abonerib/jungle
1
0
Fork 0
forked from rarias/jungle
Code Pull Requests 2 Actions Activity

Compare commits

base: abonerib:pkgs/pocl
Branches Tags
abonerib:main-test abonerib:test-hello abonerib:desc abonerib:llvm-intel abonerib:pkgs/tasycl abonerib:master abonerib:enableStrictDeps abonerib:nix-portable-riscv abonerib:ompss-ninja abonerib:selfhost-actions abonerib:nix-portable abonerib:pkgs/pocl abonerib:weasel-gitea-test abonerib:fix/cross/ompss-2 abonerib:mega-merge abonerib:pkgs/tacuda abonerib:upgrade/25.11 abonerib:fix/cross-clang abonerib:add-private abonerib:fix/paraver abonerib:pkgs/gromacs abonerib:pkgs/aocc abonerib:pkgs/clsparse abonerib:pkgs/taopencl abonerib:quick-shell abonerib:fix/gcc14 abonerib:remove-old abonerib:remove-inputs abonerib:weasel-hydra abonerib:feat/hydra rarias:fox-limit rarias:master rarias:use-pam rarias:slurm-groups rarias:add-nextcloud rarias:project-management rarias:fox-regression rarias:pkgs/tacuda rarias:robust-fetchGit rarias:old-master rarias:gitea-lfs rarias:only-restart-logins rarias:monitor-gpfs-home rarias:add-tent-machine rarias:m/raccoon rarias:add-fpga-u280 rarias:maintenance-purchase rarias:add-fox-machine rarias:share-files rarias:shared-nix-store rarias:intro-nix rarias:lake2-ipoib
..
compare: abonerib:fix/gcc14
Branches Tags
abonerib:test-hello abonerib:desc abonerib:main-test abonerib:llvm-intel abonerib:pkgs/tasycl abonerib:master abonerib:enableStrictDeps abonerib:nix-portable-riscv abonerib:ompss-ninja abonerib:selfhost-actions abonerib:nix-portable abonerib:pkgs/pocl abonerib:weasel-gitea-test abonerib:fix/cross/ompss-2 abonerib:mega-merge abonerib:pkgs/tacuda abonerib:upgrade/25.11 abonerib:fix/cross-clang abonerib:add-private abonerib:fix/paraver abonerib:pkgs/gromacs abonerib:pkgs/aocc abonerib:pkgs/clsparse abonerib:pkgs/taopencl abonerib:quick-shell abonerib:fix/gcc14 abonerib:remove-old abonerib:remove-inputs abonerib:weasel-hydra abonerib:feat/hydra rarias:fox-limit rarias:master rarias:use-pam rarias:slurm-groups rarias:add-nextcloud rarias:project-management rarias:fox-regression rarias:pkgs/tacuda rarias:robust-fetchGit rarias:old-master rarias:gitea-lfs rarias:only-restart-logins rarias:monitor-gpfs-home rarias:add-tent-machine rarias:m/raccoon rarias:add-fpga-u280 rarias:maintenance-purchase rarias:add-fox-machine rarias:share-files rarias:shared-nix-store rarias:intro-nix rarias:lake2-ipoib

2 Commits
pkgs/pocl ... fix/gcc14

Author SHA1 Message Date
Aleix Boné
33f41340aa Use standard gcc for intel packages 2025-10-13 15:07:29 +02:00
Aleix Boné
87dd7018f8 Update nixpkgs (gcc 14.2.1.20250322 -> 14.3.0) 
See: dc2e7bea50
 2025-10-13 15:06:43 +02:00
109 changed files with 43201 additions and 6791 deletions
Expand all files Collapse all files

90
flake.lock generated
View File

@@ -1,25 +1,107 @@
{ {
"nodes": { "nodes": {
"agenix": {
"inputs": {
"darwin": "darwin",
"home-manager": "home-manager",
"nixpkgs": [
"nixpkgs"
],
"systems": "systems"
},
"locked": {
"lastModified": 1750173260,
"narHash": "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=",
"owner": "ryantm",
"repo": "agenix",
"rev": "531beac616433bac6f9e2a19feb8e99a22a66baf",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1744478979,
"narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "43975d782b418ebf4969e9ccba82466728c2851b",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "master",
"repo": "nix-darwin",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1745494811,
"narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1767634882, "lastModified": 1760139962,
"narHash": "sha256-2GffSfQxe3sedHzK+sTKlYo/NTIAGzbFCIsNMUPAAnk=", "narHash": "sha256-4xggC56Rub3WInz5eD7EZWXuLXpNvJiUPahGtMkwtuc=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "3c9db02515ef1d9b6b709fc60ba9a540957f661c", "rev": "7e297ddff44a3cc93673bb38d0374df8d0ad73e4",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "nixos-25.11", "ref": "nixos-25.05",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"root": { "root": {
"inputs": { "inputs": {
"agenix": "agenix",
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs"
} }
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

8
flake.nix
View File

@@ -1,13 +1,15 @@
{ {
inputs = { inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05";
agenix.url = "github:ryantm/agenix";
agenix.inputs.nixpkgs.follows = "nixpkgs";
}; };
outputs = { self, nixpkgs, ... }: outputs = { self, nixpkgs, agenix, ... }:
let let
mkConf = name: nixpkgs.lib.nixosSystem { mkConf = name: nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
specialArgs = { inherit nixpkgs; theFlake = self; }; specialArgs = { inherit nixpkgs agenix; theFlake = self; };
modules = [ "${self.outPath}/m/${name}/configuration.nix" ]; modules = [ "${self.outPath}/m/${name}/configuration.nix" ];
}; };
# For now we only support x86 # For now we only support x86

3
keys.nix
View File

@@ -22,9 +22,8 @@ rec {
storage = [ bay lake2 ]; storage = [ bay lake2 ];
monitor = [ hut ]; monitor = [ hut ];
login = [ apex ]; login = [ apex ];
services = [ tent ];
system = storage ++ monitor ++ login ++ services; system = storage ++ monitor ++ login;
safe = system ++ compute; safe = system ++ compute;
all = safe ++ playground; all = safe ++ playground;
}; };

12
m/apex/configuration.nix
View File

@@ -57,18 +57,6 @@
}; };
}; };
services.fail2ban = {
enable = true;
maxretry = 5;
bantime-increment = {
enable = true; # Double ban time on each attack
maxtime = "7d"; # Ban up to a week
};
};
# Disable SSH login with password, allow only keypair
services.openssh.settings.PasswordAuthentication = false;
networking.firewall = { networking.firewall = {
extraCommands = '' extraCommands = ''
# Blackhole BSC vulnerability scanner (OpenVAS) as it is spamming our # Blackhole BSC vulnerability scanner (OpenVAS) as it is spamming our

26
m/apex/nfs.nix
View File

@@ -7,7 +7,7 @@
mountdPort = 4002; mountdPort = 4002;
statdPort = 4000; statdPort = 4000;
exports = '' exports = ''
/home 10.0.40.0/21(rw,async,no_subtree_check,no_root_squash) /home 10.0.40.0/24(rw,async,no_subtree_check,no_root_squash)
/home 10.106.0.0/24(rw,async,no_subtree_check,no_root_squash) /home 10.106.0.0/24(rw,async,no_subtree_check,no_root_squash)
''; '';
}; };
@@ -15,19 +15,19 @@
# Check with `rpcinfo -p` # Check with `rpcinfo -p`
extraCommands = '' extraCommands = ''
# Accept NFS traffic from compute nodes but not from the outside # Accept NFS traffic from compute nodes but not from the outside
iptables -A nixos-fw -p tcp -s 10.0.40.0/21 --dport 111 -j nixos-fw-accept iptables -A nixos-fw -p tcp -s 10.0.40.0/24 --dport 111 -j nixos-fw-accept
iptables -A nixos-fw -p tcp -s 10.0.40.0/21 --dport 2049 -j nixos-fw-accept iptables -A nixos-fw -p tcp -s 10.0.40.0/24 --dport 2049 -j nixos-fw-accept
iptables -A nixos-fw -p tcp -s 10.0.40.0/21 --dport 4000 -j nixos-fw-accept iptables -A nixos-fw -p tcp -s 10.0.40.0/24 --dport 4000 -j nixos-fw-accept
iptables -A nixos-fw -p tcp -s 10.0.40.0/21 --dport 4001 -j nixos-fw-accept iptables -A nixos-fw -p tcp -s 10.0.40.0/24 --dport 4001 -j nixos-fw-accept
iptables -A nixos-fw -p tcp -s 10.0.40.0/21 --dport 4002 -j nixos-fw-accept iptables -A nixos-fw -p tcp -s 10.0.40.0/24 --dport 4002 -j nixos-fw-accept
iptables -A nixos-fw -p tcp -s 10.0.40.0/21 --dport 20048 -j nixos-fw-accept iptables -A nixos-fw -p tcp -s 10.0.40.0/24 --dport 20048 -j nixos-fw-accept
# Same but UDP # Same but UDP
iptables -A nixos-fw -p udp -s 10.0.40.0/21 --dport 111 -j nixos-fw-accept iptables -A nixos-fw -p udp -s 10.0.40.0/24 --dport 111 -j nixos-fw-accept
iptables -A nixos-fw -p udp -s 10.0.40.0/21 --dport 2049 -j nixos-fw-accept iptables -A nixos-fw -p udp -s 10.0.40.0/24 --dport 2049 -j nixos-fw-accept
iptables -A nixos-fw -p udp -s 10.0.40.0/21 --dport 4000 -j nixos-fw-accept iptables -A nixos-fw -p udp -s 10.0.40.0/24 --dport 4000 -j nixos-fw-accept
iptables -A nixos-fw -p udp -s 10.0.40.0/21 --dport 4001 -j nixos-fw-accept iptables -A nixos-fw -p udp -s 10.0.40.0/24 --dport 4001 -j nixos-fw-accept
iptables -A nixos-fw -p udp -s 10.0.40.0/21 --dport 4002 -j nixos-fw-accept iptables -A nixos-fw -p udp -s 10.0.40.0/24 --dport 4002 -j nixos-fw-accept
iptables -A nixos-fw -p udp -s 10.0.40.0/21 --dport 20048 -j nixos-fw-accept iptables -A nixos-fw -p udp -s 10.0.40.0/24 --dport 20048 -j nixos-fw-accept
# Accept NFS traffic from wg0 # Accept NFS traffic from wg0
iptables -A nixos-fw -p tcp -i wg0 -s 10.106.0.0/24 --dport 111 -j nixos-fw-accept iptables -A nixos-fw -p tcp -i wg0 -s 10.106.0.0/24 --dport 111 -j nixos-fw-accept

4
m/bay/configuration.nix
View File

@@ -24,7 +24,7 @@
address = "10.0.40.40"; address = "10.0.40.40";
prefixLength = 24; prefixLength = 24;
} ]; } ];
interfaces.ibs785.ipv4.addresses = [ { interfaces.ibp5s0.ipv4.addresses = [ {
address = "10.0.42.40"; address = "10.0.42.40";
prefixLength = 24; prefixLength = 24;
} ]; } ];
@@ -35,7 +35,7 @@
# Accept monitoring requests from hut # Accept monitoring requests from hut
iptables -A nixos-fw -p tcp -s hut -m multiport --dport 9283,9002 -j nixos-fw-accept iptables -A nixos-fw -p tcp -s hut -m multiport --dport 9283,9002 -j nixos-fw-accept
# Accept all Ceph traffic from the local network # Accept all Ceph traffic from the local network
iptables -A nixos-fw -p tcp -s 10.0.40.0/21 -m multiport --dport 3300,6789,6800:7568 -j nixos-fw-accept iptables -A nixos-fw -p tcp -s 10.0.40.0/24 -m multiport --dport 3300,6789,6800:7568 -j nixos-fw-accept
''; '';
}; };
}; };

9
m/common/base/agenix.nix
View File

@@ -1,8 +1,9 @@
{ pkgs, ... }: { agenix, ... }:
{ {
imports = [ ../../module/agenix.nix ]; imports = [ agenix.nixosModules.default ];
# Add agenix to system packages environment.systemPackages = [
environment.systemPackages = [ pkgs.agenix ]; agenix.packages.x86_64-linux.default
];
} }

35
m/common/base/env.nix
View File

@@ -1,36 +1,11 @@
{ pkgs, ... }: { pkgs, config, ... }:
{ {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
cmake vim wget git htop tmux pciutils tcpdump ripgrep nix-index nixos-option
ethtool nix-diff ipmitool freeipmi ethtool lm_sensors cmake gnumake file tree
file ncdu config.boot.kernelPackages.perf ldns pv
freeipmi # From bsckgs overlay
git
gnumake
home-manager
htop
ipmitool
ldns
lm_sensors
ncdu
nix-diff
nix-index
nix-output-monitor
nixfmt-tree
nixos-option
pciutils
perf
pv
ripgrep
tcpdump
tmux
tree
vim
wget
# From jungle overlay
nixgen
osumb osumb
]; ];

40
m/common/base/users.nix
View File

@@ -139,7 +139,6 @@
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKGt0ESYxekBiHJQowmKpfdouw0hVm3N7tUMtAaeLejK vincent@varch" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKGt0ESYxekBiHJQowmKpfdouw0hVm3N7tUMtAaeLejK vincent@varch"
]; ];
shell = pkgs.zsh;
}; };
pmartin1 = { pmartin1 = {
@@ -181,45 +180,6 @@
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFmMqKqPg4uocNOr3O41kLbZMOMJn3m2ZdN1JvTR96z3 bsccns@arnau-bsc" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFmMqKqPg4uocNOr3O41kLbZMOMJn3m2ZdN1JvTR96z3 bsccns@arnau-bsc"
]; ];
}; };
aaguirre = {
uid = 9655;
isNormalUser = true;
home = "/home/Computational/aaguirre";
description = "Alejandro Aguirre";
group = "Computational";
hosts = [ "apex" "hut" ];
hashedPassword = "$6$TXRXQT6jjBvxkxU6$E.sh5KspAm1qeG5Ct7OPHpo8REmbGDwjFGvqeGgTVz3GASGOAnPL7UMZsMAsAKBoahOw.v8LNno6XGrTEPzZH1";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOlRX7ZCnqtUJYCxKgWmgSrFCYuA2LHY96rVwqxXPl86 aaguirre@BSC-8488184117"
];
};
emonteir = {
uid = 9656;
isNormalUser = true;
home = "/home/Computational/emonteir";
description = "Erwin Royson Monteiro";
group = "Computational";
hosts = [ "apex" "fox" ];
hashedPassword = "$6$0mU88zd3ZuK5NiJQ$DFWL5RMLH6esQM5UyhBCiiNryw4lDDmvJp7Usz3tmevnsiSJr6u0RsUKAnR/K8GRBFrV1.GocrgNjKjik5GY//";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOKZKot/Y3F5Wq9pQIXlCbyvQuVVeWMCsAC96Nd+LTcG erwin@Oreo"
];
};
ssanzmar = {
uid = 9657;
isNormalUser = true;
home = "/home/Computational/ssanzmar";
description = "Sergio Sanz Martínez";
group = "Computational";
hosts = [ "apex" "fox" ];
hashedPassword = "$6$HUjNDJeJMmNQ6M64$laXSOZcXg6o4v2r8Jm8Xj9kmqw7veCY32po3TVDPRR4WlyxvOeqwoKr4NjlUlPPpKN55Oot3ZYHi.9iNXsH5E1";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIELrsRRHXryrdA2ZBx5XmdGxL4DC5bmJydhBeTWQ0SQ sergio.sanz.martinez@estudiantat.upc.edu"
];
};
}; };
groups = { groups = {

2
m/common/base/watchdog.nix
View File

@@ -5,5 +5,5 @@
boot.kernelModules = [ "ipmi_watchdog" ]; boot.kernelModules = [ "ipmi_watchdog" ];
# Enable systemd watchdog with 30 s interval # Enable systemd watchdog with 30 s interval
systemd.settings.Manager.RuntimeWatchdogSec = 30; systemd.watchdog.runtimeTime = "30s";
} }

7
m/eudy/kernel/perf.nix
View File

@@ -1,6 +1,11 @@
{ pkgs, lib, ... }: { config, pkgs, lib, ... }:
{ {
# add the perf tool
environment.systemPackages = with pkgs; [
config.boot.kernelPackages.perf
];
# allow non-root users to read tracing data from the kernel # allow non-root users to read tracing data from the kernel
boot.kernel.sysctl."kernel.perf_event_paranoid" = -2; boot.kernel.sysctl."kernel.perf_event_paranoid" = -2;
boot.kernel.sysctl."kernel.kptr_restrict" = 0; boot.kernel.sysctl."kernel.kptr_restrict" = 0;

16
m/fox/configuration.nix
View File

@@ -93,4 +93,20 @@
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
serviceConfig.ExecStart = script; serviceConfig.ExecStart = script;
}; };
# Only allow SSH connections from users who have a SLURM allocation
# See: https://slurm.schedmd.com/pam_slurm_adopt.html
security.pam.services.sshd.rules.account.slurm = {
control = "required";
enable = true;
modulePath = "${pkgs.slurm}/lib/security/pam_slurm_adopt.so";
args = [ "log_level=debug5" ];
order = 999999; # Make it last one
};
# Disable systemd session (pam_systemd.so) as it will conflict with the
# pam_slurm_adopt.so module. What happens is that the shell is first adopted
# into the slurmstepd task and then into the systemd session, which is not
# what we want, otherwise it will linger even if all jobs are gone.
security.pam.services.sshd.startSession = lib.mkForce false;
} }

