86b10535de 
							
						 
					 
					
						
						
							
							weasel: add custom nix-serve  
						
						
						
						
					 
					
						2025-10-06 14:48:15 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
						
						
						
							
						
						
							f8a53b368d 
							
						 
					 
					
						
						
							
							Add https github to allowed uris  
						
						
						
						
					 
					
						2025-10-02 17:54:50 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
						
						
						
							
						
						
							d95d4962aa 
							
						 
					 
					
						
						
							
							Make hydra shut up  
						
						
						
						
					 
					
						2025-10-02 17:54:49 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
						
						
						
							
						
						
							41d0b157c8 
							
						 
					 
					
						
						
							
							Add bscpm and gitlab-internal to allowed-uris  
						
						
						
						
					 
					
						2025-10-02 17:54:49 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
						
						
						
							
						
						
							f30682ff1b 
							
						 
					 
					
						
						
							
							weasel: enable hydra tcp port in firewall  
						
						
						
						
					 
					
						2025-10-02 17:54:49 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
						
						
						
							
						
						
							8d45192a7f 
							
						 
					 
					
						
						
							
							hydra: set listen host  
						
						
						
						
					 
					
						2025-10-02 17:54:49 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
						
						
						
							
						
						
							e74ec52fd9 
							
						 
					 
					
						
						
							
							Enable hydra on weasel  
						
						
						
						
					 
					
						2025-10-02 17:54:49 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
						
						
						
							
						
						
							6a6929fa39 
							
						 
					 
					
						
						
							
							weasel: use tent cache  
						
						
						
						
					 
					
						2025-10-02 17:54:49 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
						
						
						
							
						
						
							cdebb58971 
							
						 
					 
					
						
						
							
							Add nixfmt-rfc-style to common packages  
						
						
						
						
					 
					
						2025-10-02 17:54:49 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
						
						
						
							
						
						
							8ee391ed42 
							
						 
					 
					
						
						
							
							Add packages to user abonerib  
						
						
						
						
					 
					
						2025-10-02 17:54:48 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
						
						
						
							
						
						
							13330eb537 
							
						 
					 
					
						
						
							
							Add nix-output-monitor to default packages  
						
						
						
						
					 
					
						2025-10-02 17:54:48 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
						
						
						
							
						
						
							ea4cc89d17 
							
						 
					 
					
						
						
							
							Set fish shell for user abonerib  
						
						
						
						
					 
					
						2025-10-02 17:54:48 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
						
						
						
							
						
						
							366615774f 
							
						 
					 
					
						
						
							
							weasel: create user folders in /var/lib/podman-users  
						
						... 
						
						
						
						/home is a nfs mount, which does not support extra filesystem arguments
needed to run podman. We need to have a local home. 
						
						
					 
					
						2025-10-02 17:54:48 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
						
						
						
							
						
						
							23ec609737 
							
						 
					 
					
						
						
							
							weasel: add podman  
						
						
						
						
					 
					
						2025-10-02 17:54:48 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
						
						
						
							
						
						
							00456a86b7 
							
						 
					 
					
						
						
							
							Enable custom sys-devices system feature  
						
						
						
						
					 
					
						2025-10-02 17:54:48 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							e42058f08b 
							
						 
					 
					
						
						
							
							Allow access to hut from fox  
						
						... 
						
						
						
						Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es> 
						
						
					 
					
						2025-10-02 17:03:21 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							f3bfe89f27 
							
						 
					 
					
						
						
							
							Fetch website from its own git repository  
						
						... 
						
						
						
						Reviewed-by: Aleix Boné <abonerib@bsc.es> 
						
						
					 
					
						2025-10-02 15:45:21 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							ee6f981006 
							
						 
					 
					
						
						
							
							Add script to trim the repository  
						
						... 
						
