39a211a846 
							
						 
					 
					
						
						
							
							Add NixOS module to control power policy  
						
						... 
						
						
						
						Reviewed-by: Aleix Roca Nonell <aleix.rocanonell@bsc.es>
Reviewed-by: Aleix Boné <abonerib@bsc.es> 
						
						
					 
					
						2025-07-24 11:22:36 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							142985c505 
							
						 
					 
					
						
						
							
							Move August shutdown to 3rd at 22h  
						
						... 
						
						
						
						Reviewed-by: Aleix Roca Nonell <aleix.rocanonell@bsc.es>
Reviewed-by: Aleix Boné <abonerib@bsc.es> 
						
						
					 
					
						2025-07-24 11:22:33 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							3f3dc2d037 
							
						 
					 
					
						
						
							
							Disable automatic August shutdown for Fox  
						
						... 
						
						
						
						The UPC has different dates for the yearly power cut, and Fox can
recover properly from a power loss, so we don't need to have it turned
off before the power cut. Simply disabling the timer is enough.
Reviewed-by: Aleix Roca Nonell <aleix.rocanonell@bsc.es>
Reviewed-by: Aleix Boné <abonerib@bsc.es> 
						
						
					 
					
						2025-07-24 11:22:10 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							3269d763aa 
							
						 
					 
					
						
						
							
							Add cudainfo program to test CUDA  
						
						... 
						
						
						
						The cudainfo program checks that we can initialize the CUDA RT library
and communicate with the driver. It can be used as standalone program or
built with cudainfo.gpuCheck so it is executed inside the build sandbox
to see if it also works fine. It uses the autoAddDriverRunpath hook to
inject in the runpath the location of the library directory for CUDA
libraries.
Reviewed-by: Aleix Boné <abonerib@bsc.es> 
						
						
					 
					
						2025-07-23 11:52:09 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							f2d8ee8552 
							
						 
					 
					
						
						
							
							Add missing symlink in cuda sandbox  
						
						... 
						
						
						
						Reviewed-by: Aleix Boné <abonerib@bsc.es> 
						
						
					 
					
						2025-07-23 11:51:47 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							8d984a0672 
							
						 
					 
					
						
						
							
							Enable cuda systemFeature in raccoon and fox  
						
						... 
						
						
						
						This allows running derivations which depend on cuda runtime without
breaking the sandbox. We only need to add `requiredSystemFeatures = [ "cuda" ];`
to the derivation.
Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es> 
						
						
					 
					
						2025-07-22 17:07:13 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							f3733418b2 
							
						 
					 
					
						
						
							
							Move shared nvidia settings to a separate module  
						
						... 
						
						
						
						Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es> 
						
						
					 
					
						2025-07-22 17:06:45 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							ce8b05b142 
							
						 
					 
					
						
						
							
							Replace xeon07 by hut in ssh config  
						
						... 
						
						
						
						The xeon07 machine has been renamed to hut.
Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es> 
						
						
					 
					
						2025-07-21 18:10:08 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							4a5787e0c6 
							
						 
					 
					
						
						
							
							Enable automatic Nix GC in raccoon  
						
						... 
						
						
						
						Reviewed-by: Aleix Boné <abonerib@bsc.es> 
						
						
					 
					
						2025-07-21 17:58:26 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							6c11093033 
							
						 
					 
					
						
						
							
							Select proprietary NVIDIA driver in raccoon  
						
						... 
						
						
						
						The NVIDIA GTX 960 from 2016 has the Maxwell architecture, and NixOS
suggests using the proprietary driver for older than Turing:
> It is suggested to use the open source kernel modules on Turing or
> later GPUs (RTX series, GTX 16xx), and the closed source modules
> otherwise.
Reviewed-by: Aleix Boné <abonerib@bsc.es> 
						
						
					 
					
						2025-07-21 17:58:21 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							750504744f 
							
						 
					 
					
						
						
							
							Enable open source NVidia driver in fox  
						
						... 
						
						
						
						It is recommended for newer versions.
Reviewed-by: Aleix Boné <abonerib@bsc.es> 
						
						
					 
					
						2025-07-18 09:57:38 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							c26ec1b6f1 
							
						 
					 
					
						
						
							
							Remove option allowUnfree from fox and raccoon  
						
						... 
						
						
						
						It is already set to true for all machines.
Reviewed-by: Aleix Boné <abonerib@bsc.es> 
						
						
					 
					
						2025-07-18 09:57:21 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							2ef32f773c 
							
						 
					 
					
						
						
							
							Ban another scanner trying to connect via SSH  
						
						... 
						
						
						
						It is constantly spamming out logs:
apex# journalctl | grep 'Connection closed by 84.88.52.176' | wc -l
2255
Reviewed-by: Aleix Boné <abonerib@bsc.es> 
						
						
					 
					
						2025-07-18 09:51:49 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							fc9fcd602a 
							
						 
					 
					
						
						
							
							Update weasel IPMI hostname for monitoring  
						
						... 
						
