abonerib/jungle
1
0
Fork 0
forked from rarias/jungle
Code Pull Requests Activity

Compare commits

merge into: abonerib:fix/gcc14
Branches Tags
abonerib:master abonerib:fix/cross/ompss-2 abonerib:mega-merge abonerib:pkgs/tacuda abonerib:pkgs/pocl abonerib:pkgs/tasycl abonerib:enableStrictDeps abonerib:upgrade/25.11 abonerib:fix/cross-clang abonerib:add-private abonerib:fix/paraver abonerib:pkgs/gromacs abonerib:pkgs/aocc abonerib:pkgs/clsparse abonerib:pkgs/taopencl abonerib:quick-shell abonerib:fix/gcc14 abonerib:remove-old abonerib:remove-inputs abonerib:weasel-hydra abonerib:feat/hydra rarias:master rarias:enableStrictDeps rarias:fox-regression rarias:pkgs/tacuda rarias:pkgs/tasycl rarias:robust-fetchGit rarias:old-master rarias:gitea-lfs rarias:only-restart-logins rarias:monitor-gpfs-home rarias:add-tent-machine rarias:m/raccoon rarias:add-fpga-u280 rarias:maintenance-purchase rarias:add-fox-machine rarias:share-files rarias:shared-nix-store rarias:intro-nix rarias:lake2-ipoib
...
pull from: abonerib:fix/paraver
Branches Tags
abonerib:fix/cross/ompss-2 abonerib:mega-merge abonerib:pkgs/tacuda abonerib:pkgs/pocl abonerib:pkgs/tasycl abonerib:enableStrictDeps abonerib:upgrade/25.11 abonerib:fix/cross-clang abonerib:master abonerib:add-private abonerib:fix/paraver abonerib:pkgs/gromacs abonerib:pkgs/aocc abonerib:pkgs/clsparse abonerib:pkgs/taopencl abonerib:quick-shell abonerib:fix/gcc14 abonerib:remove-old abonerib:remove-inputs abonerib:weasel-hydra abonerib:feat/hydra rarias:master rarias:enableStrictDeps rarias:fox-regression rarias:pkgs/tacuda rarias:pkgs/tasycl rarias:robust-fetchGit rarias:old-master rarias:gitea-lfs rarias:only-restart-logins rarias:monitor-gpfs-home rarias:add-tent-machine rarias:m/raccoon rarias:add-fpga-u280 rarias:maintenance-purchase rarias:add-fox-machine rarias:share-files rarias:shared-nix-store rarias:intro-nix rarias:lake2-ipoib

9 Commits
fix/gcc14 ... fix/parave

Author SHA1 Message Date
Aleix Boné
afdda0fb29 Clean up paraver derivations 2025-10-28 17:02:25 +01:00
Rodrigo Arias Mallo
019826d09e Add OmpSs-2 release timers and services 
Send a reminder email to the STAR group to mark the release cycle dates.

Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2025-10-28 12:38:37 +01:00
Rodrigo Arias Mallo
a294daf7e3 Use specific mail-robot group to send mail 
Allows any user to be able to send mail from the robot account as long
as it is added to the mail-robot group.

Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2025-10-28 12:38:17 +01:00
Rodrigo Arias Mallo
a7018250ca Add missing slurm package to overlay 
Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2025-10-28 11:44:40 +01:00
Rodrigo Arias Mallo
e3d1785285 Run a shell in the allocated node with salloc 
By default, salloc will open a new shell in the *current* node instead
of in the allocated node. This often causes users to leave the extra
shell running once the allocation ends. Repeating this process several
times causes chains of shells.

By running the shell in the remote node, once the allocation ends the
shell finishes as well.

Fixes: rarias/jungle#174
See: https://slurm.schedmd.com/faq.html#prompt
Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2025-10-28 11:44:14 +01:00
Aleix Boné
ab86243a07 Add missing which in nodes checkPhase 
When enabling checks, the build log is polluted with errors.

Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
Tested-by: Aleix Boné <abonerib@bsc.es>
 2025-10-23 15:59:21 +02:00
Rodrigo Arias Mallo
14f2393d30 Update website 
Add apex page and replace bscpkgs references for jungle after the merge.

See: rarias/jungle-website#1
Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2025-10-22 15:48:13 +02:00
Rodrigo Arias Mallo
f115d611e7 Add aaguirre user 
Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2025-10-22 15:28:29 +02:00
Rodrigo Arias Mallo
4261d327c6 Include agenix module and package directly 
Avoids adding an extra flake input only to fetch a single module and
package.

Reviewed-by: Aleix Boné <abonerib@bsc.es>
Tested-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
 2025-10-14 09:37:47 +02:00
29 changed files with 883 additions and 122 deletions
Expand all files Collapse all files

82
flake.lock generated
View File

@@ -1,71 +1,5 @@
{ {
"nodes": { "nodes": {
"agenix": {
"inputs": {
"darwin": "darwin",
"home-manager": "home-manager",
"nixpkgs": [
"nixpkgs"
],
"systems": "systems"
},
"locked": {
"lastModified": 1750173260,
"narHash": "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=",
"owner": "ryantm",
"repo": "agenix",
"rev": "531beac616433bac6f9e2a19feb8e99a22a66baf",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1744478979,
"narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "43975d782b418ebf4969e9ccba82466728c2851b",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "master",
"repo": "nix-darwin",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1745494811,
"narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1752436162, "lastModified": 1752436162,
@@ -84,24 +18,8 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"agenix": "agenix",
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs"
} }
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

6
flake.nix
View File

@@ -1,15 +1,13 @@
{ {
inputs = { inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05";
agenix.url = "github:ryantm/agenix";
agenix.inputs.nixpkgs.follows = "nixpkgs";
}; };
outputs = { self, nixpkgs, agenix, ... }: outputs = { self, nixpkgs, ... }:
let let
mkConf = name: nixpkgs.lib.nixosSystem { mkConf = name: nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
specialArgs = { inherit nixpkgs agenix; theFlake = self; }; specialArgs = { inherit nixpkgs; theFlake = self; };
modules = [ "${self.outPath}/m/${name}/configuration.nix" ]; modules = [ "${self.outPath}/m/${name}/configuration.nix" ];
}; };
# For now we only support x86 # For now we only support x86