						
						
						Reviewed-by: Aleix Boné <abonerib@bsc.es> 
						
						
					 
					
						2025-10-02 15:44:56 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							b040bebd1d 
							
						 
					 
					
						
						
							
							Add acinca user  
						
						... 
						
						
						
						Reviewed-by: Aleix Boné <abonerib@bsc.es> 
						
						
					 
					
						2025-10-01 12:27:43 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							f69629d2da 
							
						 
					 
					
						
						
							
							Restart slurmd on failure  
						
						... 
						
						
						
						A failure to reach the control node can cause slurmd to fail and the
unit remains in the failed state until is manually restarted. Instead,
try to restart the service every 30 seconds, forever:
    owl1% systemctl show slurmd | grep -E 'Restart=|RestartUSec='
    Restart=on-failure
    RestartUSec=30s
    owl1% pgrep slurmd
    5903
    owl1% sudo kill -SEGV 5903
    owl1% pgrep slurmd
    6137
Fixes: rarias/jungle#177 
Reviewed-by: Aleix Boné <abonerib@bsc.es> 
						
						
					 
					
						2025-09-30 17:20:39 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							0668f0db74 
							
						 
					 
					
						
						
							
							Lower connect timeout when using hut substituter  
						
						... 
						
						
						
						Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es> 
						
						
					 
					
						2025-09-29 18:44:48 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							5fcd57a061 
							
						 
					 
					
						
						
							
							Use hut substituter in all nodes  
						
						... 
						
						
						
						Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es> 
						
						
					 
					
						2025-09-29 18:44:38 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							ad1544759f 
							
						 
					 
					
						
						
							
							Remove machine access for user csiringo  
						
						... 
						
						
						
						Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es> 
						
						
					 
					
						2025-09-29 18:23:24 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							e1c950a530 
							
						 
					 
					
						
						
							
							Mount apex /home via NFS in raccoon  
						
						... 
						
						
						
						Reviewed-by: Aleix Boné <abonerib@bsc.es> 
						
						
					 
					
						2025-09-26 12:28:53 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							f9632c37f8 
							
						 
					 
					
						
						
							
							Remove extra SSH jump configuration  
						
						... 
						
						
						
						We now have direct visibility among nodes so we don't need any extra
SSH configuration to reach them.
Reviewed-by: Aleix Boné <abonerib@bsc.es> 
						
						
					 
					
						2025-09-26 12:28:51 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							1f0cb4ae76 
							
						 
					 
					
						
						
							
							Add raccoon peer to wireguard  
						
						... 
						
						
						
						It routes traffic from fox, apex and the compute nodes so that we can
reach the git servers and tent.
Reviewed-by: Aleix Boné <abonerib@bsc.es> 
						
						
					 
					
						2025-09-26 12:28:48 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							d49d078bed 
							
						 
					 
					
						
						
							
							Add raccoon host key  
						
						... 
						
						
						
						Reviewed-by: Aleix Boné <abonerib@bsc.es> 
						
						
					 
					
						2025-09-26 12:28:46 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							e98fdb89ab 
							
						 
					 
					
						
						
							
							Restrict fox peer to a single IP  
						
						... 
						
						
						
						Reviewed-by: Aleix Boné <abonerib@bsc.es> 
						
						
					 
					
						2025-09-26 12:28:43 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							6afe05b5fd 
							
						 
					 
					
						
						
							
							Use lowercase peer hostnames  
						
						... 
						
						
						
						Reviewed-by: Aleix Boné <abonerib@bsc.es> 
						
						
					 
					
						2025-09-26 12:28:25 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							7d5aebf882 
							
						 
					 
					
						
						
							
							Share a public folder for documents  
						
						... 
						
						
						
						Reviewed-by: Aleix Boné <abonerib@bsc.es> 
						
						
					 
					
						2025-09-19 10:59:40 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							94cbfd38a6 
							
						 
					 
					
						
						
							
							Fix AMDuProfPcm so it finds libnuma.so  
						
						... 
						
