphasizing the long-term benefits it provides.

  A couple of comments touch on the performance implications of using Nix on the Steam Deck. While generally positive, they note that there might be a slight performance overhead compared to native installations in certain scenarios. Further discussion revolves around potential optimizations and strategies to minimize any performance impact.

  The use of containers alongside Nix is also mentioned, with commenters exploring the possibilities of combining these technologies for even greater flexibility and isolation in managing software on the Steam Deck.

  Finally, there's a discussion about the integration of Nix with the SteamOS desktop mode. Users share their experiences and tips for seamlessly incorporating Nix into their existing workflows on the device. The general consensus is that while there are some initial hurdles to overcome, the benefits of using Nix for package management on the Steam Deck are significant for those willing to invest the time in learning it.

• Is NixOS truly reproducible?

  permalink

  Posted: 2025-02-09 09:56:13

  Verbose tl;dr

  NixOS aims for reproducibility, but subtle discrepancies can arise. While package builds are generally deterministic thanks to Nix's controlled environment, issues like differing system times during builds, non-deterministic build processes within packages themselves, and reliance on external resources like network-fetched timestamps or random numbers can introduce variability. The author highlights these challenges and explores how they impact reproducibility in practice, demonstrating that while NixOS significantly improves build consistency, achieving perfect reproducibility requires careful attention and sometimes impractical restrictions. Flaky tests and varying build outputs are presented as evidence of these limitations, showcasing scenarios where identical Nix expressions produce different results.

  The blog post "Is NixOS truly reproducible?" by Luca Bruno explores the nuances of reproducibility in the NixOS ecosystem, questioning the absolute nature of the claim often made about its build repeatability. While acknowledging Nix's strong foundations for reproducible builds through its functional package management and declarative configuration, the author delves into several factors that can introduce variability and compromise perfect reproducibility.

  The post begins by defining reproducibility as the ability to rebuild a system bit-for-bit, producing an identical output given the same inputs. It then proceeds to categorize the challenges to reproducibility into three primary areas: hardware, non-determinism in build processes, and external dependencies.

  Regarding hardware, the post highlights how variations in CPU architecture, microcode updates, and even seemingly minor differences like CPU flags can influence the final build output, leading to different binaries despite identical source code and build instructions. These hardware-specific optimizations, while beneficial for performance, can impede bit-for-bit reproducibility.

  The issue of non-determinism within build processes is also addressed. Even with Nix's controlled environment, some build scripts might incorporate elements like timestamps, random number generators, or rely on the build machine's hostname, inadvertently introducing variability into the final output. While Nix attempts to mitigate these issues, achieving perfect isolation and eliminating all sources of non-determinism remains a challenge.

  Finally, the post discusses the impact of external dependencies on reproducibility. Fetching resources from external sources, like downloading dependencies from the internet, introduces potential for variations if these external resources change between builds. While Nix's caching mechanisms help mitigate this, they don't entirely eliminate the risk, especially when dealing with unstable or changing external dependencies. The post specifically mentions build systems interacting with online databases or APIs as a source of potential instability.

  The author further explores the concept of "sufficient reproducibility," arguing that while perfect bit-for-bit reproduction might be difficult to achieve in all scenarios, a practically useful level of reproducibility is still attainable and highly valuable. This "sufficient reproducibility" focuses on guaranteeing consistent functionality and behavior, even if the binaries aren't strictly identical.

  The conclusion emphasizes that while NixOS strives for and largely achieves a high degree of reproducibility, absolute, bit-for-bit reproducibility is a complex goal, influenced by various factors. The post encourages a nuanced understanding of the challenges and acknowledges the ongoing efforts within the Nix community to further enhance reproducibility within the ecosystem. It suggests focusing on pragmatic solutions that prioritize functional consistency and recognizing that perfect reproducibility may remain an elusive ideal in certain contexts.

  • NixOS
  • Reproducibility
  • reproducible builds
  • Linux
  • Operating System
  • Functional Package Management
  • Declarative Configuration
  • Software Deployment
  • System Configuration
  • Nix

  Summary of Comments ( 94 )
  https://news.ycombinator.com/item?id=42989666

  Verbose tl;dr

  Hacker News users discuss reproducibility issues encountered with NixOS, despite its declarative nature. Several commenters point out that while Nix excels at package reproducibility, issues arise from external factors like hardware differences (particularly GPUs and networking) and reliance on non-reproducible external resources like timestamps and random number generation. One compelling comment highlights the distinction between "build reproducibility" and "runtime reproducibility," arguing NixOS effectively achieves the former but struggles with the latter. Others suggest that focusing solely on bit-for-bit reproducibility is misplaced, and that NixOS's value lies in its robust declarative configuration and ease of rollback, even if perfect reproducibility remains a challenge. The importance of properly caching build dependencies for true reproducibility is also emphasized. Several users share anecdotal experiences with inconsistencies and difficulties reproducing specific configurations, especially when dealing with complex setups or proprietary drivers.

  The Hacker News post "Is NixOS truly reproducible?" sparked a discussion with several insightful comments exploring nuances of reproducibility in NixOS.

  One commenter highlights that true reproducibility is an unattainable ideal, akin to a "Platonic form," and that NixOS, while striving for it, inevitably falls short due to factors like differing hardware and microcode updates. They argue that NixOS's value lies in its high reproducibility, drastically reducing rebuild issues compared to traditional package management.

  Another commenter points out the distinction between "bit-for-bit" reproducibility and "functional" reproducibility. While NixOS excels at the latter, guaranteeing consistent functionality across different builds, achieving identical bit-level outputs is often hampered by build-time timestamps or non-deterministic build processes within certain software packages. They mention that projects like GuixSD place a stronger emphasis on bit-reproducibility.

  Several users discuss the challenges posed by non-deterministic builds in various programming languages and libraries. Examples include the use of __DATE__ or __TIME__ macros in C/C++, randomized hashing in some build systems, and differences stemming from varied compiler optimizations or linked library versions. These issues aren't specific to NixOS but highlight broader challenges in achieving perfect reproducibility across software ecosystems.

  One comment thread delves into the "bootstrap problem" – the inherent difficulty of ensuring the reproducibility of the tools used to build the system itself. Even if NixOS packages are reproducible, questions arise about the reproducibility of the Nix package manager itself and the underlying build environments.

  A practical perspective is offered by a commenter who notes that while perfect reproducibility is theoretically interesting, the practical benefits of NixOS's high level of reproducibility are significant. They emphasize the ability to consistently rebuild environments across different machines and over time, vastly simplifying system administration and deployment.

  Some users share their experiences with NixOS, acknowledging occasional reproducibility issues they've encountered but generally praising its reliability compared to other operating systems and package managers. They discuss how NixOS facilitates rollbacks and system recovery, providing a safety net against breaking changes.

  Finally, a few commenters touch upon the security implications of reproducibility. While not a guarantee of security, reproducible builds can aid in verifying the integrity of software and detecting potentially malicious modifications. The ability to rebuild a system from source code provides a higher level of trust than relying on pre-built binaries.