						
						
						Reviewed-by: Aleix Boné <abonerib@bsc.es> 
						
						
					 
					
						2025-07-18 09:51:21 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							0e37ab5fe1 
							
						 
					 
					
						
						
							
							Remove merged MPICH patch  
						
						... 
						
						
						
						Reviewed-by: Aleix Roca Nonell <aleix.rocanonell@bsc.es> 
						
						
					 
					
						2025-07-16 13:07:12 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							a1b387e454 
							
						 
					 
					
						
						
							
							Remove package ix as it is gone  
						
						... 
						
						
						
						Fails with: "error: ix has been removed from Nixpkgs, as the ix.io
pastebin has been offline since Dec. 2023".
Reviewed-by: Aleix Roca Nonell <aleix.rocanonell@bsc.es> 
						
						
					 
					
						2025-07-16 13:07:06 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							380abe9957 
							
						 
					 
					
						
						
							
							flake.lock: Update  
						
						... 
						
						
						
						Flake lock file updates:
• Updated input 'agenix':
    'github:ryantm/agenix/f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41?narHash=sha256-b%2Buqzj%2BWa6xgMS9aNbX4I%2BsXeb5biPDi39VgvSFqFvU%3D' (2024-08-10)
  → 'github:ryantm/agenix/531beac616433bac6f9e2a19feb8e99a22a66baf?narHash=sha256-9P1FziAwl5%2B3edkfFcr5HeGtQUtrSdk/MksX39GieoA%3D' (2025-06-17)
• Updated input 'agenix/darwin':
    'github:lnl7/nix-darwin/4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d?narHash=sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0%3D' (2023-11-24)
  → 'github:lnl7/nix-darwin/43975d782b418ebf4969e9ccba82466728c2851b?narHash=sha256-dyN%2BteG9G82G%2Bm%2BPX/aSAagkC%2BvUv0SgUw3XkPhQodQ%3D' (2025-04-12)
• Updated input 'agenix/home-manager':
    'github:nix-community/home-manager/3bfaacf46133c037bb356193bd2f1765d9dc82c1?narHash=sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE%3D' (2023-12-20)
  → 'github:nix-community/home-manager/abfad3d2958c9e6300a883bd443512c55dfeb1be?narHash=sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs%3D' (2025-04-24)
• Updated input 'bscpkgs':
    'git+https://git.sr.ht/~rodarima/bscpkgs?ref=refs/heads/master&rev=6782fc6c5b5a29e84a7f2c2d1064f4bcb1288c0f ' (2024-11-29)
  → 'git+https://git.sr.ht/~rodarima/bscpkgs?ref=refs/heads/master&rev=9d1944c658929b6f98b3f3803fead4d1b91c4405 ' (2025-06-11)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/9c6b49aeac36e2ed73a8c472f1546f6d9cf1addc?narHash=sha256-i/UJ5I7HoqmFMwZEH6vAvBxOrjjOJNU739lnZnhUln8%3D' (2025-01-14)
  → 'github:NixOS/nixpkgs/dfcd5b901dbab46c9c6e80b265648481aafb01f8?narHash=sha256-Kt1UIPi7kZqkSc5HVj6UY5YLHHEzPBkgpNUByuyxtlw%3D' (2025-07-13)
Reviewed-by: Aleix Roca Nonell <aleix.rocanonell@bsc.es> 
						
						
					 
					
						2025-07-16 13:07:01 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							37c12783bb 
							
						 
					 
					
						
						
							
							Upgrade nixpkgs to nixos 25.05  
						
						... 
						
						
						
						Reviewed-by: Aleix Roca Nonell <aleix.rocanonell@bsc.es> 
						
						
					 
					
						2025-07-16 13:06:40 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							7379e84e79 
							
						 
					 
					
						
						
							
							Silently ban OpenVAS BSC scanner from apex  
						
						... 
						
						
						
						It is spamming our logs with refused connection lines:
apex% sudo journalctl -b0 | grep 'refused connection.*SRC=192.168.8.16' | wc -l
13945
Reviewed-by: Aleix Boné <abonerib@bsc.es> 
						
						
					 
					
						2025-07-15 17:40:41 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							b802f88df9 
							
						 
					 
					
						
						
							
							Rotate anavarro password and SSH key  
						
						... 
						
						
						
						Reviewed-by: Aleix Boné <abonerib@bsc.es> 
						
						
					 
					
						2025-07-15 17:24:41 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							bd94c4ad00 
							
						 
					 
					
						
						
							
							Add weasel machine configuration  
						
						... 
						