9
m/common/base/agenix.nix
View File

@@ -1,9 +1,8 @@
{ agenix, ... }: { pkgs, ... }:
{ {
imports = [ agenix.nixosModules.default ]; imports = [ ../../module/agenix.nix ];
environment.systemPackages = [ # Add agenix to system packages
agenix.packages.x86_64-linux.default environment.systemPackages = [ pkgs.agenix ];
];
} }

13
m/common/base/users.nix
View File

@@ -180,6 +180,19 @@
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFmMqKqPg4uocNOr3O41kLbZMOMJn3m2ZdN1JvTR96z3 bsccns@arnau-bsc" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFmMqKqPg4uocNOr3O41kLbZMOMJn3m2ZdN1JvTR96z3 bsccns@arnau-bsc"
]; ];
}; };
aaguirre = {
uid = 9655;
isNormalUser = true;
home = "/home/Computational/aaguirre";
description = "Alejandro Aguirre";
group = "Computational";
hosts = [ "apex" "hut" ];
hashedPassword = "$6$TXRXQT6jjBvxkxU6$E.sh5KspAm1qeG5Ct7OPHpo8REmbGDwjFGvqeGgTVz3GASGOAnPL7UMZsMAsAKBoahOw.v8LNno6XGrTEPzZH1";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOlRX7ZCnqtUJYCxKgWmgSrFCYuA2LHY96rVwqxXPl86 aaguirre@BSC-8488184117"
];
};
}; };
groups = { groups = {

1
m/hut/configuration.nix
View File

@@ -17,6 +17,7 @@
./postgresql.nix ./postgresql.nix
./nginx.nix ./nginx.nix
./p.nix ./p.nix
./ompss2-timer.nix
#./pxe.nix #./pxe.nix
]; ];

3
m/hut/gitea.nix
View File

@@ -29,6 +29,9 @@
}; };
}; };
# Allow gitea user to send mail
users.users.gitea.extraGroups = [ "mail-robot" ];
services.gitea-actions-runner.instances = { services.gitea-actions-runner.instances = {
runrun = { runrun = {
enable = true; enable = true;

5
m/hut/msmtp.nix
View File

@@ -1,8 +1,11 @@
{ config, lib, ... }: { config, lib, ... }:
{ {
# Robot user that can see the password to send mail from jungle-robot
users.groups.mail-robot = {};
age.secrets.jungleRobotPassword = { age.secrets.jungleRobotPassword = {
file = ../../secrets/jungle-robot-password.age; file = ../../secrets/jungle-robot-password.age;
group = "gitea"; group = "mail-robot";
mode = "440"; mode = "440";
}; };

4
m/hut/nginx.nix
View File

@@ -4,8 +4,8 @@ let
name = "jungle-web"; name = "jungle-web";
src = pkgs.fetchgit { src = pkgs.fetchgit {
url = "https://jungle.bsc.es/git/rarias/jungle-website.git"; url = "https://jungle.bsc.es/git/rarias/jungle-website.git";
rev = "739bf0175a7f05380fe7ad7023ff1d60db1710e1"; rev = "52abaf4d71652a9ef77a0b098db14ca33bffff4c";
hash = "sha256-ea5DzhYTzZ9TmqD+x95rdNdLbxPnBluqlYH2NmBYmc4="; hash = "sha256-/ul9GazbOrOkmlvSgDz/+2W+V+ir5725Y7mVLc3rb0M=";
}; };
buildInputs = [ pkgs.hugo ]; buildInputs = [ pkgs.hugo ];
buildPhase = '' buildPhase = ''

85
m/hut/ompss2-timer.nix Normal file
View File

@@ -0,0 +1,85 @@
{ config, pkgs, ... }:
{
systemd.timers = {
"ompss2-closing" = {
wantedBy = [ "timers.target" ];
timerConfig = {
Unit = "ompss2-closing.service";
OnCalendar = [ "*-03-15 07:00:00" "*-09-15 07:00:00"];
};
};
"ompss2-freeze" = {
wantedBy = [ "timers.target" ];
timerConfig = {
Unit = "ompss2-freeze.service";
OnCalendar = [ "*-04-15 07:00:00" "*-10-15 07:00:00" ];
};
};
"ompss2-release" = {
wantedBy = [ "timers.target" ];
timerConfig = {
Unit = "ompss2-release.service";
OnCalendar = [ "*-05-15 07:00:00" "*-11-15 07:00:00" ];
};
};
};
systemd.services =
let
closing = pkgs.writeText "closing.txt"
''
Subject: OmpSs-2 release enters closing period
Hi,
You have one month to merge the remaining features for the next OmpSs-2
release. Please, identify what needs to be merged and discuss it in the next
OmpSs-2 meeting.
Thanks!,
Jungle robot
'';
freeze = pkgs.writeText "freeze.txt"
''
Subject: OmpSs-2 release enters freeze period
Hi,
The period to introduce new features or breaking changes is over, only bug
fixes are allowed now. During this time, please prepare the release notes
to be included in the next OmpSs-2 release.
Thanks!,
Jungle robot
'';
release = pkgs.writeText "release.txt"
''
Subject: OmpSs-2 release now
Hi,
The period to introduce bug fixes is now over. Please, proceed to do the
OmpSs-2 release.
Thanks!,
Jungle robot
'';
mkServ = name: mail: {
"ompss2-${name}" = {
script = ''
set -eu
set -o pipefail
cat ${mail} | ${config.security.wrapperDir}/sendmail star@bsc.es
'';
serviceConfig = {
Type = "oneshot";
DynamicUser = true;
Group = "mail-robot";
};
};
};
in
(mkServ "closing" closing) //
(mkServ "freeze" freeze) //
(mkServ "release" release);
}