3
m/hut/configuration.nix
View File

@@ -17,7 +17,6 @@
./postgresql.nix ./postgresql.nix
./nginx.nix ./nginx.nix
./p.nix ./p.nix
./ompss2-timer.nix
#./pxe.nix #./pxe.nix
]; ];
@@ -45,7 +44,7 @@
address = "10.0.40.7"; address = "10.0.40.7";
prefixLength = 24; prefixLength = 24;
} ]; } ];
interfaces.ibs785.ipv4.addresses = [ { interfaces.ibp5s0.ipv4.addresses = [ {
address = "10.0.42.7"; address = "10.0.42.7";
prefixLength = 24; prefixLength = 24;
} ]; } ];

3
m/hut/gitea.nix
View File

@@ -29,9 +29,6 @@
}; };
}; };
# Allow gitea user to send mail
users.users.gitea.extraGroups = [ "mail-robot" ];
services.gitea-actions-runner.instances = { services.gitea-actions-runner.instances = {
runrun = { runrun = {
enable = true; enable = true;

5
m/hut/msmtp.nix
View File

@@ -1,11 +1,8 @@
{ config, lib, ... }: { config, lib, ... }:
{ {
# Robot user that can see the password to send mail from jungle-robot
users.groups.mail-robot = {};
age.secrets.jungleRobotPassword = { age.secrets.jungleRobotPassword = {
file = ../../secrets/jungle-robot-password.age; file = ../../secrets/jungle-robot-password.age;
group = "mail-robot"; group = "gitea";
mode = "440"; mode = "440";
}; };

4
m/hut/nginx.nix
View File

@@ -4,8 +4,8 @@ let
name = "jungle-web"; name = "jungle-web";
src = pkgs.fetchgit { src = pkgs.fetchgit {
url = "https://jungle.bsc.es/git/rarias/jungle-website.git"; url = "https://jungle.bsc.es/git/rarias/jungle-website.git";
rev = "5f18335d14126d2fef134c0cd441771436f7dfa1"; rev = "739bf0175a7f05380fe7ad7023ff1d60db1710e1";
hash = "sha256-s9VBF91sQ7hg9+lrwNFPYgoXTTyXaQcAulCiGJgWERo="; hash = "sha256-ea5DzhYTzZ9TmqD+x95rdNdLbxPnBluqlYH2NmBYmc4=";
}; };
buildInputs = [ pkgs.hugo ]; buildInputs = [ pkgs.hugo ];
buildPhase = '' buildPhase = ''

85
m/hut/ompss2-timer.nix
View File

@@ -1,85 +0,0 @@
{ config, pkgs, ... }:
{
systemd.timers = {
"ompss2-closing" = {
wantedBy = [ "timers.target" ];
timerConfig = {
Unit = "ompss2-closing.service";
OnCalendar = [ "*-03-15 07:00:00" "*-09-15 07:00:00"];
};
};
"ompss2-freeze" = {
wantedBy = [ "timers.target" ];
timerConfig = {
Unit = "ompss2-freeze.service";
OnCalendar = [ "*-04-15 07:00:00" "*-10-15 07:00:00" ];
};
};
"ompss2-release" = {
wantedBy = [ "timers.target" ];
timerConfig = {
Unit = "ompss2-release.service";
OnCalendar = [ "*-05-15 07:00:00" "*-11-15 07:00:00" ];
};
};
};
systemd.services =
let
closing = pkgs.writeText "closing.txt"
''
Subject: OmpSs-2 release enters closing period
Hi,
You have one month to merge the remaining features for the next OmpSs-2
release. Please, identify what needs to be merged and discuss it in the next
OmpSs-2 meeting.
Thanks!,
Jungle robot
'';
freeze = pkgs.writeText "freeze.txt"
''
Subject: OmpSs-2 release enters freeze period
Hi,
The period to introduce new features or breaking changes is over, only bug
fixes are allowed now. During this time, please prepare the release notes
to be included in the next OmpSs-2 release.
Thanks!,
Jungle robot
'';
release = pkgs.writeText "release.txt"
''
Subject: OmpSs-2 release now
Hi,
The period to introduce bug fixes is now over. Please, proceed to do the
OmpSs-2 release.
Thanks!,
Jungle robot
'';
mkServ = name: mail: {
"ompss2-${name}" = {
script = ''
set -eu
set -o pipefail
cat ${mail} | ${config.security.wrapperDir}/sendmail star@bsc.es
'';
serviceConfig = {
Type = "oneshot";
DynamicUser = true;
Group = "mail-robot";
};
};
};
in
(mkServ "closing" closing) //
(mkServ "freeze" freeze) //
(mkServ "release" release);
}

4
m/lake2/configuration.nix
View File

@@ -46,7 +46,7 @@
address = "10.0.40.42"; address = "10.0.40.42";
prefixLength = 24; prefixLength = 24;
} ]; } ];
interfaces.ibs785.ipv4.addresses = [ { interfaces.ibp5s0.ipv4.addresses = [ {
address = "10.0.42.42"; address = "10.0.42.42";
prefixLength = 24; prefixLength = 24;
} ]; } ];
@@ -57,7 +57,7 @@
# Accept monitoring requests from hut # Accept monitoring requests from hut
iptables -A nixos-fw -p tcp -s hut --dport 9002 -j nixos-fw-accept iptables -A nixos-fw -p tcp -s hut --dport 9002 -j nixos-fw-accept
# Accept all Ceph traffic from the local network # Accept all Ceph traffic from the local network
iptables -A nixos-fw -p tcp -s 10.0.40.0/21 -m multiport --dport 3300,6789,6800:7568 -j nixos-fw-accept iptables -A nixos-fw -p tcp -s 10.0.40.0/24 -m multiport --dport 3300,6789,6800:7568 -j nixos-fw-accept
''; '';
}; };
}; };

357
m/module/agenix.nix
View File

@@ -1,357 +0,0 @@
{
config,
options,
lib,
pkgs,
...
}:
with lib;
let
cfg = config.age;
isDarwin = lib.attrsets.hasAttrByPath [ "environment" "darwinConfig" ] options;
ageBin = config.age.ageBin;
users = config.users.users;
sysusersEnabled =
if isDarwin then
false
else
options.systemd ? sysusers && (config.systemd.sysusers.enable || config.services.userborn.enable);
mountCommand =
if isDarwin then
''
if ! diskutil info "${cfg.secretsMountPoint}" &> /dev/null; then
num_sectors=1048576
dev=$(hdiutil attach -nomount ram://"$num_sectors" | sed 's/[[:space:]]*$//')
newfs_hfs -v agenix "$dev"
mount -t hfs -o nobrowse,nodev,nosuid,-m=0751 "$dev" "${cfg.secretsMountPoint}"
fi
''
else
''
grep -q "${cfg.secretsMountPoint} ramfs" /proc/mounts ||
mount -t ramfs none "${cfg.secretsMountPoint}" -o nodev,nosuid,mode=0751
'';
newGeneration = ''
_agenix_generation="$(basename "$(readlink ${cfg.secretsDir})" || echo 0)"
(( ++_agenix_generation ))
echo "[agenix] creating new generation in ${cfg.secretsMountPoint}/$_agenix_generation"
mkdir -p "${cfg.secretsMountPoint}"
chmod 0751 "${cfg.secretsMountPoint}"
${mountCommand}
mkdir -p "${cfg.secretsMountPoint}/$_agenix_generation"
chmod 0751 "${cfg.secretsMountPoint}/$_agenix_generation"
'';
chownGroup = if isDarwin then "admin" else "keys";
# chown the secrets mountpoint and the current generation to the keys group
# instead of leaving it root:root.
chownMountPoint = ''
chown :${chownGroup} "${cfg.secretsMountPoint}" "${cfg.secretsMountPoint}/$_agenix_generation"
'';
setTruePath = secretType: ''
${
if secretType.symlink then
''
_truePath="${cfg.secretsMountPoint}/$_agenix_generation/${secretType.name}"
''
else
''
_truePath="${secretType.path}"
''
}
'';
installSecret = secretType: ''
${setTruePath secretType}
echo "decrypting '${secretType.file}' to '$_truePath'..."
TMP_FILE="$_truePath.tmp"
IDENTITIES=()
for identity in ${toString cfg.identityPaths}; do
test -r "$identity" || continue
test -s "$identity" || continue
IDENTITIES+=(-i)
IDENTITIES+=("$identity")
done
test "''${#IDENTITIES[@]}" -eq 0 && echo "[agenix] WARNING: no readable identities found!"
mkdir -p "$(dirname "$_truePath")"
[ "${secretType.path}" != "${cfg.secretsDir}/${secretType.name}" ] && mkdir -p "$(dirname "${secretType.path}")"
(
umask u=r,g=,o=
test -f "${secretType.file}" || echo '[agenix] WARNING: encrypted file ${secretType.file} does not exist!'
test -d "$(dirname "$TMP_FILE")" || echo "[agenix] WARNING: $(dirname "$TMP_FILE") does not exist!"
LANG=${
config.i18n.defaultLocale or "C"
} ${ageBin} --decrypt "''${IDENTITIES[@]}" -o "$TMP_FILE" "${secretType.file}"
)
chmod ${secretType.mode} "$TMP_FILE"
mv -f "$TMP_FILE" "$_truePath"
${optionalString secretType.symlink ''
[ "${secretType.path}" != "${cfg.secretsDir}/${secretType.name}" ] && ln -sfT "${cfg.secretsDir}/${secretType.name}" "${secretType.path}"
''}
'';
testIdentities = map (path: ''
test -f ${path} || echo '[agenix] WARNING: config.age.identityPaths entry ${path} not present!'
'') cfg.identityPaths;
cleanupAndLink = ''
_agenix_generation="$(basename "$(readlink ${cfg.secretsDir})" || echo 0)"
(( ++_agenix_generation ))
echo "[agenix] symlinking new secrets to ${cfg.secretsDir} (generation $_agenix_generation)..."
ln -sfT "${cfg.secretsMountPoint}/$_agenix_generation" ${cfg.secretsDir}
(( _agenix_generation > 1 )) && {
echo "[agenix] removing old secrets (generation $(( _agenix_generation - 1 )))..."
rm -rf "${cfg.secretsMountPoint}/$(( _agenix_generation - 1 ))"
}
'';
installSecrets = builtins.concatStringsSep "\n" (
[ "echo '[agenix] decrypting secrets...'" ]
++ testIdentities
++ (map installSecret (builtins.attrValues cfg.secrets))
++ [ cleanupAndLink ]
);
chownSecret = secretType: ''
${setTruePath secretType}
chown ${secretType.owner}:${secretType.group} "$_truePath"
'';
chownSecrets = builtins.concatStringsSep "\n" (
[ "echo '[agenix] chowning...'" ]
++ [ chownMountPoint ]
++ (map chownSecret (builtins.attrValues cfg.secrets))
);
secretType = types.submodule (
{ config, ... }:
{
options = {
name = mkOption {
type = types.str;
default = config._module.args.name;
defaultText = literalExpression "config._module.args.name";
description = ''
Name of the file used in {option}`age.secretsDir`
'';
};
file = mkOption {
type = types.path;
description = ''
Age file the secret is loaded from.
'';
};
path = mkOption {
type = types.str;
default = "${cfg.secretsDir}/${config.name}";
defaultText = literalExpression ''
"''${cfg.secretsDir}/''${config.name}"
'';
description = ''
Path where the decrypted secret is installed.
'';
};
mode = mkOption {
type = types.str;
default = "0400";
description = ''
Permissions mode of the decrypted secret in a format understood by chmod.
'';
};
owner = mkOption {
type = types.str;
default = "0";
description = ''
User of the decrypted secret.
'';
};
group = mkOption {
type = types.str;
default = users.${config.owner}.group or "0";
defaultText = literalExpression ''
users.''${config.owner}.group or "0"
'';
description = ''
Group of the decrypted secret.
'';
};
symlink = mkEnableOption "symlinking secrets to their destination" // {
default = true;
};
};
}
);
in
{
imports = [
(mkRenamedOptionModule [ "age" "sshKeyPaths" ] [ "age" "identityPaths" ])
];
options.age = {
ageBin = mkOption {
type = types.str;
default = "${pkgs.age}/bin/age";
defaultText = literalExpression ''
"''${pkgs.age}/bin/age"
'';
description = ''
The age executable to use.
'';
};
secrets = mkOption {
type = types.attrsOf secretType;
default = { };
description = ''
Attrset of secrets.
'';
};
secretsDir = mkOption {
type = types.path;
default = "/run/agenix";
description = ''
Folder where secrets are symlinked to
'';
};
secretsMountPoint = mkOption {
type =
types.addCheck types.str (
s:
(builtins.match "[ \t\n]*" s) == null # non-empty
&& (builtins.match ".+/" s) == null
) # without trailing slash
// {
description = "${types.str.description} (with check: non-empty without trailing slash)";
};
default = "/run/agenix.d";
description = ''
Where secrets are created before they are symlinked to {option}`age.secretsDir`
'';
};
identityPaths = mkOption {
type = types.listOf types.path;
default =
if isDarwin then
[
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_rsa_key"
]
else if (config.services.openssh.enable or false) then
map (e: e.path) (
lib.filter (e: e.type == "rsa" || e.type == "ed25519") config.services.openssh.hostKeys
)
else
[ ];
defaultText = literalExpression ''
if isDarwin
then [
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_rsa_key"
]
else if (config.services.openssh.enable or false)
then map (e: e.path) (lib.filter (e: e.type == "rsa" || e.type == "ed25519") config.services.openssh.hostKeys)
else [];
'';
description = ''
Path to SSH keys to be used as identities in age decryption.
'';
};
};
config = mkIf (cfg.secrets != { }) (mkMerge [
{
assertions = [
{
assertion = cfg.identityPaths != [ ];
message = "age.identityPaths must be set, for example by enabling openssh.";
}
];
}
(optionalAttrs (!isDarwin) {
# When using sysusers we no longer be started as an activation script
# because those are started in initrd while sysusers is started later.
systemd.services.agenix-install-secrets = mkIf sysusersEnabled {
wantedBy = [ "sysinit.target" ];
after = [ "systemd-sysusers.service" ];
unitConfig.DefaultDependencies = "no";
path = [ pkgs.mount ];
serviceConfig = {
Type = "oneshot";
ExecStart = pkgs.writeShellScript "agenix-install" (concatLines [
newGeneration
installSecrets
chownSecrets
]);
RemainAfterExit = true;
};
};
# Create a new directory full of secrets for symlinking (this helps
# ensure removed secrets are actually removed, or at least become
# invalid symlinks).
system.activationScripts = mkIf (!sysusersEnabled) {
agenixNewGeneration = {
text = newGeneration;
deps = [
"specialfs"
];
};
agenixInstall = {
text = installSecrets;
deps = [
"agenixNewGeneration"
"specialfs"
];
};
# So user passwords can be encrypted.
users.deps = [ "agenixInstall" ];
# Change ownership and group after users and groups are made.
agenixChown = {
text = chownSecrets;
deps = [
"users"
"groups"
];
};
# So other activation scripts can depend on agenix being done.
agenix = {
text = "";
deps = [ "agenixChown" ];
};
};
})
(optionalAttrs isDarwin {
launchd.daemons.activate-agenix = {
script = ''
set -e
set -o pipefail
export PATH="${pkgs.gnugrep}/bin:${pkgs.coreutils}/bin:@out@/sw/bin:/usr/bin:/bin:/usr/sbin:/sbin"
${newGeneration}
${installSecrets}
${chownSecrets}
exit 0
'';
serviceConfig = {
RunAtLoad = true;
KeepAlive.SuccessfulExit = false;
};
};
})
]);
}

9
m/module/debuginfod.nix
View File

@@ -1,10 +1,3 @@
{ {
services.nixseparatedebuginfod2 = { services.nixseparatedebuginfod.enable = true;
enable = true;
substituters = [
"local:"
"https://cache.nixos.org"
"http://hut/cache"
];
};
} }

18
m/module/slurm-client.nix
View File

@@ -1,4 +1,4 @@
{ lib, pkgs, ... }: { lib, ... }:
{ {
imports = [ imports = [
@@ -21,20 +21,4 @@
}; };
services.slurm.client.enable = true; services.slurm.client.enable = true;
# Only allow SSH connections from users who have a SLURM allocation
# See: https://slurm.schedmd.com/pam_slurm_adopt.html
security.pam.services.sshd.rules.account.slurm = {
control = "required";
enable = true;
modulePath = "${pkgs.slurm}/lib/security/pam_slurm_adopt.so";
args = [ "log_level=debug5" ];
order = 999999; # Make it last one
};
# Disable systemd session (pam_systemd.so) as it will conflict with the
# pam_slurm_adopt.so module. What happens is that the shell is first adopted
# into the slurmstepd task and then into the systemd session, which is not
# what we want, otherwise it will linger even if all jobs are gone.
security.pam.services.sshd.startSession = lib.mkForce false;
} }