						
						
						Reviewed-by: Aleix Boné <abonerib@bsc.es> 
						
						
					 
					
						2025-07-15 17:24:38 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							570c6e175d 
							
						 
					 
					
						
						
							
							Remove extra flush commands on firewall stop  
						
						... 
						
						
						
						They are not needed as they are already flushed when the firewall
starts or stops.
Reviewed-by: Aleix Boné <abonerib@bsc.es> 
						
						
					 
					
						2025-07-15 11:18:45 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							96661dd0d4 
							
						 
					 
					
						
						
							
							Prevent accidental use of nftables  
						
						... 
						
						
						
						Reviewed-by: Aleix Boné <abonerib@bsc.es> 
						
						
					 
					
						2025-07-15 11:18:42 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							28db7799ea 
							
						 
					 
					
						
						
							
							Add proxy configuration for internal hosts  
						
						... 
						
						
						
						Access internal hosts via apex proxy. From the compute nodes we first
open an SSH connection to apex, and then tunnel it through the HTTP
proxy with netcat.
This way we allow reaching internal GitLab repositories without
requiring the user to have credentials in the remote host, while we can
use multiple remotes to provide redundancy.
Reviewed-by: Aleix Boné <abonerib@bsc.es> 
						
						
					 
					
						2025-07-15 11:18:36 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							508059c99e 
							
						 
					 
					
						
						
							
							Remove unused blackbox configuration modules  
						
						... 
						
						
						
						Reviewed-by: Aleix Boné <abonerib@bsc.es> 
						
						
					 
					
						2025-07-15 11:18:30 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							b9f9cc7d7a 
							
						 
					 
					
						
						
							
							Use IPv4 in blackbox probes  
						
						... 
						
						
						
						Otherwise they simply fail as IPv6 doesn't work.
Reviewed-by: Aleix Boné <abonerib@bsc.es> 
						
						
					 
					
						2025-07-15 11:18:26 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							eae0c7cb59 
							
						 
					 
					
						
						
							
							Make NFS mount async to improve latency  
						
						... 
						
						
						
						Don't wait to flush writes, as we don't care about consistency on a
crash:
> This option allows the NFS server to violate the NFS protocol and
> reply to requests before any changes made by that request have been
> committed to stable storage (e.g. disc drive).
>
> Using this option usually improves performance, but at the cost that
> an unclean server restart (i.e. a crash) can cause data to be lost or
> corrupted.
Reviewed-by: Aleix Boné <abonerib@bsc.es> 
						
						
					 
					
						2025-07-15 11:18:20 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							2280635cd6 
							
						 
					 
					
						
						
							
							Disable root_squash from NFS  
						
						... 
						
						
						
						Allows root to read files in the NFS export, so we can directly run
`nixos-rebuild switch` from /home.
Reviewed-by: Aleix Boné <abonerib@bsc.es> 
						
						
					 
					
						2025-07-15 11:18:16 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							16ada09600 
							
						 
					 
					
						
						
							
							Remove SSH proxy to access BSC clusters  
						
						... 
						
						
						
						We now have direct connection to them.
Reviewed-by: Aleix Boné <abonerib@bsc.es> 
						
						
					 
					
						2025-07-15 11:18:13 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							0d291d715c 
							
						 
					 
					
						
						
							
							Add users to apex machine  
						
						... 
						
						
						
						They need to be able to login to apex to access any other machine from
the SSF rack.
Reviewed-by: Aleix Boné <abonerib@bsc.es> 
						
						
					 
					
						2025-07-15 11:18:09 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							66001f76f7 
							
						 
					 
					
						
						
							
							Remove proxy from hut HTTP probes  
						
						... 
						
						
						
						Reviewed-by: Aleix Boné <abonerib@bsc.es> 
						
						
					 
					
						2025-07-15 11:18:04 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							1e3b85067d 
							
						 
					 
					
						
						
							
							Remove proxy configuration from environment  
						
						... 
						
						
						
						All machines have now direct connection with the outside world.
Reviewed-by: Aleix Boné <abonerib@bsc.es> 
						
						
					 
					
						2025-07-15 11:18:00 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							36ee1f3adc 
							
						 
					 
					
						
						
							
							Add storcli utility to apex  
						
						... 
						
						
						
						Reviewed-by: Aleix Boné <abonerib@bsc.es> 
						
						
					 
					
						2025-07-15 11:17:57 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							25e9c071b0 
							
						 
					 
					
						
						
							
							Add new configuration for apex  
						
						... 
						
						
						
						Reviewed-by: Aleix Boné <abonerib@bsc.es> 
						
						
					 
					
						2025-07-15 11:17:43 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							80cee2dbd0 
							
						 
					 
					
						
						
							
							Add pmartin1 user with access to fox  
						
						... 
						