357
m/module/agenix.nix Normal file
View File

@@ -0,0 +1,357 @@
{
config,
options,
lib,
pkgs,
...
}:
with lib;
let
cfg = config.age;
isDarwin = lib.attrsets.hasAttrByPath [ "environment" "darwinConfig" ] options;
ageBin = config.age.ageBin;
users = config.users.users;
sysusersEnabled =
if isDarwin then
false
else
options.systemd ? sysusers && (config.systemd.sysusers.enable || config.services.userborn.enable);
mountCommand =
if isDarwin then
''
if ! diskutil info "${cfg.secretsMountPoint}" &> /dev/null; then
num_sectors=1048576
dev=$(hdiutil attach -nomount ram://"$num_sectors" | sed 's/[[:space:]]*$//')
newfs_hfs -v agenix "$dev"
mount -t hfs -o nobrowse,nodev,nosuid,-m=0751 "$dev" "${cfg.secretsMountPoint}"
fi
''
else
''
grep -q "${cfg.secretsMountPoint} ramfs" /proc/mounts ||
mount -t ramfs none "${cfg.secretsMountPoint}" -o nodev,nosuid,mode=0751
'';
newGeneration = ''
_agenix_generation="$(basename "$(readlink ${cfg.secretsDir})" || echo 0)"
(( ++_agenix_generation ))
echo "[agenix] creating new generation in ${cfg.secretsMountPoint}/$_agenix_generation"
mkdir -p "${cfg.secretsMountPoint}"
chmod 0751 "${cfg.secretsMountPoint}"
${mountCommand}
mkdir -p "${cfg.secretsMountPoint}/$_agenix_generation"
chmod 0751 "${cfg.secretsMountPoint}/$_agenix_generation"
'';
chownGroup = if isDarwin then "admin" else "keys";
# chown the secrets mountpoint and the current generation to the keys group
# instead of leaving it root:root.
chownMountPoint = ''
chown :${chownGroup} "${cfg.secretsMountPoint}" "${cfg.secretsMountPoint}/$_agenix_generation"
'';
setTruePath = secretType: ''
${
if secretType.symlink then
''
_truePath="${cfg.secretsMountPoint}/$_agenix_generation/${secretType.name}"
''
else
''
_truePath="${secretType.path}"
''
}
'';
installSecret = secretType: ''
${setTruePath secretType}
echo "decrypting '${secretType.file}' to '$_truePath'..."
TMP_FILE="$_truePath.tmp"
IDENTITIES=()
for identity in ${toString cfg.identityPaths}; do
test -r "$identity" || continue
test -s "$identity" || continue
IDENTITIES+=(-i)
IDENTITIES+=("$identity")
done
test "''${#IDENTITIES[@]}" -eq 0 && echo "[agenix] WARNING: no readable identities found!"
mkdir -p "$(dirname "$_truePath")"
[ "${secretType.path}" != "${cfg.secretsDir}/${secretType.name}" ] && mkdir -p "$(dirname "${secretType.path}")"
(
umask u=r,g=,o=
test -f "${secretType.file}" || echo '[agenix] WARNING: encrypted file ${secretType.file} does not exist!'
test -d "$(dirname "$TMP_FILE")" || echo "[agenix] WARNING: $(dirname "$TMP_FILE") does not exist!"
LANG=${
config.i18n.defaultLocale or "C"
} ${ageBin} --decrypt "''${IDENTITIES[@]}" -o "$TMP_FILE" "${secretType.file}"
)
chmod ${secretType.mode} "$TMP_FILE"
mv -f "$TMP_FILE" "$_truePath"
${optionalString secretType.symlink ''
[ "${secretType.path}" != "${cfg.secretsDir}/${secretType.name}" ] && ln -sfT "${cfg.secretsDir}/${secretType.name}" "${secretType.path}"
''}
'';
testIdentities = map (path: ''
test -f ${path} || echo '[agenix] WARNING: config.age.identityPaths entry ${path} not present!'
'') cfg.identityPaths;
cleanupAndLink = ''
_agenix_generation="$(basename "$(readlink ${cfg.secretsDir})" || echo 0)"
(( ++_agenix_generation ))
echo "[agenix] symlinking new secrets to ${cfg.secretsDir} (generation $_agenix_generation)..."
ln -sfT "${cfg.secretsMountPoint}/$_agenix_generation" ${cfg.secretsDir}
(( _agenix_generation > 1 )) && {
echo "[agenix] removing old secrets (generation $(( _agenix_generation - 1 )))..."
rm -rf "${cfg.secretsMountPoint}/$(( _agenix_generation - 1 ))"
}
'';
installSecrets = builtins.concatStringsSep "\n" (
[ "echo '[agenix] decrypting secrets...'" ]
++ testIdentities
++ (map installSecret (builtins.attrValues cfg.secrets))
++ [ cleanupAndLink ]
);
chownSecret = secretType: ''
${setTruePath secretType}
chown ${secretType.owner}:${secretType.group} "$_truePath"
'';
chownSecrets = builtins.concatStringsSep "\n" (
[ "echo '[agenix] chowning...'" ]
++ [ chownMountPoint ]
++ (map chownSecret (builtins.attrValues cfg.secrets))
);
secretType = types.submodule (
{ config, ... }:
{
options = {
name = mkOption {
type = types.str;
default = config._module.args.name;
defaultText = literalExpression "config._module.args.name";
description = ''
Name of the file used in {option}`age.secretsDir`
'';
};
file = mkOption {
type = types.path;
description = ''
Age file the secret is loaded from.
'';
};
path = mkOption {
type = types.str;
default = "${cfg.secretsDir}/${config.name}";
defaultText = literalExpression ''
"''${cfg.secretsDir}/''${config.name}"
'';
description = ''
Path where the decrypted secret is installed.
'';
};
mode = mkOption {
type = types.str;
default = "0400";
description = ''
Permissions mode of the decrypted secret in a format understood by chmod.
'';
};
owner = mkOption {
type = types.str;
default = "0";
description = ''
User of the decrypted secret.
'';
};
group = mkOption {
type = types.str;
default = users.${config.owner}.group or "0";
defaultText = literalExpression ''
users.''${config.owner}.group or "0"
'';
description = ''
Group of the decrypted secret.
'';
};
symlink = mkEnableOption "symlinking secrets to their destination" // {
default = true;
};
};
}
);
in
{
imports = [
(mkRenamedOptionModule [ "age" "sshKeyPaths" ] [ "age" "identityPaths" ])
];
options.age = {
ageBin = mkOption {
type = types.str;
default = "${pkgs.age}/bin/age";
defaultText = literalExpression ''
"''${pkgs.age}/bin/age"
'';
description = ''
The age executable to use.
'';
};
secrets = mkOption {
type = types.attrsOf secretType;
default = { };
description = ''
Attrset of secrets.
'';
};
secretsDir = mkOption {
type = types.path;
default = "/run/agenix";
description = ''
Folder where secrets are symlinked to
'';
};
secretsMountPoint = mkOption {
type =
types.addCheck types.str (
s:
(builtins.match "[ \t\n]*" s) == null # non-empty
&& (builtins.match ".+/" s) == null
) # without trailing slash
// {
description = "${types.str.description} (with check: non-empty without trailing slash)";
};
default = "/run/agenix.d";
description = ''
Where secrets are created before they are symlinked to {option}`age.secretsDir`
'';
};
identityPaths = mkOption {
type = types.listOf types.path;
default =
if isDarwin then
[
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_rsa_key"
]
else if (config.services.openssh.enable or false) then
map (e: e.path) (
lib.filter (e: e.type == "rsa" || e.type == "ed25519") config.services.openssh.hostKeys
)
else
[ ];
defaultText = literalExpression ''
if isDarwin
then [
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_rsa_key"
]
else if (config.services.openssh.enable or false)
then map (e: e.path) (lib.filter (e: e.type == "rsa" || e.type == "ed25519") config.services.openssh.hostKeys)
else [];
'';
description = ''
Path to SSH keys to be used as identities in age decryption.
'';
};
};
config = mkIf (cfg.secrets != { }) (mkMerge [
{
assertions = [
{
assertion = cfg.identityPaths != [ ];
message = "age.identityPaths must be set, for example by enabling openssh.";
}
];
}
(optionalAttrs (!isDarwin) {
# When using sysusers we no longer be started as an activation script
# because those are started in initrd while sysusers is started later.
systemd.services.agenix-install-secrets = mkIf sysusersEnabled {
wantedBy = [ "sysinit.target" ];
after = [ "systemd-sysusers.service" ];
unitConfig.DefaultDependencies = "no";
path = [ pkgs.mount ];
serviceConfig = {
Type = "oneshot";
ExecStart = pkgs.writeShellScript "agenix-install" (concatLines [
newGeneration
installSecrets
chownSecrets
]);
RemainAfterExit = true;
};
};
# Create a new directory full of secrets for symlinking (this helps
# ensure removed secrets are actually removed, or at least become
# invalid symlinks).
system.activationScripts = mkIf (!sysusersEnabled) {
agenixNewGeneration = {
text = newGeneration;
deps = [
"specialfs"
];
};
agenixInstall = {
text = installSecrets;
deps = [
"agenixNewGeneration"
"specialfs"
];
};
# So user passwords can be encrypted.
users.deps = [ "agenixInstall" ];
# Change ownership and group after users and groups are made.
agenixChown = {
text = chownSecrets;
deps = [
"users"
"groups"
];
};
# So other activation scripts can depend on agenix being done.
agenix = {
text = "";
deps = [ "agenixChown" ];
};
};
})
(optionalAttrs isDarwin {
launchd.daemons.activate-agenix = {
script = ''
set -e
set -o pipefail
export PATH="${pkgs.gnugrep}/bin:${pkgs.coreutils}/bin:@out@/sw/bin:/usr/bin:/bin:/usr/sbin:/sbin"
${newGeneration}
${installSecrets}
${chownSecrets}
exit 0
'';
serviceConfig = {
RunAtLoad = true;
KeepAlive.SuccessfulExit = false;
};
};
})
]);
}