41
m/module/slurm-common.nix
View File

@@ -1,6 +1,31 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ let
suspendProgram = pkgs.writeShellScript "suspend.sh" ''
exec 1>>/var/log/power_save.log 2>>/var/log/power_save.log
set -x
export "PATH=/run/current-system/sw/bin:$PATH"
echo "$(date) Suspend invoked $0 $*" >> /var/log/power_save.log
hosts=$(scontrol show hostnames $1)
for host in $hosts; do
echo Shutting down host: $host
ipmitool -I lanplus -H ''${host}-ipmi -P "" -U "" chassis power off
done
'';
resumeProgram = pkgs.writeShellScript "resume.sh" ''
exec 1>>/var/log/power_save.log 2>>/var/log/power_save.log
set -x
export "PATH=/run/current-system/sw/bin:$PATH"
echo "$(date) Suspend invoked $0 $*" >> /var/log/power_save.log
hosts=$(scontrol show hostnames $1)
for host in $hosts; do
echo Starting host: $host
ipmitool -I lanplus -H ''${host}-ipmi -P "" -U "" chassis power on
done
'';
in {
services.slurm = { services.slurm = {
controlMachine = "apex"; controlMachine = "apex";
clusterName = "jungle"; clusterName = "jungle";
@@ -34,6 +59,16 @@
# the resources. Use the task/cgroup plugin to enable process containment. # the resources. Use the task/cgroup plugin to enable process containment.
TaskPlugin=task/affinity,task/cgroup TaskPlugin=task/affinity,task/cgroup
# Power off unused nodes until they are requested
SuspendProgram=${suspendProgram}
SuspendTimeout=60
ResumeProgram=${resumeProgram}
ResumeTimeout=300
SuspendExcNodes=fox
# Turn the nodes off after 1 hour of inactivity
SuspendTime=3600
# Reduce port range so we can allow only this range in the firewall # Reduce port range so we can allow only this range in the firewall
SrunPortRange=60000-61000 SrunPortRange=60000-61000
@@ -51,7 +86,9 @@
# when a task runs (srun) so we can ssh early. # when a task runs (srun) so we can ssh early.
PrologFlags=Alloc,Contain,X11 PrologFlags=Alloc,Contain,X11
LaunchParameters=use_interactive_step # LaunchParameters=ulimit_pam_adopt will set RLIMIT_RSS in processes
# adopted by the external step, similar to tasks running in regular steps
# LaunchParameters=ulimit_pam_adopt
SlurmdDebug=debug5 SlurmdDebug=debug5
#DebugFlags=Protocol,Cgroup #DebugFlags=Protocol,Cgroup
''; '';

27
m/module/tc1-board.nix
View File

@@ -1,27 +0,0 @@
{ lib, pkgs, ... }:
{
# Allow user access to FTDI USB device
services.udev.packages = lib.singleton (pkgs.writeTextFile {
# Needs to be < 73
name = "60-ftdi-tc1.rules";
text = ''
# Bus 003 Device 003: ID 0403:6011 Future Technology Devices International, Ltd FT4232H Quad HS USB-UART/FIFO IC
# Use := to make sure it doesn't get changed later
SUBSYSTEMS=="usb", ATTRS{idVendor}=="0403", ATTRS{idProduct}=="6011", MODE:="0666"
'';
destination = "/etc/udev/rules.d/60-ftdi-tc1.rules";
});
# Allow access to USB for docker in GitLab runner
services.gitlab-runner = {
services.gitlab-bsc-docker = {
registrationFlags = [
# We need raw access to the USB port to reboot the board
"--docker-devices /dev/bus/usb/003/003"
# And TTY access for the serial port
"--docker-devices /dev/ttyUSB2"
];
};
};
}

2
m/owl1/configuration.nix
View File

@@ -20,7 +20,7 @@
address = "10.0.40.1"; address = "10.0.40.1";
prefixLength = 24; prefixLength = 24;
} ]; } ];
interfaces.ibs785.ipv4.addresses = [ { interfaces.ibp5s0.ipv4.addresses = [ {
address = "10.0.42.1"; address = "10.0.42.1";
prefixLength = 24; prefixLength = 24;
} ]; } ];

2
m/owl2/configuration.nix
View File

@@ -21,7 +21,7 @@
prefixLength = 24; prefixLength = 24;
} ]; } ];
# Watch out! The OmniPath device is not in the same place here: # Watch out! The OmniPath device is not in the same place here:
interfaces.ibs801.ipv4.addresses = [ { interfaces.ibp129s0.ipv4.addresses = [ {
address = "10.0.42.2"; address = "10.0.42.2";
prefixLength = 24; prefixLength = 24;
} ]; } ];

9
m/tent/configuration.nix
View File

@@ -16,8 +16,6 @@
../module/p.nix ../module/p.nix
../module/vpn-dac.nix ../module/vpn-dac.nix
../module/hut-substituter.nix ../module/hut-substituter.nix
../module/tc1-board.nix
../module/ceph.nix
]; ];
# Select the this using the ID to avoid mismatches # Select the this using the ID to avoid mismatches
@@ -65,13 +63,6 @@
fsType = "ext4"; fsType = "ext4";
}; };
# Mount the NFS home
fileSystems."/nfs/home" = {
device = "10.106.0.30:/home";
fsType = "nfs";
options = [ "nfsvers=3" "rsize=1024" "wsize=1024" "cto" "nofail" ];
};
# Make a /vault/$USER directory for each user. # Make a /vault/$USER directory for each user.
systemd.services.create-vault-dirs = let systemd.services.create-vault-dirs = let
# Take only normal users in tent # Take only normal users in tent

52
m/tent/gitea.nix
View File

@@ -1,7 +1,4 @@
{ config, lib, ... }: { config, lib, ... }:
let
cfg = config.services.gitea;
in
{ {
services.gitea = { services.gitea = {
enable = true; enable = true;
@@ -29,54 +26,5 @@ in
SENDMAIL_ARGS = "--"; SENDMAIL_ARGS = "--";
}; };
}; };
dump = {
enable = false; # Do not enable NixOS module, use our custom systemd script below
backupDir = "/vault/backup/gitea";
};
}; };
systemd.services.gitea-backup = let
exe = lib.getExe cfg.package;
in {
description = "Gitea daily backup";
after = [ "gitea.service" ];
path = [ cfg.package ];
environment = {
USER = cfg.user;
HOME = cfg.stateDir;
GITEA_WORK_DIR = cfg.stateDir;
GITEA_CUSTOM = cfg.customDir;
};
serviceConfig = {
Type = "oneshot";
User = cfg.user;
WorkingDirectory = cfg.dump.backupDir;
};
script = ''
name="gitea-dump-$(date +%a).${cfg.dump.type}"
${exe} dump --type ${cfg.dump.type} --file - >"$name.tmp"
mv "$name.tmp" "$name"
cp "$name" "/ceph/backup/gitea/$name"
'';
};
# Create also the /ceph directories if needed
systemd.tmpfiles.rules = [
"d /ceph/backup/gitea/ 0750 ${cfg.user} ${cfg.group} - -"
"z /ceph/backup/gitea/ 0750 ${cfg.user} ${cfg.group} - -"
];
systemd.timers.gitea-backup = {
description = "Update timer for gitea-backup";
partOf = [ "gitea-backup.service" ];
wantedBy = [ "timers.target" ];
timerConfig.OnCalendar = cfg.dump.interval;
};
# Allow gitea user to send mail
users.users.gitea.extraGroups = [ "mail-robot" ];
} }

1
m/tent/gitlab-runner.nix
View File

@@ -43,7 +43,6 @@
registrationFlags = [ registrationFlags = [
# Increase build log length to 64 MiB # Increase build log length to 64 MiB
"--output-limit 65536" "--output-limit 65536"
"--docker-network-mode host"
]; ];
preBuildScript = pkgs.writeScript "setup-container" '' preBuildScript = pkgs.writeScript "setup-container" ''
mkdir -p -m 0755 /nix/var/log/nix/drvs mkdir -p -m 0755 /nix/var/log/nix/drvs

4
m/tent/nginx.nix
View File

@@ -4,8 +4,8 @@ let
name = "jungle-web"; name = "jungle-web";
src = pkgs.fetchgit { src = pkgs.fetchgit {
url = "https://jungle.bsc.es/git/rarias/jungle-website.git"; url = "https://jungle.bsc.es/git/rarias/jungle-website.git";
rev = "5f18335d14126d2fef134c0cd441771436f7dfa1"; rev = "739bf0175a7f05380fe7ad7023ff1d60db1710e1";
hash = "sha256-s9VBF91sQ7hg9+lrwNFPYgoXTTyXaQcAulCiGJgWERo="; hash = "sha256-ea5DzhYTzZ9TmqD+x95rdNdLbxPnBluqlYH2NmBYmc4=";
}; };
buildInputs = [ pkgs.hugo ]; buildInputs = [ pkgs.hugo ];
buildPhase = '' buildPhase = ''

2
m/weasel/configuration.nix
View File

@@ -25,7 +25,7 @@
address = "10.0.40.6"; address = "10.0.40.6";
prefixLength = 24; prefixLength = 24;
} ]; } ];
interfaces.ibs785.ipv4.addresses = [ { interfaces.ibp5s0.ipv4.addresses = [ {
address = "10.0.42.6"; address = "10.0.42.6";
prefixLength = 24; prefixLength = 24;
} ]; } ];

61
overlay.nix
View File

@@ -7,7 +7,6 @@ let
callPackage = final.callPackage; callPackage = final.callPackage;
bscPkgs = { bscPkgs = {
agenix = prev.callPackage ./pkgs/agenix/default.nix { };
amd-uprof = prev.callPackage ./pkgs/amd-uprof/default.nix { }; amd-uprof = prev.callPackage ./pkgs/amd-uprof/default.nix { };
bench6 = callPackage ./pkgs/bench6/default.nix { }; bench6 = callPackage ./pkgs/bench6/default.nix { };
bigotes = callPackage ./pkgs/bigotes/default.nix { }; bigotes = callPackage ./pkgs/bigotes/default.nix { };
@@ -19,12 +18,7 @@ let
cudainfo = prev.callPackage ./pkgs/cudainfo/default.nix { }; cudainfo = prev.callPackage ./pkgs/cudainfo/default.nix { };
#extrae = callPackage ./pkgs/extrae/default.nix { }; # Broken and outdated #extrae = callPackage ./pkgs/extrae/default.nix { }; # Broken and outdated
gpi-2 = callPackage ./pkgs/gpi-2/default.nix { }; gpi-2 = callPackage ./pkgs/gpi-2/default.nix { };
gromacs = callPackage ./pkgs/gromacs/default.nix { enableSYCL = true; };
intel-apt = callPackage ./pkgs/intel-oneapi/packages.nix { };
intelPackages_2023 = callPackage ./pkgs/intel-oneapi/2023.nix { }; intelPackages_2023 = callPackage ./pkgs/intel-oneapi/2023.nix { };
intelPackages_2024 = final.intel-apt.hpckit_2024;
intelPackages_2025 = final.intel-apt.hpckit_2025;
intelPackages = final.intelPackages_2025;
jemallocNanos6 = callPackage ./pkgs/nanos6/jemalloc.nix { }; jemallocNanos6 = callPackage ./pkgs/nanos6/jemalloc.nix { };
# FIXME: Extend this to all linuxPackages variants. Open problem, see: # FIXME: Extend this to all linuxPackages variants. Open problem, see:
# https://discourse.nixos.org/t/whats-the-right-way-to-make-a-custom-kernel-module-available/4636 # https://discourse.nixos.org/t/whats-the-right-way-to-make-a-custom-kernel-module-available/4636
@@ -35,41 +29,27 @@ let
amd-uprof-driver = _prev.callPackage ./pkgs/amd-uprof/driver.nix { }; amd-uprof-driver = _prev.callPackage ./pkgs/amd-uprof/driver.nix { };
}); });
lmbench = callPackage ./pkgs/lmbench/default.nix { }; lmbench = callPackage ./pkgs/lmbench/default.nix { };
# Broken and unmantained mcxx = callPackage ./pkgs/mcxx/default.nix { };
# mcxx = callPackage ./pkgs/mcxx/default.nix { };
meteocat-exporter = prev.callPackage ./pkgs/meteocat-exporter/default.nix { }; meteocat-exporter = prev.callPackage ./pkgs/meteocat-exporter/default.nix { };
mpi = final.mpich; # Set MPICH as default mpi = final.mpich; # Set MPICH as default
mpich = callPackage ./pkgs/mpich/default.nix { mpich = prev.mpich; }; mpich = callPackage ./pkgs/mpich/default.nix { mpich = prev.mpich; };
nanos6 = callPackage ./pkgs/nanos6/default.nix { }; nanos6 = callPackage ./pkgs/nanos6/default.nix { };
nanos6Debug = final.nanos6.override { enableDebug = true; }; nanos6Debug = final.nanos6.override { enableDebug = true; };
nixtools = callPackage ./pkgs/nixtools/default.nix { }; nixtools = callPackage ./pkgs/nixtools/default.nix { };
nixgen = callPackage ./pkgs/nixgen/default.nix { };
# Broken because of pkgsStatic.libcap # Broken because of pkgsStatic.libcap
# See: https://github.com/NixOS/nixpkgs/pull/268791 # See: https://github.com/NixOS/nixpkgs/pull/268791
#nix-wrap = callPackage ./pkgs/nix-wrap/default.nix { }; #nix-wrap = callPackage ./pkgs/nix-wrap/default.nix { };
nodes = callPackage ./pkgs/nodes/default.nix { }; nodes = callPackage ./pkgs/nodes/default.nix { };
nosv = callPackage ./pkgs/nosv/default.nix { }; nosv = callPackage ./pkgs/nosv/default.nix { };
oneMath = callPackage ./pkgs/onemath/default.nix { };
openmp = callPackage ./pkgs/llvm-ompss2/openmp.nix { monorepoSrc = final.clangOmpss2Unwrapped.src; version = final.clangOmpss2Unwrapped.version; }; openmp = callPackage ./pkgs/llvm-ompss2/openmp.nix { monorepoSrc = final.clangOmpss2Unwrapped.src; version = final.clangOmpss2Unwrapped.version; };
openmpv = final.openmp.override { enableNosv = true; enableOvni = true; }; openmpv = final.openmp.override { enableNosv = true; enableOvni = true; };
osumb = callPackage ./pkgs/osu/default.nix { }; osumb = callPackage ./pkgs/osu/default.nix { };
ovni = callPackage ./pkgs/ovni/default.nix { }; ovni = callPackage ./pkgs/ovni/default.nix { };
ovniGit = final.ovni.override { useGit = true; }; ovniGit = final.ovni.override { useGit = true; };
paraverKernel = callPackage ./pkgs/paraver/kernel.nix { }; paraverKernel = callPackage ./pkgs/paraver/kernel.nix { };
pocl = callPackage ./pkgs/pocl/default.nix { };
pocl-unpublished = callPackage ./pkgs/pocl/default.nix {
gitUrl = "git@github.com:pocl/unpublished.git";
gitBranch = "loopvec-next";
gitCommit = "74f7e2b5644b1c5598205c8cac1914bb4c5dadec";
enableNOSV = false;
enableOVNI = false;
};
pocl-noicd = callPackage ./pkgs/pocl/default.nix { enableICD = false; };
prometheus-slurm-exporter = prev.callPackage ./pkgs/slurm-exporter/default.nix { }; prometheus-slurm-exporter = prev.callPackage ./pkgs/slurm-exporter/default.nix { };
#pscom = callPackage ./pkgs/parastation/pscom.nix { }; # Unmaintaned #pscom = callPackage ./pkgs/parastation/pscom.nix { }; # Unmaintaned
#psmpi = callPackage ./pkgs/parastation/psmpi.nix { }; # Unmaintaned #psmpi = callPackage ./pkgs/parastation/psmpi.nix { }; # Unmaintaned
rodinia = callPackage ./pkgs/rodinia/default.nix { };
slurm = import ./pkgs/slurm/default.nix { slurm = prev.slurm; };
sonar = callPackage ./pkgs/sonar/default.nix { }; sonar = callPackage ./pkgs/sonar/default.nix { };
stdenvClangOmpss2 = final.stdenv.override { cc = final.clangOmpss2; allowedRequisites = null; }; stdenvClangOmpss2 = final.stdenv.override { cc = final.clangOmpss2; allowedRequisites = null; };
stdenvClangOmpss2Nanos6 = final.stdenv.override { cc = final.clangOmpss2Nanos6; allowedRequisites = null; }; stdenvClangOmpss2Nanos6 = final.stdenv.override { cc = final.clangOmpss2Nanos6; allowedRequisites = null; };
@@ -77,8 +57,6 @@ let
stdenvClangOmpss2NodesOmpv = final.stdenv.override { cc = final.clangOmpss2NodesOmpv; allowedRequisites = null; }; stdenvClangOmpss2NodesOmpv = final.stdenv.override { cc = final.clangOmpss2NodesOmpv; allowedRequisites = null; };
tagaspi = callPackage ./pkgs/tagaspi/default.nix { }; tagaspi = callPackage ./pkgs/tagaspi/default.nix { };
tampi = callPackage ./pkgs/tampi/default.nix { }; tampi = callPackage ./pkgs/tampi/default.nix { };
tasycl = callPackage ./pkgs/tasycl/default.nix { };
tasycl-acpp = callPackage ./pkgs/tasycl/default.nix { useIntel = false; };
upc-qaire-exporter = prev.callPackage ./pkgs/upc-qaire-exporter/default.nix { }; upc-qaire-exporter = prev.callPackage ./pkgs/upc-qaire-exporter/default.nix { };
wxparaver = callPackage ./pkgs/paraver/default.nix { }; wxparaver = callPackage ./pkgs/paraver/default.nix { };
}; };
@@ -88,13 +66,6 @@ let
#sigsegv = callPackage ./test/reproducers/sigsegv.nix { }; #sigsegv = callPackage ./test/reproducers/sigsegv.nix { };
hello-c = callPackage ./test/compilers/hello-c.nix { }; hello-c = callPackage ./test/compilers/hello-c.nix { };
hello-cpp = callPackage ./test/compilers/hello-cpp.nix { }; hello-cpp = callPackage ./test/compilers/hello-cpp.nix { };
hello-sycl = callPackage ./test/compilers/hello-sycl.nix { };
hello-syclompss = callPackage ./test/compilers/icpx-ompss2.nix { };
hello-sycl-pocl = (callPackage ./test/compilers/hello-sycl.nix { }).withPocl;
hello-sycl-intel = (callPackage ./test/compilers/hello-sycl.nix { }).withIntel;
hello-syclompss-pocl = (callPackage ./test/compilers/icpx-ompss2.nix { }).withPocl;
hello-syclompss-intel = (callPackage ./test/compilers/icpx-ompss2.nix { }).withIntel;
lto = callPackage ./test/compilers/lto.nix { }; lto = callPackage ./test/compilers/lto.nix { };
asan = callPackage ./test/compilers/asan.nix { }; asan = callPackage ./test/compilers/asan.nix { };
intel2023-icx-c = hello-c.override { stdenv = final.intelPackages_2023.stdenv; }; intel2023-icx-c = hello-c.override { stdenv = final.intelPackages_2023.stdenv; };
@@ -104,13 +75,6 @@ let
intel2023-ifort = callPackage ./test/compilers/hello-f.nix { intel2023-ifort = callPackage ./test/compilers/hello-f.nix {
stdenv = final.intelPackages_2023.stdenv-ifort; stdenv = final.intelPackages_2023.stdenv-ifort;
}; };
intel2024-icx-c = hello-c.override { stdenv = final.intelPackages_2024.stdenv; };
intel2025-icx-c = hello-c.override { stdenv = final.intelPackages_2025.stdenv; };
intel2024-icx-cpp = hello-cpp.override { stdenv = final.intelPackages_2024.stdenv; };
intel2025-icx-cpp = hello-cpp.override { stdenv = final.intelPackages_2025.stdenv; };
# intel2023-sycl = hello-sycl.override { intelPackages = final.intelPackages_2023; }; # broken
intel2024-sycl = hello-sycl.override { intelPackages = final.intelPackages_2024; };
intel2025-sycl = hello-sycl.override { intelPackages = final.intelPackages_2025; };
clangOmpss2-lto = lto.override { stdenv = final.stdenvClangOmpss2Nanos6; }; clangOmpss2-lto = lto.override { stdenv = final.stdenvClangOmpss2Nanos6; };
clangOmpss2-asan = asan.override { stdenv = final.stdenvClangOmpss2Nanos6; }; clangOmpss2-asan = asan.override { stdenv = final.stdenvClangOmpss2Nanos6; };
clangOmpss2-task = callPackage ./test/compilers/ompss2.nix { clangOmpss2-task = callPackage ./test/compilers/ompss2.nix {
@@ -128,31 +92,20 @@ let
clangNosvOmpv-ld = callPackage ./test/compilers/clang-openmp-ld.nix { clangNosvOmpv-ld = callPackage ./test/compilers/clang-openmp-ld.nix {
stdenv = final.stdenvClangOmpss2NodesOmpv; stdenv = final.stdenvClangOmpss2NodesOmpv;
}; };
ocl-build = callPackage ./test/compilers/opencl.nix { };
ocl-build-noicd = callPackage ./test/compilers/opencl.nix { ocl-icd = final.pocl-noicd; };
pocl = callPackage ./test/compilers/pocl.nix { };
ocl-run-pocl = ocl-build.test-icd;
ocl-run-pocl-noicd = ocl-build-noicd.test-noicd;
sycl-ls = callPackage ./test/compilers/sycl-ls.nix { };
}; };
# For now, only build toplevel packages in CI/Hydra # For now, only build toplevel packages in CI/Hydra
pkgsTopLevel = filterAttrs (_: isDerivation) bscPkgs; pkgsTopLevel = filterAttrs (_: isDerivation) bscPkgs;
# Native build in that platform doesn't imply cross build works # Native build in that platform doesn't imply cross build works
canCrossCompile = platform: default: pkg: canCrossCompile = platform: pkg:
(isDerivation pkg) && (isDerivation pkg) &&
# If meta.cross is undefined, use default # Must be defined explicitly
(pkg.meta.cross or default) && (pkg.meta.cross or false) &&
(meta.availableOn final.pkgsCross.${platform}.stdenv.hostPlatform pkg); (meta.availableOn platform pkg);
# For now only RISC-V # For now only RISC-V
crossSet = genAttrs [ "riscv64" ] (platform: crossSet = { riscv64 = final.pkgsCross.riscv64.bsc.pkgsTopLevel; };
filterAttrs (_: canCrossCompile platform true)
final.pkgsCross.${platform}.bsc.pkgsTopLevel);
buildList = name: paths: buildList = name: paths:
final.runCommandLocal name { } '' final.runCommandLocal name { } ''
@@ -172,7 +125,7 @@ let
# For now only RISC-V # For now only RISC-V
crossList = buildList "ci-cross" crossList = buildList "ci-cross"
(filter (filter
(canCrossCompile "riscv64" false) # opt-in (pkgs with: meta.cross = true) (canCrossCompile final.pkgsCross.riscv64.stdenv.hostPlatform)
(builtins.attrValues crossSet.riscv64)); (builtins.attrValues crossSet.riscv64));
in bscPkgs // { in bscPkgs // {