						
						
						We change the search procedure so it detects NixOS from /etc/os-release
and uses "libnuma.so" when calling dlopen, instead of harcoding a full
path to /usr. The full patch of libnuma is stored in the runpath, so
dlopen can find it.
Reviewed-by: Aleix Boné <abonerib@bsc.es>
Tested-by: Vincent Arcila <vincent.arcila@bsc.es> 
						
						
					 
					
						2025-09-19 10:54:36 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							4da7780472 
							
						 
					 
					
						
						
							
							Add amd_hsmp module in fox for AMD uProf  
						
						... 
						
						
						
						Reviewed-by: Aleix Boné <abonerib@bsc.es> 
						
						
					 
					
						2025-09-19 10:54:24 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							a6dfc267fd 
							
						 
					 
					
						
						
							
							Fix hidden dependencies for AMDuProfSys  
						
						... 
						
						
						
						It tries to dlopen libcrypt.so.1 and libstdc++.so.6, so we make sure
they are available by adding them to the runpath.
Reviewed-by: Aleix Boné <abonerib@bsc.es> 
						
						
					 
					
						2025-09-19 10:54:19 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							d6126501ba 
							
						 
					 
					
						
						
							
							Disable NMI watchdog in fox  
						
						... 
						
						
						
						Reviewed-by: Aleix Boné <abonerib@bsc.es> 
						
						
					 
					
						2025-09-19 10:54:17 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							ac0deb47b6 
							
						 
					 
					
						
						
							
							Fix amd-uprof dependencies with patchelf  
						
						... 
						
						
						
						Reviewed-by: Aleix Boné <abonerib@bsc.es> 
						
						
					 
					
						2025-09-19 10:54:15 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							f7d676de77 
							
						 
					 
					
						
						
							
							Fix hrtimer new interface  
						
						... 
						
						
						
						The hrtimer_init() is now done via hrtimer_setup() with the callback
function as argument.
See: https://lwn.net/Articles/996598/ 
Reviewed-by: Aleix Boné <abonerib@bsc.es> 
						
						
					 
					
						2025-09-19 10:54:09 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							cf1db201b2 
							
						 
					 
					
						
						
							
							Use CFLAGS_MODULE instead of EXTRA_CFLAGS  
						
						... 
						
						
						
						Fixes the build in Linux 6.15.6, as it was not able to find the include
files.
Reviewed-by: Aleix Boné <abonerib@bsc.es> 
						
						
					 
					
						2025-09-19 10:54:07 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							e6e4846529 
							
						 
					 
					
						
						
							
							Add AMD uProf module and enable it in fox  
						
						... 
						
						
						
						Reviewed-by: Aleix Boné <abonerib@bsc.es> 
						
						
					 
					
						2025-09-19 10:54:05 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							084d556c56 
							
						 
					 
					
						
						
							
							Add AMD uProf package and driver  
						
						... 
						
						
						
						Reviewed-by: Aleix Boné <abonerib@bsc.es> 
						
						
					 
					
						2025-09-19 10:53:49 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							ff0fc18d0a 
							
						 
					 
					
						
						
							
							Mount home via NFS from apex in fox  
						
						... 
						
						
						
						Reviewed-by: Aleix Roca Nonell <aleix.rocanonell@bsc.es> 
						
						
					 
					
						2025-09-03 15:34:02 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							19c7e32678 
							
						 
					 
					
						
						
							
							Allow access to NFS via wireguard subnet  
						
						... 
						
						
						
						Reviewed-by: Aleix Roca Nonell <aleix.rocanonell@bsc.es> 
						
						
					 
					
						2025-09-03 15:33:47 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							017c19e7d0 
							
						 
					 
					
						
						
							
							Use 10.106.0.0/24 subnet to avoid collisions  
						
						... 
						