4
m/module/slurm-common.nix
View File

@@ -86,9 +86,7 @@ in {
# when a task runs (srun) so we can ssh early. # when a task runs (srun) so we can ssh early.
PrologFlags=Alloc,Contain,X11 PrologFlags=Alloc,Contain,X11
# LaunchParameters=ulimit_pam_adopt will set RLIMIT_RSS in processes LaunchParameters=use_interactive_step
# adopted by the external step, similar to tasks running in regular steps
# LaunchParameters=ulimit_pam_adopt
SlurmdDebug=debug5 SlurmdDebug=debug5
#DebugFlags=Protocol,Cgroup #DebugFlags=Protocol,Cgroup
''; '';

4
m/tent/nginx.nix
View File

@@ -4,8 +4,8 @@ let
name = "jungle-web"; name = "jungle-web";
src = pkgs.fetchgit { src = pkgs.fetchgit {
url = "https://jungle.bsc.es/git/rarias/jungle-website.git"; url = "https://jungle.bsc.es/git/rarias/jungle-website.git";
rev = "739bf0175a7f05380fe7ad7023ff1d60db1710e1"; rev = "52abaf4d71652a9ef77a0b098db14ca33bffff4c";
hash = "sha256-ea5DzhYTzZ9TmqD+x95rdNdLbxPnBluqlYH2NmBYmc4="; hash = "sha256-/ul9GazbOrOkmlvSgDz/+2W+V+ir5725Y7mVLc3rb0M=";
}; };
buildInputs = [ pkgs.hugo ]; buildInputs = [ pkgs.hugo ];
buildPhase = '' buildPhase = ''