212
pkgs/agenix/agenix.sh
View File

@@ -1,212 +0,0 @@
#!/usr/bin/env bash
set -Eeuo pipefail
PACKAGE="agenix"
function show_help () {
echo "$PACKAGE - edit and rekey age secret files"
echo " "
echo "$PACKAGE -e FILE [-i PRIVATE_KEY]"
echo "$PACKAGE -r [-i PRIVATE_KEY]"
echo ' '
echo 'options:'
echo '-h, --help show help'
# shellcheck disable=SC2016
echo '-e, --edit FILE edits FILE using $EDITOR'
echo '-r, --rekey re-encrypts all secrets with specified recipients'
echo '-d, --decrypt FILE decrypts FILE to STDOUT'
echo '-i, --identity identity to use when decrypting'
echo '-v, --verbose verbose output'
echo ' '
echo 'FILE an age-encrypted file'
echo ' '
echo 'PRIVATE_KEY a path to a private SSH key used to decrypt file'
echo ' '
echo 'EDITOR environment variable of editor to use when editing FILE'
echo ' '
echo 'If STDIN is not interactive, EDITOR will be set to "cp /dev/stdin"'
echo ' '
echo 'RULES environment variable with path to Nix file specifying recipient public keys.'
echo "Defaults to './secrets.nix'"
echo ' '
echo "agenix version: @version@"
echo "age binary path: @ageBin@"
echo "age version: $(@ageBin@ --version)"
}
function warn() {
printf '%s\n' "$*" >&2
}
function err() {
warn "$*"
exit 1
}
test $# -eq 0 && (show_help && exit 1)
REKEY=0
DECRYPT_ONLY=0
DEFAULT_DECRYPT=(--decrypt)
while test $# -gt 0; do
case "$1" in
-h|--help)
show_help
exit 0
;;
-e|--edit)
shift
if test $# -gt 0; then
export FILE=$1
else
echo "no FILE specified"
exit 1
fi
shift
;;
-i|--identity)
shift
if test $# -gt 0; then
DEFAULT_DECRYPT+=(--identity "$1")
else
echo "no PRIVATE_KEY specified"
exit 1
fi
shift
;;
-r|--rekey)
shift
REKEY=1
;;
-d|--decrypt)
shift
DECRYPT_ONLY=1
if test $# -gt 0; then
export FILE=$1
else
echo "no FILE specified"
exit 1
fi
shift
;;
-v|--verbose)
shift
set -x
;;
*)
show_help
exit 1
;;
esac
done
RULES=${RULES:-./secrets.nix}
function cleanup {
if [ -n "${CLEARTEXT_DIR+x}" ]
then
rm -rf -- "$CLEARTEXT_DIR"
fi
if [ -n "${REENCRYPTED_DIR+x}" ]
then
rm -rf -- "$REENCRYPTED_DIR"
fi
}
trap "cleanup" 0 2 3 15
function keys {
(@nixInstantiate@ --json --eval --strict -E "(let rules = import $RULES; in rules.\"$1\".publicKeys)" | @jqBin@ -r .[]) || exit 1
}
function armor {
(@nixInstantiate@ --json --eval --strict -E "(let rules = import $RULES; in (builtins.hasAttr \"armor\" rules.\"$1\" && rules.\"$1\".armor))") || exit 1
}
function decrypt {
FILE=$1
KEYS=$2
if [ -z "$KEYS" ]
then
err "There is no rule for $FILE in $RULES."
fi
if [ -f "$FILE" ]
then
DECRYPT=("${DEFAULT_DECRYPT[@]}")
if [[ "${DECRYPT[*]}" != *"--identity"* ]]; then
if [ -f "$HOME/.ssh/id_rsa" ]; then
DECRYPT+=(--identity "$HOME/.ssh/id_rsa")
fi
if [ -f "$HOME/.ssh/id_ed25519" ]; then
DECRYPT+=(--identity "$HOME/.ssh/id_ed25519")
fi
fi
if [[ "${DECRYPT[*]}" != *"--identity"* ]]; then
err "No identity found to decrypt $FILE. Try adding an SSH key at $HOME/.ssh/id_rsa or $HOME/.ssh/id_ed25519 or using the --identity flag to specify a file."
fi
@ageBin@ "${DECRYPT[@]}" -- "$FILE" || exit 1
fi
}
function edit {
FILE=$1
KEYS=$(keys "$FILE") || exit 1
ARMOR=$(armor "$FILE") || exit 1
CLEARTEXT_DIR=$(@mktempBin@ -d)
CLEARTEXT_FILE="$CLEARTEXT_DIR/$(basename -- "$FILE")"
DEFAULT_DECRYPT+=(-o "$CLEARTEXT_FILE")
decrypt "$FILE" "$KEYS" || exit 1
[ ! -f "$CLEARTEXT_FILE" ] || cp -- "$CLEARTEXT_FILE" "$CLEARTEXT_FILE.before"
[ -t 0 ] || EDITOR='cp -- /dev/stdin'
$EDITOR "$CLEARTEXT_FILE"
if [ ! -f "$CLEARTEXT_FILE" ]
then
warn "$FILE wasn't created."
return
fi
[ -f "$FILE" ] && [ "$EDITOR" != ":" ] && @diffBin@ -q -- "$CLEARTEXT_FILE.before" "$CLEARTEXT_FILE" && warn "$FILE wasn't changed, skipping re-encryption." && return
ENCRYPT=()
if [[ "$ARMOR" == "true" ]]; then
ENCRYPT+=(--armor)
fi
while IFS= read -r key
do
if [ -n "$key" ]; then
ENCRYPT+=(--recipient "$key")
fi
done <<< "$KEYS"
REENCRYPTED_DIR=$(@mktempBin@ -d)
REENCRYPTED_FILE="$REENCRYPTED_DIR/$(basename -- "$FILE")"
ENCRYPT+=(-o "$REENCRYPTED_FILE")
@ageBin@ "${ENCRYPT[@]}" <"$CLEARTEXT_FILE" || exit 1
mkdir -p -- "$(dirname -- "$FILE")"
mv -f -- "$REENCRYPTED_FILE" "$FILE"
}
function rekey {
FILES=$( (@nixInstantiate@ --json --eval -E "(let rules = import $RULES; in builtins.attrNames rules)" | @jqBin@ -r .[]) || exit 1)
for FILE in $FILES
do
warn "rekeying $FILE..."
EDITOR=: edit "$FILE"
cleanup
done
}
[ $REKEY -eq 1 ] && rekey && exit 0
[ $DECRYPT_ONLY -eq 1 ] && DEFAULT_DECRYPT+=("-o" "-") && decrypt "${FILE}" "$(keys "$FILE")" && exit 0
edit "$FILE" && cleanup && exit 0

66
pkgs/agenix/default.nix
View File

@@ -1,66 +0,0 @@
{
lib,
stdenv,
age,
jq,
nix,
mktemp,
diffutils,
replaceVars,
ageBin ? "${age}/bin/age",
shellcheck,
}:
let
bin = "${placeholder "out"}/bin/agenix";
in
stdenv.mkDerivation rec {
pname = "agenix";
version = "0.15.0";
src = replaceVars ./agenix.sh {
inherit ageBin version;
jqBin = "${jq}/bin/jq";
nixInstantiate = "${nix}/bin/nix-instantiate";
mktempBin = "${mktemp}/bin/mktemp";
diffBin = "${diffutils}/bin/diff";
};
dontUnpack = true;
doInstallCheck = true;
installCheckInputs = [ shellcheck ];
postInstallCheck = ''
shellcheck ${bin}
${bin} -h | grep ${version}
test_tmp=$(mktemp -d 2>/dev/null || mktemp -d -t 'mytmpdir')
export HOME="$test_tmp/home"
export NIX_STORE_DIR="$test_tmp/nix/store"
export NIX_STATE_DIR="$test_tmp/nix/var"
mkdir -p "$HOME" "$NIX_STORE_DIR" "$NIX_STATE_DIR"
function cleanup {
rm -rf "$test_tmp"
}
trap "cleanup" 0 2 3 15
mkdir -p $HOME/.ssh
cp -r "${./example}" $HOME/secrets
chmod -R u+rw $HOME/secrets
(
umask u=rw,g=r,o=r
cp ${./example_keys/user1.pub} $HOME/.ssh/id_ed25519.pub
chown $UID $HOME/.ssh/id_ed25519.pub
)
(
umask u=rw,g=,o=
cp ${./example_keys/user1} $HOME/.ssh/id_ed25519
chown $UID $HOME/.ssh/id_ed25519
)
cd $HOME/secrets
test $(${bin} -d secret1.age) = "hello"
'';
installPhase = ''
install -D $src ${bin}
'';
meta.description = "age-encrypted secrets for NixOS";
}

7
pkgs/agenix/example/-leading-hyphen-filename.age
View File

@@ -1,7 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 V3XmEA zirqdzZZ1E+sedBn7fbEHq4ntLEkokZ4GctarBBOHXY
Rvs5YHaAUeCZyNwPedubPcHClWYIuXXWA5zadXPWY6w
-> ssh-ed25519 KLPP8w BVp4rDkOYSQyn8oVeHFeinSqW+pdVtxBF9+5VM1yORY
bMwppAi8Nhz0328taU4AzUkTVyWtSLvFZG6c5W/Fs78
--- xCbqLhXAcOziO2wmbjTiSQfZvt5Rlsc4SCvF+iEzpQA
<EFBFBD>KB<EFBFBD><EFBFBD>/<2F>Z<><5A>r<EFBFBD>%<01><>4<EFBFBD><34><EFBFBD>Mq5<71><35>_<EFBFBD><5F>ݒ<><DD92><EFBFBD><EFBFBD><EFBFBD>11 ܨqM;& <20><>Lr<4C><72><EFBFBD>f<EFBFBD><66><EFBFBD>]>N

7
pkgs/agenix/example/armored-secret.age
View File

@@ -1,7 +0,0 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFYzWG1FQSBpZkZW
aFpLNnJxc0VUMHRmZ2dZS0pjMGVENnR3OHd5K0RiT1RjRUhibFZBCnN5UG5vUjA3
SXpsNGtiVUw4T0tIVFo5Wkk5QS9NQlBndzVvektiQ0ozc0kKLS0tIGxyY1Q4dEZ1
VGZEanJyTFNta2JNRmpZb2FnK2JyS1hSVml1UGdMNWZKQXMKYla+wTXcRedyZoEb
LVWaSx49WoUTU0KBPJg9RArxaeC23GoCDzR/aM/1DvYU
-----END AGE ENCRYPTED FILE-----

9
pkgs/agenix/example/passwordfile-user1.age
View File

@@ -1,9 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 KLPP8w s1DYZRlZuSsyhmZCF1lFB+E9vB8bZ/+ZhBRlx8nprwE
nmYVCsVBrX2CFXXPU+D+bbkkIe/foofp+xoUrg9DHZw
-> ssh-ed25519 V3XmEA Pwv3oCwcY0DX8rY48UNfsj9RumWsn4dbgorYHCwObgI
FKxRYkL3JHtJxUwymWDF0rAtJ33BivDI6IfPsfumM90
-> V'v(/u$-grease em/Vgf 2qDuk
7I3iiQLPGi1COML9u/JeYkr7EqbSLoU
--- 57WJRigUGtmcObrssS3s4PvmR8wgh1AOC/ijJn1s3xI
<EFBFBD>'K<>ƷY&<26>7G<37>O<EFBFBD><4F>Fj<13>k<EFBFBD>X<EFBFBD><58>BnuJ<75><4A>:9<>(<><7F><EFBFBD>X<EFBFBD>#<23>A<EFBFBD><41><EFBFBD><EFBFBD>ڧj<DAA7>,<02>_<17><><EFBFBD>?<3F>Z<EFBFBD><17>v<EFBFBD><76>V<EFBFBD>96]oks~%<25>c <04>e^C<>%JQ5<51><H<>z}<7D>C<EFBFBD>,<2C>p<EFBFBD><70>*!W<><57><EFBFBD>A<EFBFBD><41><EFBFBD>҅dC<15>K)<10><>-<2D>y

BIN
pkgs/agenix/example/secret1.age
View File

Binary file not shown.