						
						
						The 106 byte is the code for 'j' (jungle) in ASCII:
	% printf j | od -t d
	0000000         106
	0000001
Reviewed-by: Aleix Roca Nonell <aleix.rocanonell@bsc.es> 
						
						
					 
					
						2025-09-03 12:03:13 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							a36eff8749 
							
						 
					 
					
						
						
							
							Revert "Remove pam_slurm_adopt from fox"  
						
						... 
						
						
						
						This reverts commit 1eac0fcad8211195499bc566e6c70312b31af700.
Reviewed-by: Aleix Roca Nonell <aleix.rocanonell@bsc.es> 
						
						
					 
					
						2025-09-03 12:03:06 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							df17b11458 
							
						 
					 
					
						
						
							
							Enable fail2ban in fox  
						
						... 
						
						
						
						Protect fox against ssh bruteforce attacks:
fox% sudo lastb | head
root     ssh:notty    200.124.28.102   Mon Sep  1 11:25 - 11:25  (00:00)
root     ssh:notty    200.124.28.102   Mon Sep  1 11:25 - 11:25  (00:00)
root     ssh:notty    200.124.28.102   Mon Sep  1 11:25 - 11:25  (00:00)
root     ssh:notty    200.124.28.102   Mon Sep  1 11:25 - 11:25  (00:00)
root     ssh:notty    200.124.28.102   Mon Sep  1 11:25 - 11:25  (00:00)
root     ssh:notty    200.124.28.102   Mon Sep  1 11:25 - 11:25  (00:00)
root     ssh:notty    200.124.28.102   Mon Sep  1 11:25 - 11:25  (00:00)
root     ssh:notty    200.124.28.102   Mon Sep  1 11:25 - 11:25  (00:00)
root     ssh:notty    200.124.28.102   Mon Sep  1 11:24 - 11:24  (00:00)
root     ssh:notty    200.124.28.102   Mon Sep  1 11:24 - 11:24  (00:00)
Reviewed-by: Aleix Roca Nonell <aleix.rocanonell@bsc.es> 
						
						
					 
					
						2025-09-03 12:03:02 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							0dc7b7eb3d 
							
						 
					 
					
						
						
							
							Accept connections from apex to fox slurmd  
						
						... 
						
						
						
						Reviewed-by: Aleix Roca Nonell <aleix.rocanonell@bsc.es> 
						
						
					 
					
						2025-09-03 12:03:00 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							dff6eaf587 
							
						 
					 
					
						
						
							
							Accept fox connection to slurm controller  
						
						... 
						
						
						
						Reviewed-by: Aleix Roca Nonell <aleix.rocanonell@bsc.es> 
						
						
					 
					
						2025-09-03 12:02:59 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							4b6b67b587 
							
						 
					 
					
						
						
							
							Add fox machine to SLURM  
						
						... 
						
						
						
						Reviewed-by: Aleix Roca Nonell <aleix.rocanonell@bsc.es> 
						
						
					 
					
						2025-09-03 12:02:57 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							20e7d244d1 
							
						 
					 
					
						
						
							
							Rekey secrets with trusted fox key  
						
						... 
						
						
						
						Reviewed-by: Aleix Roca Nonell <aleix.rocanonell@bsc.es> 
						
						
					 
					
						2025-09-03 12:02:55 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							c5d3b8e7f0 
							
						 
					 
					
						
						
							
							Trust fox for compute node secrets  
						
						... 
						
						
						
						Reviewed-by: Aleix Roca Nonell <aleix.rocanonell@bsc.es> 
						
						
					 
					
						2025-09-03 12:02:52 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							6bbfb0d124 
							
						 
					 
					
						
						
							
							Make apex host specific to each machine  
						
						... 
						
						
						
						Allows direct contact via the VPN when accessing from fox, but use
Internet when using the rest of the machines.
Reviewed-by: Aleix Roca Nonell <aleix.rocanonell@bsc.es> 
						
						
					 
					
						2025-09-03 12:02:49 +02:00