2
overlay.nix
View File

@@ -7,6 +7,7 @@ let
callPackage = final.callPackage; callPackage = final.callPackage;
bscPkgs = { bscPkgs = {
agenix = prev.callPackage ./pkgs/agenix/default.nix { };
amd-uprof = prev.callPackage ./pkgs/amd-uprof/default.nix { }; amd-uprof = prev.callPackage ./pkgs/amd-uprof/default.nix { };
bench6 = callPackage ./pkgs/bench6/default.nix { }; bench6 = callPackage ./pkgs/bench6/default.nix { };
bigotes = callPackage ./pkgs/bigotes/default.nix { }; bigotes = callPackage ./pkgs/bigotes/default.nix { };
@@ -50,6 +51,7 @@ let
prometheus-slurm-exporter = prev.callPackage ./pkgs/slurm-exporter/default.nix { }; prometheus-slurm-exporter = prev.callPackage ./pkgs/slurm-exporter/default.nix { };
#pscom = callPackage ./pkgs/parastation/pscom.nix { }; # Unmaintaned #pscom = callPackage ./pkgs/parastation/pscom.nix { }; # Unmaintaned
#psmpi = callPackage ./pkgs/parastation/psmpi.nix { }; # Unmaintaned #psmpi = callPackage ./pkgs/parastation/psmpi.nix { }; # Unmaintaned
slurm = import ./pkgs/slurm/default.nix { slurm = prev.slurm; };
sonar = callPackage ./pkgs/sonar/default.nix { }; sonar = callPackage ./pkgs/sonar/default.nix { };
stdenvClangOmpss2 = final.stdenv.override { cc = final.clangOmpss2; allowedRequisites = null; }; stdenvClangOmpss2 = final.stdenv.override { cc = final.clangOmpss2; allowedRequisites = null; };
stdenvClangOmpss2Nanos6 = final.stdenv.override { cc = final.clangOmpss2Nanos6; allowedRequisites = null; }; stdenvClangOmpss2Nanos6 = final.stdenv.override { cc = final.clangOmpss2Nanos6; allowedRequisites = null; };

212
pkgs/agenix/agenix.sh Normal file
View File

@@ -0,0 +1,212 @@
#!/usr/bin/env bash
set -Eeuo pipefail
PACKAGE="agenix"
function show_help () {
echo "$PACKAGE - edit and rekey age secret files"
echo " "
echo "$PACKAGE -e FILE [-i PRIVATE_KEY]"
echo "$PACKAGE -r [-i PRIVATE_KEY]"
echo ' '
echo 'options:'
echo '-h, --help show help'
# shellcheck disable=SC2016
echo '-e, --edit FILE edits FILE using $EDITOR'
echo '-r, --rekey re-encrypts all secrets with specified recipients'
echo '-d, --decrypt FILE decrypts FILE to STDOUT'
echo '-i, --identity identity to use when decrypting'
echo '-v, --verbose verbose output'
echo ' '
echo 'FILE an age-encrypted file'
echo ' '
echo 'PRIVATE_KEY a path to a private SSH key used to decrypt file'
echo ' '
echo 'EDITOR environment variable of editor to use when editing FILE'
echo ' '
echo 'If STDIN is not interactive, EDITOR will be set to "cp /dev/stdin"'
echo ' '
echo 'RULES environment variable with path to Nix file specifying recipient public keys.'
echo "Defaults to './secrets.nix'"
echo ' '
echo "agenix version: @version@"
echo "age binary path: @ageBin@"
echo "age version: $(@ageBin@ --version)"
}
function warn() {
printf '%s\n' "$*" >&2
}
function err() {
warn "$*"
exit 1
}
test $# -eq 0 && (show_help && exit 1)
REKEY=0
DECRYPT_ONLY=0
DEFAULT_DECRYPT=(--decrypt)
while test $# -gt 0; do
case "$1" in
-h|--help)
show_help
exit 0
;;
-e|--edit)
shift
if test $# -gt 0; then
export FILE=$1
else
echo "no FILE specified"
exit 1
fi
shift
;;
-i|--identity)
shift
if test $# -gt 0; then
DEFAULT_DECRYPT+=(--identity "$1")
else
echo "no PRIVATE_KEY specified"
exit 1
fi
shift
;;
-r|--rekey)
shift
REKEY=1
;;
-d|--decrypt)
shift
DECRYPT_ONLY=1
if test $# -gt 0; then
export FILE=$1
else
echo "no FILE specified"
exit 1
fi
shift
;;
-v|--verbose)
shift
set -x
;;
*)
show_help
exit 1
;;
esac
done
RULES=${RULES:-./secrets.nix}
function cleanup {
if [ -n "${CLEARTEXT_DIR+x}" ]
then
rm -rf -- "$CLEARTEXT_DIR"
fi
if [ -n "${REENCRYPTED_DIR+x}" ]
then
rm -rf -- "$REENCRYPTED_DIR"
fi
}
trap "cleanup" 0 2 3 15
function keys {
(@nixInstantiate@ --json --eval --strict -E "(let rules = import $RULES; in rules.\"$1\".publicKeys)" | @jqBin@ -r .[]) || exit 1
}
function armor {
(@nixInstantiate@ --json --eval --strict -E "(let rules = import $RULES; in (builtins.hasAttr \"armor\" rules.\"$1\" && rules.\"$1\".armor))") || exit 1
}
function decrypt {
FILE=$1
KEYS=$2
if [ -z "$KEYS" ]
then
err "There is no rule for $FILE in $RULES."
fi
if [ -f "$FILE" ]
then
DECRYPT=("${DEFAULT_DECRYPT[@]}")
if [[ "${DECRYPT[*]}" != *"--identity"* ]]; then
if [ -f "$HOME/.ssh/id_rsa" ]; then
DECRYPT+=(--identity "$HOME/.ssh/id_rsa")
fi
if [ -f "$HOME/.ssh/id_ed25519" ]; then
DECRYPT+=(--identity "$HOME/.ssh/id_ed25519")
fi
fi
if [[ "${DECRYPT[*]}" != *"--identity"* ]]; then
err "No identity found to decrypt $FILE. Try adding an SSH key at $HOME/.ssh/id_rsa or $HOME/.ssh/id_ed25519 or using the --identity flag to specify a file."
fi
@ageBin@ "${DECRYPT[@]}" -- "$FILE" || exit 1
fi
}
function edit {
FILE=$1
KEYS=$(keys "$FILE") || exit 1
ARMOR=$(armor "$FILE") || exit 1
CLEARTEXT_DIR=$(@mktempBin@ -d)
CLEARTEXT_FILE="$CLEARTEXT_DIR/$(basename -- "$FILE")"
DEFAULT_DECRYPT+=(-o "$CLEARTEXT_FILE")
decrypt "$FILE" "$KEYS" || exit 1
[ ! -f "$CLEARTEXT_FILE" ] || cp -- "$CLEARTEXT_FILE" "$CLEARTEXT_FILE.before"
[ -t 0 ] || EDITOR='cp -- /dev/stdin'
$EDITOR "$CLEARTEXT_FILE"
if [ ! -f "$CLEARTEXT_FILE" ]
then
warn "$FILE wasn't created."
return
fi
[ -f "$FILE" ] && [ "$EDITOR" != ":" ] && @diffBin@ -q -- "$CLEARTEXT_FILE.before" "$CLEARTEXT_FILE" && warn "$FILE wasn't changed, skipping re-encryption." && return
ENCRYPT=()
if [[ "$ARMOR" == "true" ]]; then
ENCRYPT+=(--armor)
fi
while IFS= read -r key
do
if [ -n "$key" ]; then
ENCRYPT+=(--recipient "$key")
fi
done <<< "$KEYS"
REENCRYPTED_DIR=$(@mktempBin@ -d)
REENCRYPTED_FILE="$REENCRYPTED_DIR/$(basename -- "$FILE")"
ENCRYPT+=(-o "$REENCRYPTED_FILE")
@ageBin@ "${ENCRYPT[@]}" <"$CLEARTEXT_FILE" || exit 1
mkdir -p -- "$(dirname -- "$FILE")"
mv -f -- "$REENCRYPTED_FILE" "$FILE"
}
function rekey {
FILES=$( (@nixInstantiate@ --json --eval -E "(let rules = import $RULES; in builtins.attrNames rules)" | @jqBin@ -r .[]) || exit 1)
for FILE in $FILES
do
warn "rekeying $FILE..."
EDITOR=: edit "$FILE"
cleanup
done
}
[ $REKEY -eq 1 ] && rekey && exit 0
[ $DECRYPT_ONLY -eq 1 ] && DEFAULT_DECRYPT+=("-o" "-") && decrypt "${FILE}" "$(keys "$FILE")" && exit 0
edit "$FILE" && cleanup && exit 0