5
pkgs/agenix/example/secret2.age
View File

@@ -1,5 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 V3XmEA OB4+1FbPhQ3r6iGksM7peWX5it8NClpXIq/o5nnP7GA
FmHVUj+A5i5+bDFgySQskmlvynnosJiWUTJmBRiNA9I
--- tP+3mFVtd7ogVu1Lkboh55zoi5a77Ht08Uc/QuIviv4
<EFBFBD><EFBFBD>X<EFBFBD>{<7B><>O<EFBFBD><4F><1F><04>tMXx<58>vӪ(<28>I<EFBFBD>myP<79><50><EFBFBD><EFBFBD>+3<>S3i

23
pkgs/agenix/example/secrets.nix
View File

@@ -1,23 +0,0 @@
let
user1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL0idNvgGiucWgup/mP78zyC23uFjYq0evcWdjGQUaBH";
system1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPJDyIr/FSz1cJdcoW69R+NrWzwGK/+3gJpqD1t8L2zE";
in
{
"secret1.age".publicKeys = [
user1
system1
];
"secret2.age".publicKeys = [ user1 ];
"passwordfile-user1.age".publicKeys = [
user1
system1
];
"-leading-hyphen-filename.age".publicKeys = [
user1
system1
];
"armored-secret.age" = {
publicKeys = [ user1 ];
armor = true;
};
}

7
pkgs/agenix/example_keys/system1
View File

@@ -1,7 +0,0 @@
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
QyNTUxOQAAACDyQ8iK/xUs9XCXXKFuvUfja1s8Biv/t4Caag9bfC9sxAAAAJA3yvCWN8rw
lgAAAAtzc2gtZWQyNTUxOQAAACDyQ8iK/xUs9XCXXKFuvUfja1s8Biv/t4Caag9bfC9sxA
AAAEA+J2V6AG1NriAIvnNKRauIEh1JE9HSdhvKJ68a5Fm0w/JDyIr/FSz1cJdcoW69R+Nr
WzwGK/+3gJpqD1t8L2zEAAAADHJ5YW50bUBob21lMQE=
-----END OPENSSH PRIVATE KEY-----

1
pkgs/agenix/example_keys/system1.pub
View File

@@ -1 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPJDyIr/FSz1cJdcoW69R+NrWzwGK/+3gJpqD1t8L2zE

7
pkgs/agenix/example_keys/user1
View File

@@ -1,7 +0,0 @@
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
QyNTUxOQAAACC9InTb4BornFoLqf5j+/M8gtt7hY2KtHr3FnYxkFGgRwAAAJC2JJ8htiSf
IQAAAAtzc2gtZWQyNTUxOQAAACC9InTb4BornFoLqf5j+/M8gtt7hY2KtHr3FnYxkFGgRw
AAAEDxt5gC/s53IxiKAjfZJVCCcFIsdeERdIgbYhLO719+Kb0idNvgGiucWgup/mP78zyC
23uFjYq0evcWdjGQUaBHAAAADHJ5YW50bUBob21lMQE=
-----END OPENSSH PRIVATE KEY-----

1
pkgs/agenix/example_keys/user1.pub
View File

@@ -1 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL0idNvgGiucWgup/mP78zyC23uFjYq0evcWdjGQUaBH

23
pkgs/agenix/update.sh
View File

@@ -1,23 +0,0 @@
#!/bin/sh
set -e
# All operations are done relative to root
GITROOT=$(git rev-parse --show-toplevel)
cd "$GITROOT"
REVISION=${1:-main}
TMPCLONE=$(mktemp -d)
trap "rm -rf ${TMPCLONE}" EXIT
git clone https://github.com/ryantm/agenix.git --revision="$REVISION" "$TMPCLONE" --depth=1
cp "${TMPCLONE}/pkgs/agenix.sh" pkgs/agenix/agenix.sh
cp "${TMPCLONE}/pkgs/agenix.nix" pkgs/agenix/default.nix
sed -i 's#../example#./example#' pkgs/agenix/default.nix
cp "${TMPCLONE}/example/"* pkgs/agenix/example/
cp "${TMPCLONE}/example_keys/"* pkgs/agenix/example_keys/
cp "${TMPCLONE}/modules/age.nix" m/module/agenix.nix

2
pkgs/amd-uprof/default.nix
View File

@@ -90,7 +90,7 @@ in
meta = { meta = {
description = "Performance analysis tool-suite for x86 based applications"; description = "Performance analysis tool-suite for x86 based applications";
homepage = "https://www.amd.com/es/developer/uprof.html"; homepage = "https://www.amd.com/es/developer/uprof.html";
platforms = [ "x86_64-linux" ]; platforms = lib.platforms.linux;
license = lib.licenses.unfree; license = lib.licenses.unfree;
maintainers = with lib.maintainers.bsc; [ rarias varcila ]; maintainers = with lib.maintainers.bsc; [ rarias varcila ];
}; };

2
pkgs/amd-uprof/driver.nix
View File

@@ -19,7 +19,7 @@ in stdenv.mkDerivation {
''; '';
hardeningDisable = [ "pic" "format" ]; hardeningDisable = [ "pic" "format" ];
nativeBuildInputs = kernel.moduleBuildDependencies; nativeBuildInputs = kernel.moduleBuildDependencies;
patches = [ ./makefile.patch ./hrtimer.patch ./remove-wr-rdmsrq.patch ]; patches = [ ./makefile.patch ./hrtimer.patch ];
makeFlags = [ makeFlags = [
"KERNEL_VERSION=${kernel.modDirVersion}" "KERNEL_VERSION=${kernel.modDirVersion}"
"KERNEL_DIR=${kernel.dev}/lib/modules/${kernel.modDirVersion}/build" "KERNEL_DIR=${kernel.dev}/lib/modules/${kernel.modDirVersion}/build"

20
pkgs/amd-uprof/remove-wr-rdmsrq.patch
View File

@@ -1,20 +0,0 @@
diff --git a/inc/PwrProfAsm.h b/inc/PwrProfAsm.h
index d77770a..c93a0e9 100644
--- a/inc/PwrProfAsm.h
+++ b/inc/PwrProfAsm.h
@@ -347,6 +347,7 @@
#endif
+/*
#define rdmsrq(msr,val1,val2,val3,val4) ({ \
__asm__ __volatile__( \
"rdmsr\n" \
@@ -362,6 +363,7 @@
:"c"(msr), "a"(val1), "d"(val2), "S"(val3), "D"(val4) \
); \
})
+*/
#define rdmsrpw(msr,val1,val2,val3,val4) ({ \
__asm__ __volatile__( \

8
pkgs/cudainfo/default.nix
View File

@@ -1,6 +1,5 @@
{ {
stdenv stdenv
, lib
, cudatoolkit , cudatoolkit
, cudaPackages , cudaPackages
, autoAddDriverRunpath , autoAddDriverRunpath
@@ -12,7 +11,7 @@ stdenv.mkDerivation (finalAttrs: {
src = ./.; src = ./.;
buildInputs = [ buildInputs = [
cudatoolkit # Required for nvcc cudatoolkit # Required for nvcc
(lib.getOutput "static" cudaPackages.cuda_cudart) # Required for -lcudart_static cudaPackages.cuda_cudart.static # Required for -lcudart_static
autoAddDriverRunpath autoAddDriverRunpath
]; ];
installPhase = '' installPhase = ''
@@ -41,9 +40,4 @@ stdenv.mkDerivation (finalAttrs: {
''; '';
installPhase = "touch $out"; installPhase = "touch $out";
}; };
meta = {
platforms = [ "x86_64-linux" ];
maintainers = with lib.maintainers.bsc; [ rarias ];
};
}) })

17
pkgs/gpi-2/default.nix
View File

@@ -9,6 +9,7 @@
, automake , automake
, libtool , libtool
, mpi , mpi
, rsync
, gfortran , gfortran
}: }:
@@ -43,24 +44,13 @@ stdenv.mkDerivation rec {
configureFlags = [ configureFlags = [
"--with-infiniband=${rdma-core-all}" "--with-infiniband=${rdma-core-all}"
"--with-mpi=yes" # fixes mpi detection when cross-compiling "--with-mpi=${mpiAll}"
"--with-slurm" "--with-slurm"
"CFLAGS=-fPIC" "CFLAGS=-fPIC"
"CXXFLAGS=-fPIC" "CXXFLAGS=-fPIC"
]; ];
nativeBuildInputs = [ buildInputs = [ slurm mpiAll rdma-core-all autoconf automake libtool rsync gfortran ];
autoconf
automake
gfortran
libtool
];
buildInputs = [
slurm
mpiAll
rdma-core-all
];
hardeningDisable = [ "all" ]; hardeningDisable = [ "all" ];
@@ -70,6 +60,5 @@ stdenv.mkDerivation rec {
maintainers = with lib.maintainers.bsc; [ rarias ]; maintainers = with lib.maintainers.bsc; [ rarias ];
platforms = lib.platforms.linux; platforms = lib.platforms.linux;
license = lib.licenses.gpl3Plus; license = lib.licenses.gpl3Plus;
cross = false; # infiniband detection does not work
}; };
} }

190
pkgs/gromacs/default.nix
View File

@@ -1,190 +0,0 @@
{
lib,
stdenv,
fetchurl,
cmake,
hwloc,
fftw,
perl,
blas,
lapack,
llvmPackages,
intelPackages ? null,
mpi,
cudaPackages,
plumed,
singlePrec ? true,
config,
enableSYCL ? false,
enableCuda ? config.cudaSupport,
enableMpi ? false,
enablePlumed ? false,
cpuAcceleration ? null,
}:
# CUDA is only implemented for single precission
assert enableCuda -> singlePrec;
assert !(enableSYCL && enableCuda);
assert enableSYCL -> intelPackages != null;
let
inherit (cudaPackages.flags) cmakeCudaArchitecturesString;
# Select reasonable defaults for all major platforms
# The possible values are defined in CMakeLists.txt:
# AUTO None SSE2 SSE4.1 AVX_128_FMA AVX_256 AVX2_256
# AVX2_128 AVX_512 AVX_512_KNL MIC ARM_NEON ARM_NEON_ASIMD
SIMD =
x:
if (cpuAcceleration != null) then
x
else if stdenv.hostPlatform.system == "i686-linux" then
"SSE2"
else if stdenv.hostPlatform.system == "x86_64-linux" then
"SSE4.1"
else if stdenv.hostPlatform.system == "x86_64-darwin" then
"SSE4.1"
else if stdenv.hostPlatform.system == "aarch64-linux" then
"ARM_NEON_ASIMD"
else
"None";
source =
if enablePlumed then
{
version = "2024.2";
hash = "sha256-gCp+M18uiVdw9XsVnk7DaOuw/yzm2sz3BsboAlw2hSs=";
}
else
{
version = "2025.3";
hash = "sha256-i9/KAmjz8Qp8o8BuWbYvc+oCQgxnIRwP85EvMteDPGU=";
};
stdenv' = if enableSYCL then intelPackages.stdenv else stdenv;
in
stdenv'.mkDerivation rec {
pname = "gromacs";
version = source.version;
src = fetchurl {
url = "ftp://ftp.gromacs.org/pub/gromacs/gromacs-${version}.tar.gz";
inherit (source) hash;
};
patches = [ (if enablePlumed then ./pkgconfig-2024.patch else ./pkgconfig-2025.patch) ];
postPatch = lib.optionalString enablePlumed ''
plumed patch -p -e gromacs-${source.version}
'';
outputs = [
"out"
"dev"
"man"
];
nativeBuildInputs = [
cmake
]
++ lib.optional enablePlumed plumed
++ lib.optionals enableCuda [ cudaPackages.cuda_nvcc ];
env.MKLROOT = intelPackages.mkl;
buildInputs = [
fftw
perl
hwloc
blas
lapack
]
++ lib.optional enableMpi mpi
++ lib.optionals enableCuda [
cudaPackages.cuda_cccl
cudaPackages.cuda_cudart
cudaPackages.libcufft
cudaPackages.cuda_profiler_api
]
++ lib.optional stdenv.hostPlatform.isDarwin llvmPackages.openmp;
propagatedBuildInputs = lib.optional enableMpi mpi;
propagatedUserEnvPkgs = lib.optional enableMpi mpi;
cmakeFlags = [
(lib.cmakeBool "GMX_HWLOC" true)
"-DGMX_SIMD:STRING=${SIMD cpuAcceleration}"
"-DGMX_OPENMP:BOOL=TRUE"
"-DBUILD_SHARED_LIBS=ON"
]
++ (
if singlePrec then
[
"-DGMX_DOUBLE=OFF"
]
else
[
"-DGMX_DOUBLE=ON"
"-DGMX_DEFAULT_SUFFIX=OFF"
]
)
++ (
if enableMpi then
[
"-DGMX_MPI:BOOL=TRUE"
"-DGMX_THREAD_MPI:BOOL=FALSE"
]
else
[
"-DGMX_MPI:BOOL=FALSE"
]
)
++ (lib.optionals enableSYCL [
"-DGMX_GPU=SYCL"
"-DGMX_OPENMP=OFF" # TODO: enable OpenMP with SYCL?
])
++ lib.optionals enableCuda [
"-DGMX_GPU=CUDA"
(lib.cmakeFeature "CMAKE_CUDA_ARCHITECTURES" cmakeCudaArchitecturesString)
# Gromacs seems to ignore and override the normal variables, so we add this ad hoc:
(lib.cmakeFeature "GMX_CUDA_TARGET_COMPUTE" cmakeCudaArchitecturesString)
];
postInstall = ''
moveToOutput share/cmake $dev
'';
meta = with lib; {
homepage = "https://www.gromacs.org";
license = licenses.lgpl21Plus;
description = "Molecular dynamics software package";
longDescription = ''
GROMACS is a versatile package to perform molecular dynamics,
i.e. simulate the Newtonian equations of motion for systems
with hundreds to millions of particles.
It is primarily designed for biochemical molecules like
proteins, lipids and nucleic acids that have a lot of
complicated bonded interactions, but since GROMACS is
extremely fast at calculating the nonbonded interactions (that
usually dominate simulations) many groups are also using it
for research on non-biological systems, e.g. polymers.
GROMACS supports all the usual algorithms you expect from a
modern molecular dynamics implementation, (check the online
reference or manual for details), but there are also quite a
few features that make it stand out from the competition.
See: https://www.gromacs.org/about.html for details.
'';
platforms = platforms.unix;
maintainers = with maintainers; [
sheepforce
markuskowa
];
};
}

24
pkgs/gromacs/pkgconfig-2024.patch
View File

@@ -1,24 +0,0 @@
diff --git a/src/external/muparser/muparser.pc.in b/src/external/muparser/muparser.pc.in
index 646787cb53..9b97ad57f7 100644
--- a/src/external/muparser/muparser.pc.in
+++ b/src/external/muparser/muparser.pc.in
@@ -1,7 +1,5 @@
-prefix=@CMAKE_INSTALL_PREFIX@
-exec_prefix=${prefix}
-libdir=${prefix}/@CMAKE_INSTALL_LIBDIR@
-includedir=${prefix}/@CMAKE_INSTALL_INCLUDEDIR@
+libdir=@CMAKE_INSTALL_FULL_LIBDIR@
+includedir=@CMAKE_INSTALL_FULL_INCLUDEDIR@
Name: @PACKAGE_NAME@
Description: Mathematical expressions parser library
diff --git a/src/gromacs/libgromacs.pc.cmakein b/src/gromacs/libgromacs.pc.cmakein
index ec1ed6684e..ca1105474a 100644
--- a/src/gromacs/libgromacs.pc.cmakein
+++ b/src/gromacs/libgromacs.pc.cmakein
@@ -1,4 +1,4 @@
-libdir=@CMAKE_INSTALL_PREFIX@/@CMAKE_INSTALL_LIBDIR@
+libdir=@CMAKE_INSTALL_FULL_LIBDIR@
Name: libgromacs@GMX_LIBS_SUFFIX@
Description: Gromacs library

