abonerib/jungle
1
0
Fork 0
forked from rarias/jungle
Code Pull Requests 1 Actions Activity
1,550 Commits 29 Branches 0 Tags
befbdfeb6fdfebb5ef626cfe434b5fd7c918e65e
Commit Graph

1550 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Aleix Boné
befbdfeb6f Add bashInteractive in nix-portable bwrap 2026-03-09 14:27:31 +01:00
Aleix Boné
cdda51e54b Install netcat, ssh and git in nix-portable 
These are needed by nix in order to properly
download and build stuff.

busybox's netcat does not work since it doesn't
support -X.
 2026-03-09 14:27:31 +01:00
Aleix Boné
0c49fc14c2 Only to busybox to /bin/sh in nix-portable 2026-03-09 14:27:31 +01:00
Aleix Boné
75c02153a3 Remove sgid from .nix-portable and set group 
This should prevent issues when putting it under
/gpfs/{projects,scratch} that have sgid and group=nobody.
 2026-03-06 17:31:10 +01:00
Aleix Boné
e14225a447 Restrict paths added to bwrap in nix-portable 2026-03-06 17:31:10 +01:00
Aleix Boné
24a35583af Bind proc using --proc in nix-portable 2026-03-06 17:31:10 +01:00
Aleix Boné
35df90594e Fix nix-portable pkgStatic symlink handling 2026-03-06 17:31:10 +01:00
Aleix Boné
57077e0276 Add nix-portable 
repo: https://github.com/DavHau/nix-portable
rev: 91122e3d94ba51d7d83fe990fa81d3de0968fb32
 2026-03-06 17:31:10 +01:00
Aleix Boné
30bd998114 Re-enable nix-wrap 
libcap is no longer broken upstream
 2026-03-06 17:31:10 +01:00
Rodrigo Arias Mallo
84a5cb09ee Use host mode for docker network 
In order to reduce the traffic of the secondary Ethernet device we need
to be able to directly use the physical device instead of the virtual
one. For now use the host mode and see later if we can revert it.

Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2026-03-05 15:29:23 +01:00
Aleix Boné
4899d20748 Fix weasel infiniband interface name 
Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
 2026-02-26 10:26:01 +01:00
Rodrigo Arias Mallo
76cd6d64b2 Add ssanzmar user to apex and fox 
Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2026-02-24 14:06:12 +01:00
Rodrigo Arias Mallo
8dab0d82ba Update fox documentation in website 
Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2026-02-04 15:08:13 +01:00
Rodrigo Arias Mallo
958dcd4774 Add emonteir user to apex and fox 
Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2026-02-04 15:08:08 +01:00
Aleix Boné
7a6e4232de Add nom and nixfmt-tree to system packages 
Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
 2026-02-03 15:17:30 +01:00
Aleix Boné
3b56e905e5 Add standalone home-manager to system packages 
Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
 2026-02-03 15:17:29 +01:00
Aleix Boné
2d41309466 Format and sort default package list 
Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
 2026-02-03 15:17:24 +01:00
Rodrigo Arias Mallo
deb0cd1488 Allow USB access to TC1 from Gitlab Runner 
Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2026-01-23 17:56:16 +01:00
Rodrigo Arias Mallo
cd1f502ecc Allow user USB access to FTDI device in tent 
Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2026-01-23 17:56:11 +01:00
Rodrigo Arias Mallo
dda6a66782 Fix gitea user to allow sending email 
In order to send email, the gitea user needs to be in the mail-robot
group.

Fixes: rarias/jungle#220
Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2026-01-20 12:18:52 +01:00
Rodrigo Arias Mallo
22420e6ac8 Remove unneeded perf package from eudy 
It is already included in the base list of packages, which is now only
"perf" and doesn't depend on the kernel version.

Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2026-01-20 12:18:49 +01:00
Rodrigo Arias Mallo
a71cd78b4c Fix infiniband interface names 
Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2026-01-20 12:18:46 +01:00
Rodrigo Arias Mallo
e84a2cadbb flake.lock: Update 
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/8bb5646e0bed5dbd3ab08c7a7cc15b75ab4e1d0f?narHash=sha256-SqUuBFjhl/kpDiVaKLQBoD8TLD%2B/cTUzzgVFoaHrkqY%3D' (2025-11-30)
  → 'github:NixOS/nixpkgs/3c9db02515ef1d9b6b709fc60ba9a540957f661c?narHash=sha256-2GffSfQxe3sedHzK%2BsTKlYo/NTIAGzbFCIsNMUPAAnk%3D' (2026-01-05)

Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2026-01-20 12:18:41 +01:00
Aleix Boné
d3e43eb651 Remove conflicting definitions in amd-uprof-driver 
See: https://lkml.org/lkml/2025/4/9/1709

Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
 2026-01-20 12:15:18 +01:00
Aleix Boné
a491546ffb Mark mcxx as broken and remove from package list 
Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
 2026-01-20 12:15:14 +01:00
Aleix Boné
933c78a80b Fix moved package linuxPackages.perf is now perf 
Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
 2026-01-20 12:15:10 +01:00
Aleix Boné
150969be9b Fix replaced nixseparatedebuginfod 
nixseparatedebuginfod has been replaced by nixseparatedebuginfod2

Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
 2026-01-20 12:15:06 +01:00
Aleix Boné
9097729759 Use standard gcc for intel packages 
This reverts 26f52aa27d

Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
 2026-01-20 12:15:02 +01:00
Aleix Boné
779449f1db Fix renamed option watchdog.runtimeTime 
The option 'systemd.watchdog.runtimeTime' has been renamed to
'systemd.settings.Manager.RuntimeWatchdogSec'.

Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
 2026-01-20 12:14:59 +01:00
Aleix Boné
6cbe33bd80 Replace wrapGAppsHook with wrapGAppsHook3 
Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
 2026-01-20 12:14:56 +01:00
Aleix Boné
3f1f5ae8f2 Fix changed cudaPackages.cuda_cudart output 
See: https://github.com/NixOS/nixpkgs/pull/437723
Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
 2026-01-20 12:14:49 +01:00
Aleix Boné
fe8586e780 Set pyproject=true in buildPythonApplication 
The buildPythonPackage and buildPythonApplication functions now
  require an explicit format attribute. Previously the default format
  used setuptools and called setup.py from the source tree, which is
  deprecated. The modern alternative is to configure pyproject = true
  with build-system = [ setuptools ].

Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
 2026-01-20 12:14:31 +01:00
Aleix Boné
8677adba27 Fix renamed llvm bintools 
Moved from llvmPackages_latest.tools.bintools to
llvmPackages_latest.bintools

Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
 2026-01-20 12:14:27 +01:00
Aleix Boné
f614149edf Upgrade nixpkgs to 25.11 
Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
 2026-01-20 12:14:11 +01:00
Vincent A. Arcila
859eebda98 Change varcila shell to zsh 
Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
 2026-01-07 13:22:17 +01:00
Rodrigo Arias Mallo
c2a201b085 Increase fail2ban ban time on each attempt 
Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2026-01-07 13:14:34 +01:00
Rodrigo Arias Mallo
f921f0a4bd Disable password login via SSH in apex 
Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2026-01-07 13:14:30 +01:00
Rodrigo Arias Mallo
aa16bfc0bc Enable fail2ban in apex login node 
We are seeing a lot of failed attempts from the same IPs:

    apex% sudo journalctl -u sshd -b0 | grep 'Failed password' | wc -l
    2441

Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2026-01-07 13:14:22 +01:00
Aleix Boné
a173af654f Fix osu cross-compilation 
Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
 2025-10-31 16:23:46 +01:00
Aleix Boné
2fff7e4a7b Set mpich default compilers from targetPackages 
Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
 2025-10-31 16:23:46 +01:00
Aleix Boné
a761b73336 Enable meta.cross for mpich related packages 
Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
 2025-10-31 16:23:46 +01:00
Aleix Boné
86eb796771 Disable meta.cross for gpi-2 and tagaspi 
Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
 2025-10-31 16:23:46 +01:00
Aleix Boné
08633435cf Fix nativeBuildInputs for tagaspi 
Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
 2025-10-31 16:23:46 +01:00
Aleix Boné
39d64456a4 Fix nativeBuildInputs for gpi-2 
Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
 2025-10-31 16:23:46 +01:00
Aleix Boné
410040a4a0 Fix mpich cross compilation (disable fortran) 
Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
 2025-10-31 16:23:46 +01:00
Rodrigo Arias Mallo
fc69ef3217 Enable pam_slurm_adopt in all compute nodes 
Prevents access to owl1 and owl2 too if the user doesn't have any jobs
running there.

Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2025-10-31 11:41:50 +01:00
Rodrigo Arias Mallo
1d025f7a38 Don't suspend owl compute nodes 
Currently the owl nodes are located on top of the rack and turning them
off causes a high temperature increase at that region, which accumulates
heat from the whole rack. To maximize airflow we will leave them on at
all times. This also makes allocations immediate at the extra cost of
around 200 W.

In the future, if we include more nodes in SLURM we can configure those
to turn off if needed.

Fixes: rarias/jungle#156
Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2025-10-31 11:41:44 +01:00
Aleix Boné
7989779c8f Filter out packages by platform from crossSet 
Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
Tested-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
 2025-10-31 11:21:13 +01:00
Aleix Boné
7d721084a7 Add meta to cudainfo 
Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
 2025-10-31 11:20:01 +01:00
Aleix Boné
796d34a549 Set amd-uprof platforms to x86_64-linux only 
Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
 2025-10-31 11:19:57 +01:00