66
pkgs/agenix/default.nix Normal file
View File

@@ -0,0 +1,66 @@
{
lib,
stdenv,
age,
jq,
nix,
mktemp,
diffutils,
replaceVars,
ageBin ? "${age}/bin/age",
shellcheck,
}:
let
bin = "${placeholder "out"}/bin/agenix";
in
stdenv.mkDerivation rec {
pname = "agenix";
version = "0.15.0";
src = replaceVars ./agenix.sh {
inherit ageBin version;
jqBin = "${jq}/bin/jq";
nixInstantiate = "${nix}/bin/nix-instantiate";
mktempBin = "${mktemp}/bin/mktemp";
diffBin = "${diffutils}/bin/diff";
};
dontUnpack = true;
doInstallCheck = true;
installCheckInputs = [ shellcheck ];
postInstallCheck = ''
shellcheck ${bin}
${bin} -h | grep ${version}
test_tmp=$(mktemp -d 2>/dev/null || mktemp -d -t 'mytmpdir')
export HOME="$test_tmp/home"
export NIX_STORE_DIR="$test_tmp/nix/store"
export NIX_STATE_DIR="$test_tmp/nix/var"
mkdir -p "$HOME" "$NIX_STORE_DIR" "$NIX_STATE_DIR"
function cleanup {
rm -rf "$test_tmp"
}
trap "cleanup" 0 2 3 15
mkdir -p $HOME/.ssh
cp -r "${./example}" $HOME/secrets
chmod -R u+rw $HOME/secrets
(
umask u=rw,g=r,o=r
cp ${./example_keys/user1.pub} $HOME/.ssh/id_ed25519.pub
chown $UID $HOME/.ssh/id_ed25519.pub
)
(
umask u=rw,g=,o=
cp ${./example_keys/user1} $HOME/.ssh/id_ed25519
chown $UID $HOME/.ssh/id_ed25519
)
cd $HOME/secrets
test $(${bin} -d secret1.age) = "hello"
'';
installPhase = ''
install -D $src ${bin}
'';
meta.description = "age-encrypted secrets for NixOS";
}

7
pkgs/agenix/example/-leading-hyphen-filename.age Normal file
View File

@@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 V3XmEA zirqdzZZ1E+sedBn7fbEHq4ntLEkokZ4GctarBBOHXY
Rvs5YHaAUeCZyNwPedubPcHClWYIuXXWA5zadXPWY6w
-> ssh-ed25519 KLPP8w BVp4rDkOYSQyn8oVeHFeinSqW+pdVtxBF9+5VM1yORY
bMwppAi8Nhz0328taU4AzUkTVyWtSLvFZG6c5W/Fs78
--- xCbqLhXAcOziO2wmbjTiSQfZvt5Rlsc4SCvF+iEzpQA
<EFBFBD>KB<EFBFBD><EFBFBD>/<2F>Z<><5A>r<EFBFBD>%<01><>4<EFBFBD><34><EFBFBD>Mq5<71><35>_<EFBFBD><5F>ݒ<><DD92><EFBFBD><EFBFBD><EFBFBD>11 ܨqM;& <20><>Lr<4C><72><EFBFBD>f<EFBFBD><66><EFBFBD>]>N