36
pkgs/gromacs/pkgconfig-2025.patch
View File

@@ -1,36 +0,0 @@
diff --git a/src/external/muparser/muparser.pc.in b/src/external/muparser/muparser.pc.in
index 646787cb53..d26e84de8f 100644
--- a/src/external/muparser/muparser.pc.in
+++ b/src/external/muparser/muparser.pc.in
@@ -1,11 +1,9 @@
-prefix=@CMAKE_INSTALL_PREFIX@
-exec_prefix=${prefix}
-libdir=${prefix}/@CMAKE_INSTALL_LIBDIR@
-includedir=${prefix}/@CMAKE_INSTALL_INCLUDEDIR@
-
-Name: @PACKAGE_NAME@
-Description: Mathematical expressions parser library
-Version: @MUPARSER_VERSION@
-Requires:
-Libs: -L${libdir} -lmuparser
-Cflags: -I${includedir} @PKG_CONFIG_FLAGS@
+libdir=@CMAKE_INSTALL_FULL_LIBDIR@
+includedir=@CMAKE_INSTALL_FULL_INCLUDEDIR@
+
+Name: @PACKAGE_NAME@
+Description: Mathematical expressions parser library
+Version: @MUPARSER_VERSION@
+Requires:
+Libs: -L${libdir} -lmuparser
+Cflags: -I${includedir} @PKG_CONFIG_FLAGS@
diff --git a/src/gromacs/libgromacs.pc.cmakein b/src/gromacs/libgromacs.pc.cmakein
index af9b5a6dc0..5f58d549bf 100644
--- a/src/gromacs/libgromacs.pc.cmakein
+++ b/src/gromacs/libgromacs.pc.cmakein
@@ -1,5 +1,4 @@
-prefix=@CMAKE_INSTALL_PREFIX@
-libdir=${prefix}/@CMAKE_INSTALL_LIBDIR@
+libdir=@CMAKE_INSTALL_FULL_LIBDIR@
Name: libgromacs@GMX_LIBS_SUFFIX@
Description: Gromacs library

55
pkgs/intel-oneapi/2023.nix
View File

@@ -40,19 +40,45 @@ let
mpi = "2021.9.0"; mpi = "2021.9.0";
}; };
findMatch = name: aptPackageIndex = stdenv.mkDerivation {
let name = "intel-oneapi-packages";
aptPackages = builtins.fromJSON (builtins.readFile ./packages.json); srcs = [
matches = lib.filter (x: name == x.pname) aptPackages; # Run update.sh to update the package lists
n = lib.length matches; ./amd64-packages ./all-packages
match = builtins.traceVerbose (name + " -- ${builtins.toString n}") (builtins.head matches); ];
phases = [ "installPhase" ];
installPhase = ''
awk -F': ' '\
BEGIN { print "[ {" } \
NR>1 && /^Package: / { print "} {"; } \
/: / { printf "%s = \"%s\";\n", $1, $2 } \
END { print "} ]" }' $srcs > $out
'';
};
apthost = "https://apt.repos.intel.com/oneapi/"; aptPackages = import aptPackageIndex;
apthost = "https://apt.repos.intel.com/oneapi/";
getSum = pkgList: name:
let
matches = lib.filter (x: name == x.Package) pkgList;
#n = lib.length matches;
#match = builtins.trace (name + " -- ${builtins.toString n}") (lib.elemAt matches 0);
match = lib.elemAt matches 0;
in in
{ match.SHA256;
url = apthost + match.filename;
sha256 = match.sha256; getUrl = pkgList: name:
}; let
matches = lib.filter (x: name == x.Package) pkgList;
#match = assert lib.length matches == 1; lib.elemAt matches 0;
n = lib.length matches;
match =
#builtins.trace (name + " -- n=${builtins.toString n}")
(lib.elemAt matches 0);
in
apthost + match.Filename;
uncompressDebs = debs: name: stdenv.mkDerivation { uncompressDebs = debs: name: stdenv.mkDerivation {
name = name; name = name;
@@ -72,7 +98,10 @@ let
joinDebs = name: names: joinDebs = name: names:
let let
debs = builtins.map (x: builtins.fetchurl (findMatch x)) names; urls = builtins.map (x: getUrl aptPackages x) names;
sums = builtins.map (x: getSum aptPackages x) names;
getsrc = url: sha256: builtins.fetchurl { inherit url sha256; };
debs = lib.zipListsWith getsrc urls sums;
in in
uncompressDebs debs "${name}-source"; uncompressDebs debs "${name}-source";
@@ -441,7 +470,7 @@ let
''; '';
}; };
ifort-wrapper = wrapIntel { ifort-wrapper = wrapIntel rec {
cc = intel-compiler-fortran; cc = intel-compiler-fortran;
mygcc = gcc; mygcc = gcc;
extraBuild = '' extraBuild = ''

8769
pkgs/intel-oneapi/all-packages Normal file
View File

File diff suppressed because it is too large Load Diff

34075
pkgs/intel-oneapi/amd64-packages Normal file
View File

File diff suppressed because it is too large Load Diff

1
pkgs/intel-oneapi/packages.json
View File

File diff suppressed because one or more lines are too long

297
pkgs/intel-oneapi/packages.nix
View File

@@ -1,297 +0,0 @@
{
lib,
stdenv,
callPackage,
dpkg,
fetchurl,
sqlite,
elfutils,
}:
let
inherit (builtins)
attrNames
attrValues
concatMap
elem
filter
fromJSON
getAttr
groupBy
head
isNull
listToAttrs
map
mapAttrs
readFile
replaceStrings
splitVersion
;
inherit (lib)
converge
findFirst
groupBy'
hasPrefix
optional
pipe
take
toInt
toList
versionAtLeast
versionOlder
;
aptData = fromJSON (readFile ./packages.json);
# Compare versions in debian control file syntax
# See: https://www.debian.org/doc/debian-policy/ch-relationships.html#syntax-of-relationship-fields
#
# NOTE: this is not a proper version comparison
#
# A proper version solver, should aggregate dependencies with the same name
# and compute the constraint (e.g. a (>= 2) a (<< 5) -> 2 <= a << 5)
#
# But in the intel repo, there are no such "duplicated" dependencies to specify
# upper limits, which leads to issues when intel-hpckit-2021 depends on things
# like intel-basekit >= 2021.1.0-2403 and we end up installing the newest
# basekit instead of the one from 2021.
#
# To mitigate this, >= is set to take the latest version with matching major
# and minor (only revision and patch are allowed to change)
compareVersions =
got: kind: want:
let
g0 = take 2 (splitVersion got);
w0 = take 2 (splitVersion want);
in
if isNull want then
true
else if kind == "=" then
got == want
else if kind == "<<" then
versionOlder got want
else if kind == "<=" then
versionAtLeast want got
else if kind == ">>" then
versionOlder want got
else if kind == ">=" then
(g0 == w0) && versionAtLeast got want # always match major version
else
throw "unknown operation: ${kind}";
findMatching =
{
pname,
kind,
version,
}:
findFirst (x: pname == x.pname && compareVersions x.version kind version) null aptData;
isIntel = pkg: (hasPrefix "intel-" pkg.pname);
expandDeps =
pkg: (map findMatching (filter isIntel pkg.dependencies)) ++ (optional (pkg.size != 0) pkg);
# get the oldest by major version. If they have the same major version, take
# the newest. This prevents most issues with resolutions
# versionOlder b a -> true if b is older than a (b `older` a)
getNewerInMajor =
a: b:
let
va = a.version;
vb = b.version;
va0 = head (splitVersion va);
vb0 = head (splitVersion vb);
in
if isNull a then
b
else if va0 != vb0 then
if va0 > vb0 then b else a
else if versionOlder vb va then
a
else
b;
removeDups = l: attrValues (groupBy' getNewerInMajor null (getAttr "provides") l);
_resolveDeps = converge (l: removeDups (concatMap expandDeps l));
resolveDeps =
pkg:
let
deps = _resolveDeps (toList pkg);
namedDeps = (map (x: "${x.pname}-${x.version}") deps);
in
builtins.traceVerbose (builtins.deepSeq namedDeps namedDeps) deps;
blacklist = [
"intel-basekit-env"
"intel-basekit-getting-started"
"intel-hpckit-env"
"intel-hpckit-getting-started"
"intel-oneapi-advisor"
"intel-oneapi-common-licensing"
"intel-oneapi-common-oneapi-vars"
"intel-oneapi-common-vars"
"intel-oneapi-compiler-cpp-eclipse-cfg"
"intel-oneapi-compiler-dpcpp-eclipse-cfg"
"intel-oneapi-condaindex"
"intel-oneapi-dev-utilities-eclipse-cfg"
"intel-oneapi-dpcpp-ct-eclipse-cfg"
"intel-oneapi-eclipse-ide"
"intel-oneapi-hpc-toolkit-getting-started"
"intel-oneapi-icc-eclipse-plugin-cpp"
"intel-oneapi-vtune"
"intel-oneapi-vtune-eclipse-plugin-vtune"
];
isInBlacklist = pkg: elem pkg.provides blacklist;
removeBlacklist = filter (e: !(isInBlacklist e));
dpkgExtractAll =
pname: version:
{ srcs, deps }:
stdenv.mkDerivation {
inherit pname version srcs;
nativeBuildInputs = [ dpkg ];
phases = [ "installPhase" ];
passthru = { inherit deps; };
installPhase = ''
mkdir -p $out
for src in $srcs; do
echo "Unpacking $src"
dpkg -x $src $out
done
'';
};
apthost = "https://apt.repos.intel.com/oneapi/";
fetchDeb =
p:
fetchurl {
url = apthost + p.filename;
inherit (p) sha256;
};
buildIntel =
pkg:
pipe pkg [
resolveDeps
removeBlacklist
(l: {
srcs = map fetchDeb l;
deps = l;
})
(dpkgExtractAll "${pkg.provides}-extracted" pkg.version)
];
findHpcKit =
year:
findMatching {
pname = "intel-hpckit";
kind = "<<";
version = toString (year + 1);
};
years = map toInt (attrNames components);
patchIntel = callPackage ./patch_intel.nix { };
# Version information for each hpckit. This is used to normalize the paths
# so that files are in $out/{bin,lib,include...} instead of all over the place
# in $out/opt/intel/oneapi/*/*/{...}.
#
# The most important is the compiler component, which is used to build the
# stdenv for the hpckit.
#
# NOTE: this have to be manually specified, so we can avoid IFD. To add a
# new version, add a new field with an empty attrset, (e.g. "2026" = {}; ),
# build hpckit_2026.unpatched and use the values from
# result/opt/intel/oneapi/* to populate the attrset.
#
# WARN: if there are more than one version in the folders of the unpatched
# components, our dependency resolution hacks have probably failed and the
# package set may be broken.
components = {
"2025" = {
ishmem = "1.4";
pti = "0.13";
tcm = "1.4";
umf = "0.11";
ccl = "2021.16";
compiler = "2025.2";
dal = "2025.8";
debugger = "2025.2";
dev-utilities = "2025.2";
dnnl = "2025.2";
dpcpp-ct = "2025.2";
dpl = "2022.9";
ipp = "2022.2";
ippcp = "2025.2";
mkl = "2025.2";
mpi = "2021.16";
tbb = "2022.2";
};
"2024" = {
tcm = "1.1";
ccl = "2021.13";
compiler = "2024.2";
dal = "2024.6";
debugger = "2024.2";
dev-utilities = "2024.2";
diagnostics = "2024.2";
dnnl = "2024.2";
dpcpp-ct = "2024.2";
dpl = "2022.6";
ipp = "2021.12";
ippcp = "2021.12";
mkl = "2024.2";
mpi = "2021.13";
tbb = "2021.13";
extraPackages = [
sqlite
elfutils
];
};
};
replaceDots = replaceStrings [ "." ] [ "_" ];
in
lib.recurseIntoAttrs (
listToAttrs (
map (
year:
let
year_str = toString year;
in
{
name = "hpckit_${year_str}";
value = patchIntel {
unpatched = buildIntel (findHpcKit year);
components = components.${year_str};
};
}
) years
)
)
// {
apt = pipe aptData [
(groupBy (p: replaceDots p.provides))
(mapAttrs (
_: l:
listToAttrs (
map (pkg: {
name = replaceDots ("v" + pkg.version);
value = pkg;
}) l
)
))
];
inherit resolveDeps patchIntel buildIntel;
}

201
pkgs/intel-oneapi/patch_intel.nix
View File

@@ -1,201 +0,0 @@
{
stdenv,
stdenvNoCC,
lib,
symlinkJoin,
autoPatchelfHook,
wrapCCWith,
overrideCC,
gcc,
hwloc,
libelf,
libgcc,
libffi_3_3,
libpsm2,
libuuid,
libxml2,
numactl,
ocl-icd,
openssl,
python3,
rdma-core,
ucx,
zlib,
writeTextFile,
}:
lib.makeOverridable (
{
unpatched,
components ? { },
extraPackages ? components.extraPackages or [ ],
}:
let
inherit (builtins)
attrValues
filter
mapAttrs
removeAttrs
;
__components = removeAttrs components [ "extraPackages" ];
_components = __components;
# _components = lib.traceSeqN 2 {
# inherit unpatched __components;
# deps = builtins.map (x: "${x.pname}-${x.version}") unpatched.deps;
# } __components;
wrapIntel =
cc:
let
targetConfig = stdenv.targetPlatform.config;
in
(wrapCCWith {
inherit cc;
nixSupport = {
cc-ldflags = [
"-L${gcc.cc}/lib/gcc/${targetConfig}/${gcc.version}"
"-L${gcc.cc.lib}/lib"
"-L${libgcc.out}/lib"
"-L${cc}/lib"
];
cc-cflags = [
"--gcc-toolchain=${gcc.cc}"
"-isystem \"${cc.original}/lib/clang/*/include\""
"-isystem ${cc}/include"
"-isystem ${cc}/include/intel64"
"-isystem ${gcc.cc}/lib/gcc/${targetConfig}/${gcc.version}/include"
];
libcxx-cxxflags = [
# "--gcc-toolchain=${gcc.cc}"
"-isystem ${gcc.cc}/include/c++/${gcc.version}"
"-isystem ${gcc.cc}/include/c++/${gcc.version}/${targetConfig}"
];
};
extraBuildCommands = ''
# FIXME: We should find a better way to modify the PATH instead of using
# this ugly hack. See https://jungle.bsc.es/git/rarias/bscpkgs/issues/9
echo 'path_backup="${gcc.cc}/bin:$path_backup"' >>$out/nix-support/cc-wrapper-hook
# Disable hardening by default
echo "" > $out/nix-support/add-hardening.sh
wrap icx $wrapper $ccPath/icx
wrap icpx $wrapper $ccPath/icpx
wrap ifx $wrapper $ccPath/ifx
ln -s $out/bin/icpx $out/bin/c++
ln -s $out/bin/icx $out/bin/cc
ln -s $ccPath/sycl-ls $out/bin/sycl-ls
ln -s $ccPath/sycl-trace $out/bin/sycl-trace
sed -i 's/.*isCxx=0/isCxx=1/' $out/bin/icpx
# Use this to detect when a compiler subprocess is called
# from icpx (--fsycl-host-compiler)
echo 'export NIX_CC_WRAPPER_INTEL=1' >>$out/nix-support/cc-wrapper-hook
# oneMath looks for sycl libraries in bin/../lib
ln -s ${cc}/lib $out/lib
ln -s ${cc}/include $out/include
'';
}).overrideAttrs
(old: {
installPhase = old.installPhase + ''
export named_cc="icx"
export named_cxx="icpx"
export named_fc="ifx"
'';
});
in
stdenvNoCC.mkDerivation (finalAttrs: {
pname = lib.removeSuffix "-extracted" unpatched.pname;
inherit (unpatched) version;
src = unpatched;
phases = [
"installPhase"
"fixupPhase"
];
buildInputs = [
libffi_3_3
libelf
libxml2
hwloc
numactl
libuuid
libpsm2
zlib
ocl-icd
rdma-core
ucx
openssl
python3
stdenv.cc.cc.lib
]
++ extraPackages;
autoPatchelfIgnoreMissingDeps = [
"libhwloc.so.5"
"libcuda.so.1"
"libze_loader.so.1"
];
# There are broken symlinks that go outside packages, ignore them
dontCheckForBrokenSymlinks = true;
nativeBuildInputs = [ autoPatchelfHook ];
installPhase = ''
cp -r $src/opt/intel/oneapi/ $out
'';
passthru =
let
pkgs = mapAttrs (
folder: version:
let
original = "${finalAttrs.finalPackage}/${folder}/${version}";
etc-vendors = writeTextFile {
name = "intel-ocl-icd";
text = "${original}/lib/libintelocl.so";
destination = "/etc/OpenCL/vendors/intel.icd";
};
in
symlinkJoin {
pname = "intel-${folder}";
inherit version;
paths = [ original ] ++ lib.optionals (folder == "compiler") [ etc-vendors ];
passthru = { inherit original; };
}
) _components;
in
pkgs
// {
inherit unpatched;
pkgs = lib.recurseIntoAttrs pkgs;
components = _components;
# This contains all packages properly symlinked into toplevel directories
# in $out.
#
# NOTE: there are clashes with packages that have symlinks outside their
# scope (libtcm and env/vars.sh)
all = symlinkJoin {
pname = finalAttrs.finalPackage.pname + "-symlinked";
inherit (finalAttrs.finalPackage) version;
paths = filter lib.isDerivation (attrValues finalAttrs.finalPackage.pkgs);
};
stdenv = overrideCC stdenv finalAttrs.finalPackage.cc;
cc = wrapIntel finalAttrs.finalPackage.pkgs.compiler;
};
})
)