						
						
						Reviewed-by: Aleix Boné <abonerib@bsc.es> 
						
						
					 
					
						2025-07-03 11:16:43 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							ee92934c74 
							
						 
					 
					
						
						
							
							Add access to fox for rpenacob user  
						
						... 
						
						
						
						Reviewed-by: Aleix Boné <abonerib@bsc.es> 
						
						
					 
					
						2025-07-02 16:58:53 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							db0f3fed91 
							
						 
					 
					
						
						
							
							Revert "Only allow Vincent to access fox for now"  
						
						... 
						
						
						
						This reverts commit e9e3704b677baed1649583f25e4e1bc050a9534e.
Reviewed-by: Aleix Boné <abonerib@bsc.es> 
						
						
					 
					
						2025-07-02 16:58:49 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							adeaa0484d 
							
						 
					 
					
						
						
							
							Add all terminfo files in environment  
						
						... 
						
						
						
						Fixes problems with the kitty terminal when opening vim or kakoune.
Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es> 
						
						
					 
					
						2025-07-02 16:02:45 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							815810830e 
							
						 
					 
					
						
						
							
							Monitor Fox BMC with ICMP probes too  
						
						... 
						
						
						
						Reviewed-by: Aleix Boné <abonerib@bsc.es> 
						
						
					 
					
						2025-07-02 15:51:22 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							7a52e1907c 
							
						 
					 
					
						
						
							
							Restrict DAC VPN to fox-ipmi machine only  
						
						... 
						
						
						
						Reviewed-by: Aleix Boné <abonerib@bsc.es> 
						
						
					 
					
						2025-07-02 15:51:19 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							22a2e1b9e8 
							
						 
					 
					
						
						
							
							Monitor fox via VPN  
						
						... 
						
						
						
						Reviewed-by: Aleix Boné <abonerib@bsc.es> 
						
						
					 
					
						2025-07-02 15:51:16 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							f29461ae32 
							
						 
					 
					
						
						
							
							Add OpenVPN service to connect to fox BMC  
						
						... 
						
						
						
						Reviewed-by: Aleix Boné <abonerib@bsc.es> 
						
						
					 
					
						2025-07-02 15:51:13 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							208197f099 
							
						 
					 
					
						
						
							
							Add ac.upc.edu as name search server  
						
						... 
						
						
						
						Allows referring to fox.ac.upc.edu directly as fox.
Reviewed-by: Aleix Boné <abonerib@bsc.es> 
						
						
					 
					
						2025-07-02 15:51:09 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							479ca1b671 
							
						 
					 
					
						
						
							
							Disable kptr_restrict in fox  
						
						... 
						
						
						
						Reviewed-by: Aleix Boné <abonerib@bsc.es> 
						
						
					 
					
						2025-07-02 15:08:42 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							40529fbdcb 
							
						 
					 
					
						
						
							
							Disable NUMA balancing in fox  
						
						... 
						
						
						
						See: https://www.kernel.org/doc/html/latest/admin-guide/sysctl/kernel.html#numa-balancing 
Reviewed-by: Aleix Boné <abonerib@bsc.es> 
						
						
					 
					
						2025-07-02 15:08:02 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							9b0d3fb21e 
							
						 
					 
					
						
						
							
							Load amd_uncore module in fox  
						
						... 
						
						
						
						Needed for L3 events in perf.
Reviewed-by: Aleix Boné <abonerib@bsc.es> 
						
						
					 
					
						2025-07-02 15:07:58 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							d8444131d8 
							
						 
					 
					
						
						
							
							Enable SSH X11 forwarding  
						
						... 
						
						
						
						Reviewed-by: Aleix Boné <abonerib@bsc.es> 
						
						
					 
					
						2025-07-02 15:07:54 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							af540456a6 
							
						 
					 
					
						
						
							
							Disable registration in Gitea  
						
						... 
						
						
						
						Get rid of all the spam accounts they are trying to register.
Reviewed-by: Aleix Boné <abonerib@bsc.es>
Reviewed-by: Aleix Roca Nonell <aleix.rocanonell@bsc.es> 
						
						
					 
					
						2025-06-18 15:36:18 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							42d6734da8 
							
						 
					 
					
						
						
							
							Enable msmtp configuration in tent  
						
						... 
						
						
						
						Allows gitea to send notifications via email.
Reviewed-by: Aleix Boné <abonerib@bsc.es>
Reviewed-by: Aleix Roca Nonell <aleix.rocanonell@bsc.es> 
						
						
					 
					
						2025-06-18 15:36:15 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							071a8084a0 
							
						 
					 
					
						
						
							
							Add GitLab runner with debian docker for PM  
						
						... 
						
						
						
						Reviewed-by: Aleix Boné <abonerib@bsc.es>
Reviewed-by: Aleix Roca Nonell <aleix.rocanonell@bsc.es> 
						
						
					 
					
						2025-06-18 15:36:13 +02:00