7
pkgs/agenix/example/armored-secret.age Normal file
View File

@@ -0,0 +1,7 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFYzWG1FQSBpZkZW
aFpLNnJxc0VUMHRmZ2dZS0pjMGVENnR3OHd5K0RiT1RjRUhibFZBCnN5UG5vUjA3
SXpsNGtiVUw4T0tIVFo5Wkk5QS9NQlBndzVvektiQ0ozc0kKLS0tIGxyY1Q4dEZ1
VGZEanJyTFNta2JNRmpZb2FnK2JyS1hSVml1UGdMNWZKQXMKYla+wTXcRedyZoEb
LVWaSx49WoUTU0KBPJg9RArxaeC23GoCDzR/aM/1DvYU
-----END AGE ENCRYPTED FILE-----

9
pkgs/agenix/example/passwordfile-user1.age Normal file
View File

@@ -0,0 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 KLPP8w s1DYZRlZuSsyhmZCF1lFB+E9vB8bZ/+ZhBRlx8nprwE
nmYVCsVBrX2CFXXPU+D+bbkkIe/foofp+xoUrg9DHZw
-> ssh-ed25519 V3XmEA Pwv3oCwcY0DX8rY48UNfsj9RumWsn4dbgorYHCwObgI
FKxRYkL3JHtJxUwymWDF0rAtJ33BivDI6IfPsfumM90
-> V'v(/u$-grease em/Vgf 2qDuk
7I3iiQLPGi1COML9u/JeYkr7EqbSLoU
--- 57WJRigUGtmcObrssS3s4PvmR8wgh1AOC/ijJn1s3xI
<EFBFBD>'K<>ƷY&<26>7G<37>O<EFBFBD><4F>Fj<13>k<EFBFBD>X<EFBFBD><58>BnuJ<75><4A>:9<>(<><7F><EFBFBD>X<EFBFBD>#<23>A<EFBFBD><41><EFBFBD><EFBFBD>ڧj<DAA7>,<02>_<17><><EFBFBD>?<3F>Z<EFBFBD><17>v<EFBFBD><76>V<EFBFBD>96]oks~%<25>c <04>e^C<>%JQ5<51><H<>z}<7D>C<EFBFBD>,<2C>p<EFBFBD><70>*!W<><57><EFBFBD>A<EFBFBD><41><EFBFBD>҅dC<15>K)<10><>-<2D>y

BIN
pkgs/agenix/example/secret1.age Normal file
View File

Binary file not shown.

5
pkgs/agenix/example/secret2.age Normal file
View File

@@ -0,0 +1,5 @@
age-encryption.org/v1
-> ssh-ed25519 V3XmEA OB4+1FbPhQ3r6iGksM7peWX5it8NClpXIq/o5nnP7GA
FmHVUj+A5i5+bDFgySQskmlvynnosJiWUTJmBRiNA9I
--- tP+3mFVtd7ogVu1Lkboh55zoi5a77Ht08Uc/QuIviv4
<EFBFBD><EFBFBD>X<EFBFBD>{<7B><>O<EFBFBD><4F><1F><04>tMXx<58>vӪ(<28>I<EFBFBD>myP<79><50><EFBFBD><EFBFBD>+3<>S3i

23
pkgs/agenix/example/secrets.nix Normal file
View File

@@ -0,0 +1,23 @@
let
user1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL0idNvgGiucWgup/mP78zyC23uFjYq0evcWdjGQUaBH";
system1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPJDyIr/FSz1cJdcoW69R+NrWzwGK/+3gJpqD1t8L2zE";
in
{
"secret1.age".publicKeys = [
user1
system1
];
"secret2.age".publicKeys = [ user1 ];
"passwordfile-user1.age".publicKeys = [
user1
system1
];
"-leading-hyphen-filename.age".publicKeys = [
user1
system1
];
"armored-secret.age" = {
publicKeys = [ user1 ];
armor = true;
};
}

7
pkgs/agenix/example_keys/system1 Normal file
View File

@@ -0,0 +1,7 @@
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
QyNTUxOQAAACDyQ8iK/xUs9XCXXKFuvUfja1s8Biv/t4Caag9bfC9sxAAAAJA3yvCWN8rw
lgAAAAtzc2gtZWQyNTUxOQAAACDyQ8iK/xUs9XCXXKFuvUfja1s8Biv/t4Caag9bfC9sxA
AAAEA+J2V6AG1NriAIvnNKRauIEh1JE9HSdhvKJ68a5Fm0w/JDyIr/FSz1cJdcoW69R+Nr
WzwGK/+3gJpqD1t8L2zEAAAADHJ5YW50bUBob21lMQE=
-----END OPENSSH PRIVATE KEY-----

1
pkgs/agenix/example_keys/system1.pub Normal file
View File

@@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPJDyIr/FSz1cJdcoW69R+NrWzwGK/+3gJpqD1t8L2zE

7
pkgs/agenix/example_keys/user1 Normal file
View File

@@ -0,0 +1,7 @@
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
QyNTUxOQAAACC9InTb4BornFoLqf5j+/M8gtt7hY2KtHr3FnYxkFGgRwAAAJC2JJ8htiSf
IQAAAAtzc2gtZWQyNTUxOQAAACC9InTb4BornFoLqf5j+/M8gtt7hY2KtHr3FnYxkFGgRw
AAAEDxt5gC/s53IxiKAjfZJVCCcFIsdeERdIgbYhLO719+Kb0idNvgGiucWgup/mP78zyC
23uFjYq0evcWdjGQUaBHAAAADHJ5YW50bUBob21lMQE=
-----END OPENSSH PRIVATE KEY-----