29
pkgs/intel-oneapi/process.jq
View File

@@ -1,29 +0,0 @@
#!/usr/bin/env -S jq -f
def extract_fields: {
pname : .Package,
version : .Version,
provides : .Package | sub("[0-9.-]*$"; ""),
filename : .Filename,
size : ."Installed-Size" | tonumber,
sha256 : .SHA256,
dependencies : .Depends,
} ;
# parses dependencies into a list of [{.pname, .kind, .version}]
# some dependencies do not have a version specified, in which case, kind = version = null
#
# example dependencies:
# intel-oneapi-common-vars (>= 2023.0.0-25325), intel-oneapi-common-licensing-2023.0.0
def split_dependencies : map(try(.dependencies |= split(",\\s?"; "")) // .dependencies |= []) ;
def match_version : capture("(?<pname>[a-zA-Z0-9_\\-.]*) *(\\((?<kind>[<>=]*) *(?<version>.*)\\))?"; "") ;
def parse_dependencies : map_values(.dependencies.[] |= match_version) ;
def sort_version_decreasing : sort_by(.version | split("[-.]"; "") | map(tonumber)) | reverse ;
map(extract_fields) | split_dependencies | parse_dependencies | sort_version_decreasing
# [.[] | select(.pname == "intel-hpckit") | .version]

29
pkgs/intel-oneapi/toJson.awk
View File

@@ -1,29 +0,0 @@
#!/usr/bin/env -S awk -f
BEGIN {
FS=": "
prev_empty=1
t=" "
print "[ {"
}
!NF { # empty line, update separator so next non empty line closes the dict
prev_empty=1
t="},\n{ "
next # skip line (we won't match anything else)
}
{
printf t "\"%s\" : \"%s\"\n", $1, $2
if (prev_empty) {
# we were the first after a group of empty lines, following ones have to
# have a comma
prev_empty=0
t=", "
}
}
END { print "} ]" }

11
pkgs/intel-oneapi/update.sh
View File

@@ -1,11 +1,4 @@
#!/bin/sh #!/bin/sh
out_64=$(mktemp intel-api.64.XXXXXX) curl https://apt.repos.intel.com/oneapi/dists/all/main/binary-amd64/Packages -o amd64-packages
out_all=$(mktemp intel-api.all.XXXXXX) curl https://apt.repos.intel.com/oneapi/dists/all/main/binary-all/Packages -o all-packages
trap 'rm -f "$out_64" "$out_all"' EXIT INT HUP
curl https://apt.repos.intel.com/oneapi/dists/all/main/binary-amd64/Packages -o "$out_64"
curl https://apt.repos.intel.com/oneapi/dists/all/main/binary-all/Packages -o "$out_all"
# NOTE: we use `jq -r tostring` to minify the json (3.2Mb -> 2.3Mb)
cat "$out_64" "$out_all" | ./toJson.awk | ./process.jq | jq -r tostring >packages.json

6
pkgs/llvm-ompss2/clang.nix
View File

@@ -16,19 +16,19 @@
, useGit ? false , useGit ? false
, gitUrl ? "ssh://git@bscpm04.bsc.es/llvm-ompss/llvm-mono.git" , gitUrl ? "ssh://git@bscpm04.bsc.es/llvm-ompss/llvm-mono.git"
, gitBranch ? "master" , gitBranch ? "master"
, gitCommit ? "872ba63f86edaefc9787984ef3fae9f2f94e0124" # github-release-2025.11 , gitCommit ? "880e2341c56bad1dc14e8c369fb3356bec19018e"
}: }:
let let
stdenv = llvmPackages_latest.stdenv; stdenv = llvmPackages_latest.stdenv;
release = rec { release = rec {
version = "2025.11"; version = "2025.06";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "bsc-pm"; owner = "bsc-pm";
repo = "llvm"; repo = "llvm";
rev = "refs/tags/github-release-${version}"; rev = "refs/tags/github-release-${version}";
hash = "sha256-UgwMTUkM9Z87dDH205swZFBeFhrcbLAxginViG40pBM="; hash = "sha256-ww9PpRmtz/M9IyLiZ8rAehx2UW4VpQt+svf4XfKBzKo=";
}; };
}; };

64
pkgs/llvm-ompss2/default.nix
View File

@@ -3,7 +3,6 @@
, lib , lib
, gcc , gcc
, clangOmpss2Unwrapped , clangOmpss2Unwrapped
, writeShellScript
, openmp ? null , openmp ? null
, wrapCCWith , wrapCCWith
, llvmPackages_latest , llvmPackages_latest
@@ -28,17 +27,20 @@ let
# We need to replace the lld linker from bintools with our linker just built, # We need to replace the lld linker from bintools with our linker just built,
# otherwise we run into incompatibility issues when mixing compiler and linker # otherwise we run into incompatibility issues when mixing compiler and linker
# versions. # versions.
bintools-unwrapped = llvmPackages_latest.bintools-unwrapped.override { bintools-unwrapped = llvmPackages_latest.tools.bintools-unwrapped.override {
lld = clangOmpss2Unwrapped; lld = clangOmpss2Unwrapped;
}; };
bintools = llvmPackages_latest.bintools.override { bintools = llvmPackages_latest.tools.bintools.override {
bintools = bintools-unwrapped; bintools = bintools-unwrapped;
}; };
targetConfig = stdenv.targetPlatform.config; targetConfig = stdenv.targetPlatform.config;
inherit gcc; inherit gcc;
cc = clangOmpss2Unwrapped; cc = clangOmpss2Unwrapped;
gccVersion = with versions; let v = gcc.version; in concatStringsSep "." [(major v) (minor v) (patch v)]; gccVersion = with versions; let v = gcc.version; in concatStringsSep "." [(major v) (minor v) (patch v)];
in wrapCCWith {
inherit cc bintools;
# extraPackages adds packages to depsTargetTargetPropagated
extraPackages = optional (openmp != null) openmp;
extraBuildCommands = '' extraBuildCommands = ''
echo "-target ${targetConfig}" >> $out/nix-support/cc-cflags echo "-target ${targetConfig}" >> $out/nix-support/cc-cflags
echo "-B${gcc.cc}/lib/gcc/${targetConfig}/${gccVersion}" >> $out/nix-support/cc-cflags echo "-B${gcc.cc}/lib/gcc/${targetConfig}/${gccVersion}" >> $out/nix-support/cc-cflags
@@ -55,50 +57,14 @@ let
echo "--gcc-toolchain=${gcc}" >> $out/nix-support/cc-cflags echo "--gcc-toolchain=${gcc}" >> $out/nix-support/cc-cflags
wrap clang++ $wrapper $ccPath/clang++ wrap clang++ $wrapper $ccPath/clang++
'' + optionalString (openmp != null) ''
echo "export OPENMP_RUNTIME=${ompname}" >> $out/nix-support/cc-wrapper-hook
'' + optionalString (ompss2rt != null) ''
echo "export OMPSS2_RUNTIME=${rtname}" >> $out/nix-support/cc-wrapper-hook
echo "export ${homevar}=${ompss2rt}" >> $out/nix-support/cc-wrapper-hook
'' + optionalString (ompss2rt != null && ompss2rt.pname == "nodes") ''
echo "export NOSV_HOME=${ompss2rt.nosv}" >> $out/nix-support/cc-wrapper-hook
''; '';
}
envExports = lib.optionalString (openmp != null) ''
echo "export OPENMP_RUNTIME=${ompname}" >> $out/nix-support/cc-wrapper-hook
'' + optionalString (ompss2rt != null) ''
echo "export OMPSS2_RUNTIME=${rtname}" >> $out/nix-support/cc-wrapper-hook
echo "export ${homevar}=${ompss2rt}" >> $out/nix-support/cc-wrapper-hook
'' + optionalString (ompss2rt != null && ompss2rt.pname == "nodes") ''
echo "export NOSV_HOME=${ompss2rt.nosv}" >> $out/nix-support/cc-wrapper-hook
'';
extraPackages = optional (openmp != null) openmp;
wrappedCC = wrapCCWith {
# extraPackages adds packages to depsTargetTargetPropagated
inherit cc bintools extraPackages;
extraBuildCommands = extraBuildCommands + envExports;
};
resetIntelCCFlags = let tconf = builtins.replaceStrings ["-"] ["_"] targetConfig;
in writeShellScript "remove-intel.sh" ''
if [ "''${NIX_CC_WRAPPER_INTEL:-0}" = 1 ]; then
unset NIX_CFLAGS_COMPILE_${tconf}
unset NIX_CC_WRAPPER_FLAGS_SET_${tconf}
if (( "''${NIX_DEBUG:-0}" >= 1 )); then
echo "ompss2: cleaned NIX_CFLAGS_COMPILE_${tconf} (invokation from intel compiler detected)"
fi
fi
'';
intelExtraBuildCommands = ''
sed -i 's|# Flirting.*|source ${resetIntelCCFlags}\n\n&|' $out/bin/clang
sed -i 's|# Flirting.*|source ${resetIntelCCFlags}\n\n&|' $out/bin/clang++
'';
wrappedCCIntel = wrapCCWith {
inherit cc bintools extraPackages;
# extraPackages adds packages to depsTargetTargetPropagated
extraBuildCommands = intelExtraBuildCommands + envExports;
};
in wrappedCC.overrideAttrs (oldAttrs: {
passthru = oldAttrs.passthru // {
forIcpx = wrappedCCIntel;
};
})

1
pkgs/mcxx/default.nix
View File

@@ -65,7 +65,6 @@ stdenv.mkDerivation rec {
]; ];
meta = { meta = {
broken = true;
homepage = "https://github.com/bsc-pm/mcxx"; homepage = "https://github.com/bsc-pm/mcxx";
description = "C/C++/Fortran source-to-source compilation infrastructure aimed at fast prototyping"; description = "C/C++/Fortran source-to-source compilation infrastructure aimed at fast prototyping";
maintainers = with lib.maintainers.bsc; [ rpenacob ]; maintainers = with lib.maintainers.bsc; [ rpenacob ];

4
pkgs/meteocat-exporter/default.nix
View File

@@ -1,11 +1,9 @@
{ python3Packages, lib }: { python3Packages, lib }:
python3Packages.buildPythonApplication { python3Packages.buildPythonApplication rec {
pname = "meteocat-exporter"; pname = "meteocat-exporter";
version = "1.0"; version = "1.0";
pyproject = true;
src = ./.; src = ./.;
doCheck = false; doCheck = false;

23
pkgs/mpich/default.nix
View File

@@ -6,13 +6,6 @@
, pmix , pmix
, gfortran , gfortran
, symlinkJoin , symlinkJoin
# Disabled when cross-compiling
# To fix cross compilation, we should fill the values in:
# https://github.com/pmodels/mpich/blob/main/maint/fcrosscompile/cross_values.txt.in
# For each arch
, enableFortran ? stdenv.hostPlatform == stdenv.buildPlatform
, perl
, targetPackages
}: }:
let let
@@ -22,13 +15,10 @@ let
paths = [ pmix.dev pmix.out ]; paths = [ pmix.dev pmix.out ];
}; };
in mpich.overrideAttrs (old: { in mpich.overrideAttrs (old: {
buildInputs = old.buildInputs ++ [ buildInput = old.buildInputs ++ [
libfabric libfabric
pmixAll pmixAll
]; ];
nativeBuildInputs = old.nativeBuildInputs ++ [
perl
];
configureFlags = [ configureFlags = [
"--enable-shared" "--enable-shared"
"--enable-sharedlib" "--enable-sharedlib"
@@ -41,21 +31,10 @@ in mpich.overrideAttrs (old: {
] ++ lib.optionals (lib.versionAtLeast gfortran.version "10") [ ] ++ lib.optionals (lib.versionAtLeast gfortran.version "10") [
"FFLAGS=-fallow-argument-mismatch" # https://github.com/pmodels/mpich/issues/4300 "FFLAGS=-fallow-argument-mismatch" # https://github.com/pmodels/mpich/issues/4300
"FCFLAGS=-fallow-argument-mismatch" "FCFLAGS=-fallow-argument-mismatch"
] ++ lib.optionals (!enableFortran) [
"--disable-fortran"
]; ];
preFixup = ''
sed -i 's:^CC=.*:CC=${targetPackages.stdenv.cc}/bin/${targetPackages.stdenv.cc.targetPrefix}cc:' $out/bin/mpicc
sed -i 's:^CXX=.*:CXX=${targetPackages.stdenv.cc}/bin/${targetPackages.stdenv.cc.targetPrefix}c++:' $out/bin/mpicxx
'' + lib.optionalString enableFortran ''
sed -i 's:^FC=.*:FC=${targetPackages.gfortran or gfortran}/bin/${targetPackages.gfortran.targetPrefix or gfortran.targetPrefix}gfortran:' $out/bin/mpifort
'';
hardeningDisable = [ "all" ]; hardeningDisable = [ "all" ];
meta = old.meta // { meta = old.meta // {
maintainers = old.meta.maintainers ++ (with lib.maintainers.bsc; [ rarias ]); maintainers = old.meta.maintainers ++ (with lib.maintainers.bsc; [ rarias ]);
cross = true;
}; };
}) })

22
pkgs/nixgen/default.nix
View File

@@ -1,22 +0,0 @@
{
stdenv
, lib
}:
stdenv.mkDerivation {
pname = "nixgen";
version = "0.0.1";
src = ./nixgen;
dontUnpack = true;
phases = [ "installPhase" ];
installPhase = ''
mkdir -p $out/bin
cp -a $src $out/bin/nixgen
'';
meta = {
description = "Quickly generate flake.nix from command line";
maintainers = with lib.maintainers.bsc; [ rarias ];
platforms = lib.platforms.linux;
license = lib.licenses.gpl3Plus;
};
}

97
pkgs/nixgen/nixgen
View File

@@ -1,97 +0,0 @@
#!/bin/sh
#
# Copyright (c) 2025, Barcelona Supercomputing Center (BSC)
# SPDX-License-Identifier: GPL-3.0+
# Author: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
function usage() {
echo "USAGE: nixgen [-f] [package [...]] [-b package [...]]" >&2
echo " Generates a flake.nix file with the given packages." >&2
echo " After flake.nix is created, use 'nix develop' to enter the shell." >&2
echo "OPTIONS" >&2
echo " -f Overwrite existing flake.nix (default: no)." >&2
echo " packages... Add these packages to the shell." >&2
echo " -b packages... Add the dependencies needed to build these packages." >&2
echo "EXAMPLE" >&2
echo " $ nixgen ovni bigotes -b nosv tampi" >&2
echo " Adds the packages ovni and bigotes as well as all required dependencies" >&2
echo " to build nosv and tampi." >&2
echo "AUTHOR" >&2
echo " Rodrigo Arias Mallo <rodrigo.arias@bsc.es>" >&2
exit 1
}
mode=package
packages=
inputsFrom=
force=
if [[ $# -eq 0 ]]; then
usage
fi
while [[ $# -gt 0 ]]; do
case $1 in -b)
mode=build
shift
;;
-f)
force=1
shift
;;
-h)
usage
;;
-*|--*)
echo "error: unknown option $1" >&2
exit 1
;;
*)
if [ "$mode" == "package" ]; then
packages+="${packages:+ }$1"
else
inputsFrom+="${inputsFrom:+ }$1"
fi
shift
;;
esac
done
if [ ! "$force" -a -e flake.nix ]; then
echo "error: flake.nix exists, force overwrite with -f" >&2
exit 1
fi
cat > flake.nix <<EOF
{
inputs.jungle.url = "git+https://jungle.bsc.es/git/rarias/jungle";
outputs = { self, jungle }:
let
nixpkgs = jungle.inputs.nixpkgs;
customOverlay = (final: prev: {
# Example overlay, for now empty
});
pkgs = import nixpkgs {
system = "x86_64-linux";
overlays = [
# Apply jungle overlay to get our BSC custom packages
jungle.outputs.bscOverlay
# And on top apply our local changes to customize for cluster
customOverlay
];
};
in {
devShells.x86_64-linux.default = pkgs.mkShell {
pname = "devshell";
# Include these packages in the shell
packages = with pkgs; [
$packages
];
# The dependencies needed to build these packages will be also included
inputsFrom = with pkgs; [
$inputsFrom
];
};
};
}
EOF