1
pkgs/agenix/example_keys/user1.pub Normal file
View File

@@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL0idNvgGiucWgup/mP78zyC23uFjYq0evcWdjGQUaBH

23
pkgs/agenix/update.sh Executable file
View File

@@ -0,0 +1,23 @@
#!/bin/sh
set -e
# All operations are done relative to root
GITROOT=$(git rev-parse --show-toplevel)
cd "$GITROOT"
REVISION=${1:-main}
TMPCLONE=$(mktemp -d)
trap "rm -rf ${TMPCLONE}" EXIT
git clone https://github.com/ryantm/agenix.git --revision="$REVISION" "$TMPCLONE" --depth=1
cp "${TMPCLONE}/pkgs/agenix.sh" pkgs/agenix/agenix.sh
cp "${TMPCLONE}/pkgs/agenix.nix" pkgs/agenix/default.nix
sed -i 's#../example#./example#' pkgs/agenix/default.nix
cp "${TMPCLONE}/example/"* pkgs/agenix/example/
cp "${TMPCLONE}/example_keys/"* pkgs/agenix/example_keys/
cp "${TMPCLONE}/modules/age.nix" m/module/agenix.nix

3
pkgs/nodes/default.nix
View File

@@ -3,7 +3,6 @@
, lib , lib
, fetchFromGitHub , fetchFromGitHub
, pkg-config , pkg-config
, perl
, numactl , numactl
, hwloc , hwloc
, boost , boost
@@ -11,6 +10,7 @@
, ovni , ovni
, nosv , nosv
, clangOmpss2 , clangOmpss2
, which
, useGit ? false , useGit ? false
, gitUrl ? "ssh://git@gitlab-internal.bsc.es/nos-v/nodes.git" , gitUrl ? "ssh://git@gitlab-internal.bsc.es/nos-v/nodes.git"
, gitBranch ? "master" , gitBranch ? "master"
@@ -59,6 +59,7 @@ in
doCheck = false; doCheck = false;
nativeCheckInputs = [ nativeCheckInputs = [
clangOmpss2 clangOmpss2
which
]; ];
# The "bindnow" flags are incompatible with ifunc resolution mechanism. We # The "bindnow" flags are incompatible with ifunc resolution mechanism. We

35
pkgs/paraver/default.nix
View File

@@ -1,5 +1,4 @@
{ { stdenv
stdenv
, lib , lib
, fetchFromGitHub , fetchFromGitHub
, autoreconfHook , autoreconfHook
@@ -13,14 +12,17 @@
, openssl , openssl
, glibcLocales , glibcLocales
, wrapGAppsHook , wrapGAppsHook
, enableDebug ? false
}: }:
let let
wx = wxGTK32; wx = wxGTK32;
in
stdenv.mkDerivation rec {
pname = "wxparaver";
version = "4.12.0"; version = "4.12.0";
in
stdenv.mkDerivation {
pname = "wxparaver";
inherit version;
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "bsc-performance-tools"; owner = "bsc-performance-tools";
@@ -37,21 +39,26 @@ stdenv.mkDerivation rec {
./fix-boost-87.patch ./fix-boost-87.patch
]; ];
hardeningDisable = [ "all" ];
# Fix the PARAVER_HOME variable # Fix the PARAVER_HOME variable
postPatch = '' postPatch = ''
sed -i 's@^PARAVER_HOME=.*$@PARAVER_HOME='$out'@g' docs/wxparaver sed -i 's@^PARAVER_HOME=.*$@PARAVER_HOME='$out'@g' docs/wxparaver
sed -i '1aexport LOCALE_ARCHIVE="${glibcLocales}/lib/locale/locale-archive"' docs/wxparaver sed -i '1aexport LOCALE_ARCHIVE="${glibcLocales}/lib/locale/locale-archive"' docs/wxparaver
''; '';
dontStrip = true;
enableParallelBuilding = true; enableParallelBuilding = true;
preConfigure = '' hardeningDisable = [ "all" ];
export CFLAGS="-O3"
export CXXFLAGS="-O3" dontStrip = true;
'';
env =
let
flags = if enableDebug then "-ggdb -Og" else "-O3";
in
{
CFLAGS = flags;
CXXFLAGS = flags;
};
configureFlags = [ configureFlags = [
"--with-boost=${boost}" "--with-boost=${boost}"
@@ -69,11 +76,11 @@ stdenv.mkDerivation rec {
buildInputs = [ buildInputs = [
boost boost
libxml2.dev libxml2
xml2 xml2
wx wx
paraverKernel paraverKernel
openssl.dev openssl
]; ];
postInstall = '' postInstall = ''

24
pkgs/paraver/kernel.nix
View File

@@ -1,5 +1,4 @@
{ { stdenv
stdenv
, lib , lib
, fetchFromGitHub , fetchFromGitHub
, autoreconfHook , autoreconfHook
@@ -10,11 +9,16 @@
, automake , automake
, pkg-config , pkg-config
, zlib , zlib
, enableDebug ? false
}: }:
stdenv.mkDerivation rec { let
pname = "paraver-kernel";
version = "4.12.0"; version = "4.12.0";
in
stdenv.mkDerivation {
pname = "paraver-kernel";
inherit version;
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "bsc-performance-tools"; owner = "bsc-performance-tools";
@@ -35,10 +39,14 @@ stdenv.mkDerivation rec {
dontStrip = true; dontStrip = true;
preConfigure = '' env =
export CFLAGS="-O3 -DPARALLEL_ENABLED" let
export CXXFLAGS="-O3 -DPARALLEL_ENABLED" flags = "-DPARALLEL_ENABLED " + (if enableDebug then "-ggdb -Og" else "-O3");
''; in
{
CFLAGS = flags;
CXXFLAGS = flags;
};
configureFlags = [ configureFlags = [
"--with-boost=${boost}" "--with-boost=${boost}"