9
pkgs/nodes/default.nix
View File

@@ -3,6 +3,7 @@
, lib , lib
, fetchFromGitHub , fetchFromGitHub
, pkg-config , pkg-config
, perl
, numactl , numactl
, hwloc , hwloc
, boost , boost
@@ -10,23 +11,22 @@
, ovni , ovni
, nosv , nosv
, clangOmpss2 , clangOmpss2
, which
, useGit ? false , useGit ? false
, gitUrl ? "ssh://git@gitlab-internal.bsc.es/nos-v/nodes.git" , gitUrl ? "ssh://git@gitlab-internal.bsc.es/nos-v/nodes.git"
, gitBranch ? "master" , gitBranch ? "master"
, gitCommit ? "511489e71504a44381e0930562e7ac80ac69a848" # version-1.4 , gitCommit ? "6002ec9ae6eb876d962cc34366952a3b26599ba6"
}: }:
with lib; with lib;
let let
release = rec { release = rec {
version = "1.4"; version = "1.3";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "bsc-pm"; owner = "bsc-pm";
repo = "nodes"; repo = "nodes";
rev = "version-${version}"; rev = "version-${version}";
hash = "sha256-+lR/R0l3fGZO3XG7whMorFW2y2YZ0ZFnLeOHyQYrAsQ="; hash = "sha256-cFb9pxcjtkMmH0CsGgUO9LTdXDNh7MCqicgGWawLrsU=";
}; };
}; };
@@ -59,7 +59,6 @@ in
doCheck = false; doCheck = false;
nativeCheckInputs = [ nativeCheckInputs = [
clangOmpss2 clangOmpss2
which
]; ];
# The "bindnow" flags are incompatible with ifunc resolution mechanism. We # The "bindnow" flags are incompatible with ifunc resolution mechanism. We

6
pkgs/nosv/default.nix
View File

@@ -13,19 +13,19 @@
, useGit ? false , useGit ? false
, gitUrl ? "git@gitlab-internal.bsc.es:nos-v/nos-v.git" , gitUrl ? "git@gitlab-internal.bsc.es:nos-v/nos-v.git"
, gitBranch ? "master" , gitBranch ? "master"
, gitCommit ? "1108e4786b58e0feb9a16fa093010b763eb2f8e8" # version 4.0.0 , gitCommit ? "9f47063873c3aa9d6a47482a82c5000a8c813dd8"
}: }:
with lib; with lib;
let let
release = rec { release = rec {
version = "4.0.0"; version = "3.2.0";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "bsc-pm"; owner = "bsc-pm";
repo = "nos-v"; repo = "nos-v";
rev = "${version}"; rev = "${version}";
hash = "sha256-llaq73bd/YxLVKNlMebnUHKa4z3sdcsuDUoVwUxNuw8="; hash = "sha256-yaz92426EM8trdkBJlISmAoG9KJCDTvoAW/HKrasvOw=";
}; };
}; };

91
pkgs/onemath/default.nix
View File

@@ -1,91 +0,0 @@
{
lib,
fetchFromGitHub,
cmake,
withCFlags,
intelPackages,
mklSupport ? true,
config,
cudaSupport ? config.cudaSupport,
cudaPackages ? { },
rocmSupport ? config.rocmSupport,
hipTargets ? null, # only one target at a time supported
rocmPackages ? { },
}:
let
# rocmSupport is not enough, we need a specific target
enableHip = rocmSupport && hipTargets != null;
stdenv = withCFlags (lib.optionals cudaSupport [
"--cuda-path=${cudaPackages.cudatoolkit}"
]) intelPackages.stdenv;
in
# at least one backend has to be enabled
assert mklSupport || cudaSupport || enableHip;
stdenv.mkDerivation rec {
pname = "oneMath";
version = "0.8";
src = fetchFromGitHub {
owner = "uxlfoundation";
repo = "oneMath";
rev = "v${version}";
sha256 = "sha256-xK8lKI3oqKlx3xtvdScpMq+HXAuoYCP0BZdkEqnJP5o=";
};
cmakeFlags = [
(lib.cmakeBool "ENABLE_MKLCPU_BACKEND" mklSupport)
(lib.cmakeBool "ENABLE_MKLGPU_BACKEND" mklSupport)
(lib.cmakeBool "ENABLE_CUBLAS_BACKEND" cudaSupport)
(lib.cmakeBool "ENABLE_CUFFT_BACKEND" cudaSupport)
(lib.cmakeBool "ENABLE_CURAND_BACKEND" cudaSupport)
(lib.cmakeBool "ENABLE_CUSOLVER_BACKEND" cudaSupport)
(lib.cmakeBool "ENABLE_CUSPARSE_BACKEND" cudaSupport)
(lib.cmakeBool "ENABLE_ROCBLAS_BACKEND" enableHip)
(lib.cmakeBool "ENABLE_ROCFFT_BACKEND" enableHip)
(lib.cmakeBool "ENABLE_ROCSOLVER_BACKEND" enableHip)
(lib.cmakeBool "ENABLE_ROCRAND_BACKEND" enableHip)
(lib.cmakeBool "ENABLE_ROCSPARSE_BACKEND" enableHip)
(lib.cmakeBool "BUILD_FUNCTIONAL_TESTS" false)
(lib.cmakeBool "BUILD_EXAMPLES" false)
]
++ lib.optionals enableHip [
(lib.cmakeFeature "HIP_TARGETS" hipTargets)
];
nativeBuildInputs = [ cmake ];
buildInputs =
lib.optionals (mklSupport) [
intelPackages.mkl
intelPackages.tbb
]
++ lib.optionals (enableHip) [
rocmPackages.rocmPath
rocmPackages.rocblas
rocmPackages.rocfft
rocmPackages.rocsolver
rocmPackages.rocrand
rocmPackages.rocsparse
]
++ lib.optionals (cudaSupport) [
(lib.getDev cudaPackages.cuda_cudart)
cudaPackages.cudatoolkit
cudaPackages.libcublas
cudaPackages.libcurand
cudaPackages.libcufft
cudaPackages.libcusparse
cudaPackages.libcusolver
];
}

6
pkgs/osu/default.nix
View File

@@ -32,11 +32,6 @@ stdenv.mkDerivation rec {
"CXX=mpicxx" "CXX=mpicxx"
]; ];
env = {
MPICH_CC="${stdenv.cc}/bin/${stdenv.cc.targetPrefix}cc";
MPICH_CXX="${stdenv.cc}/bin/${stdenv.cc.targetPrefix}c++";
};
postInstall = '' postInstall = ''
mkdir -p $out/bin mkdir -p $out/bin
for f in $(find $out -executable -type f); do for f in $(find $out -executable -type f); do
@@ -49,6 +44,5 @@ stdenv.mkDerivation rec {
homepage = "http://mvapich.cse.ohio-state.edu/benchmarks/"; homepage = "http://mvapich.cse.ohio-state.edu/benchmarks/";
maintainers = [ ]; maintainers = [ ];
platforms = lib.platforms.all; platforms = lib.platforms.all;
cross = true;
}; };
} }

8
pkgs/ovni/default.nix
View File

@@ -7,7 +7,7 @@
, useGit ? false , useGit ? false
, gitBranch ? "master" , gitBranch ? "master"
, gitUrl ? "ssh://git@bscpm04.bsc.es/rarias/ovni.git" , gitUrl ? "ssh://git@bscpm04.bsc.es/rarias/ovni.git"
, gitCommit ? "06432668f346c8bdc1006fabc23e94ccb81b0d8b" # version 1.13.0 , gitCommit ? "e4f62382076f0cf0b1d08175cf57cc0bc51abc61"
, enableDebug ? false , enableDebug ? false
# Only enable MPI if the build is native (fails on cross-compilation) # Only enable MPI if the build is native (fails on cross-compilation)
, useMpi ? (stdenv.buildPlatform.canExecute stdenv.hostPlatform) , useMpi ? (stdenv.buildPlatform.canExecute stdenv.hostPlatform)
@@ -15,13 +15,13 @@
let let
release = rec { release = rec {
version = "1.13.0"; version = "1.12.0";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "bsc-pm"; owner = "bsc-pm";
repo = "ovni"; repo = "ovni";
rev = "${version}"; rev = "${version}";
hash = "sha256-0l2ryIyWNiZqeYdVlnj/WnQGS3xFCY4ICG8JedX424w="; hash = "sha256-H04JvsVKrdqr3ON7JhU0g17jjlg/jzQ7eTfx9vUNd3E=";
} // { shortRev = "0643266"; }; } // { shortRev = "a73afcf"; };
}; };
git = rec { git = rec {

4
pkgs/paraver/default.nix
View File

@@ -12,7 +12,7 @@
, paraverKernel , paraverKernel
, openssl , openssl
, glibcLocales , glibcLocales
, wrapGAppsHook3 , wrapGAppsHook
}: }:
let let
@@ -64,7 +64,7 @@ stdenv.mkDerivation rec {
autoconf autoconf
automake automake
autoreconfHook autoreconfHook
wrapGAppsHook3 wrapGAppsHook
]; ];
buildInputs = [ buildInputs = [

26
pkgs/pocl/0001-cmake-do-not-use-suffix.patch
View File

@@ -1,26 +0,0 @@
From ccf301659caac9b5e973ba1f2d32352acf617a98 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Aleix=20Bon=C3=A9?= <aleix.boneribo@bsc.es>
Date: Tue, 2 Jul 2024 16:45:05 +0200
Subject: [PATCH] cmake: do not use suffix
---
cmake/LLVM.cmake | 3 ++
1 files changed, 3 insertions(+)
diff --git a/cmake/LLVM.cmake b/cmake/LLVM.cmake
index f4dbda065..e29144dce 100644
--- a/cmake/LLVM.cmake
+++ b/cmake/LLVM.cmake
@@ -65,6 +65,9 @@ else()
message(WARNING "Cannot determine llvm binary suffix from ${LLVM_CONFIG}")
endif()
message(STATUS "LLVM binaries suffix : ${LLVM_BINARY_SUFFIX}")
+
+ # We don't want suffixes in nix
+ set(LLVM_BINARY_SUFFIX "")
endif()
get_filename_component(LLVM_CONFIG_LOCATION "${LLVM_CONFIG}" DIRECTORY)
--
2.45.1

33
pkgs/pocl/0001-cmake-native-build-tools.patch
View File

@@ -1,33 +0,0 @@
From f24b456c50f587b05cc8f2699c94d8cdefc5b13e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Aleix=20Bon=C3=A9?= <aleix.boneribo@bsc.es>
Date: Tue, 2 Jul 2024 17:11:11 +0200
Subject: [PATCH] cmake: native build tools
---
cmake/LLVM.cmake | 7 +-
1 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/cmake/LLVM.cmake b/cmake/LLVM.cmake
index e29144dce..b9f14ce6a 100644
--- a/cmake/LLVM.cmake
+++ b/cmake/LLVM.cmake
@@ -269,10 +269,15 @@ endforeach()
####################################################################
+if(DEFINED LLVM_NATIVE_TOOL_DIR)
+ set(TOOL_DIR "${LLVM_NATIVE_TOOL_DIR}")
+ message(STATUS "TOOL_DIR=${TOOL_DIR}")
+endif()
+
macro(find_program_or_die OUTPUT_VAR PROG_NAME DOCSTRING)
find_program(${OUTPUT_VAR}
NAMES "${PROG_NAME}${LLVM_BINARY_SUFFIX}${CMAKE_EXECUTABLE_SUFFIX}"
- HINTS "${LLVM_BINDIR}" "${LLVM_CONFIG_LOCATION}"
+ HINTS "${TOOL_DIR}" "${LLVM_BINDIR}" "${LLVM_CONFIG_LOCATION}"
DOC "${DOCSTRING}"
NO_CMAKE_PATH
NO_CMAKE_ENVIRONMENT_PATH
--
2.45.1

48
pkgs/pocl/0001-cmake-use-clang-from-cmake-variable.patch
View File

@@ -1,48 +0,0 @@
From 4688b5ce895761c884ae15fc0234ed8d623b988b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Aleix=20Bon=C3=A9?= <aleix.boneribo@bsc.es>
Date: Tue, 2 Jul 2024 15:41:47 +0200
Subject: [PATCH] cmake: use clang from cmake variable
---
cmake/LLVM.cmake | 22 ++++++++++++++++++++--
1 file changed, 20 insertions(+), 2 deletions(-)
diff --git a/cmake/LLVM.cmake b/cmake/LLVM.cmake
index 71b786dc7..f4dbda065 100644
--- a/cmake/LLVM.cmake
+++ b/cmake/LLVM.cmake
@@ -281,11 +281,29 @@ macro(find_program_or_die OUTPUT_VAR PROG_NAME DOCSTRING)
endif()
endmacro()
-find_program_or_die( CLANG "clang" "clang binary")
+# -DCMAKE_C_COMPILER=riscv64-unknown-linux-gnu-clang -DCMAKE_CXX_COMPILER=riscv64-unknown-linux-gnu-clang++
+
+# if(DEFINED CLANG_EXECUTABLE)
+if(DEFINED CMAKE_C_COMPILER)
+ # set(CLANG "${CLANG_EXECUTABLE}")
+ set(CLANG "${CMAKE_C_COMPILER}")
+ message(STATUS "Using CLANG_EXECUTABLE: ${CLANG}")
+else()
+ find_program_or_die( CLANG "clang" "clang binary")
+endif()
execute_process(COMMAND "${CLANG}" "--version" OUTPUT_VARIABLE LLVM_CLANG_VERSION RESULT_VARIABLE CLANG_RES)
+
# TODO this should be optional
-find_program_or_die( CLANGXX "clang++" "clang++ binary")
+# if(DEFINED CLANGXX_EXECUTABLE)
+if(DEFINED CMAKE_CXX_COMPILER)
+ # set(CLANGXX "${CLANGXX_EXECUTABLE}")
+ set(CLANGXX "${CMAKE_CXX_COMPILER}")
+ message(STATUS "Using CLANGXX_EXECUTABLE: ${CLANGXX}")
+else()
+ find_program_or_die( CLANGXX "clang++" "clang++ binary")
+endif()
execute_process(COMMAND "${CLANGXX}" "--version" OUTPUT_VARIABLE LLVM_CLANGXX_VERSION RESULT_VARIABLE CLANGXX_RES)
+
if(CLANGXX_RES OR CLANG_RES)
message(FATAL_ERROR "Failed running clang/clang++ --version")
endif()
--
2.45.1

255
pkgs/pocl/default.nix
View File

@@ -1,255 +0,0 @@
{
lib,
llvmPackages,
ninja,
cmake,
hwloc,
ocl-icd,
opencl-headers,
getconf,
pkg-config,
spirv-llvm-translator,
spirv-tools,
libxml2, # required for statically linked llvm
python3,
writableTmpDirAsHomeHook,
writeText,
runCommand,
opencl-cts,
fetchFromGitHub,
useGit ? false,
gitUrl ? "git@gitlab-internal.bsc.es:task-awareness/pocl/pocl.git",
gitBranch ? "feat/nosv",
gitCommit ? "556542309fc3c5900cf05dae5b41d200cd3de6a0",
staticLLVM ? true,
enableICD ? true,
enableSPIRV ? true,
enableHWLOC ? true,
enableRemoteServer ? false,
enableRemoteClient ? false,
enableDistroVariants ? false,
lttng-ust,
enableLTTNG ? false,
onetbb,
enableTBB ? false,
nosv ? null,
ovni ? null,
enableNOSV ? useGit,
enableOVNI ? useGit,
buildPackages,
targetPackages,
nix-update-script,
}:
assert (enableNOSV || enableOVNI) -> useGit;
let
release = rec {
version = "7.1";
src = fetchFromGitHub {
owner = "pocl";
repo = "pocl";
tag = "v${version}";
hash = "sha256-bS6vTIjLO7YLs7qYLKW0cYYbEJ/hRS/+IjjAKbkj8ac=";
};
};
git = rec {
version = src.shortRev;
src = builtins.fetchGit {
url = gitUrl;
ref = gitBranch;
rev = gitCommit;
};
};
source = if (useGit) then git else release;
stdenv = llvmPackages.stdenv;
buildLlvmPackages = buildPackages.llvmPackages;
isCross = stdenv.hostPlatform != stdenv.buildPlatform;
featureList = lib.concatStringsSep "+" (
(lib.optionals enableICD [ "icd" ])
++ (lib.optionals enableNOSV [ "nosv" ])
++ (lib.optionals enableOVNI [ "ovni" ])
++ (lib.optionals enableSPIRV [ "spirv" ])
++ (lib.optionals enableTBB [ "tbb" ])
++ (lib.optionals enableRemoteClient [ "server" ])
++ (lib.optionals enableRemoteServer [ "client" ])
);
in
stdenv.mkDerivation (finalAttrs: {
pname = "pocl";
version = featureList + "-" + source.version;
inherit (source) src;
patches = lib.optionals useGit [
./0001-cmake-use-clang-from-cmake-variable.patch
./0001-cmake-do-not-use-suffix.patch
./0001-cmake-native-build-tools.patch
];
cmakeFlags = [
# TODO: all these are broken when cross compiling. Upstream has refactored
# all the cmake infra for cross compilation, but it's not in a release yet
(lib.cmakeOptionType "filepath" "WITH_LLVM_CONFIG" (
lib.getExe' buildLlvmPackages.llvm.dev "llvm-config"
))
(lib.cmakeOptionType "filepath" "CLANG" (lib.getExe' buildLlvmPackages.clangUseLLVM "clang"))
(lib.cmakeOptionType "filepath" "CLANGXX" (lib.getExe' buildLlvmPackages.clangUseLLVM "clang++"))
(lib.cmakeOptionType "path" "CLANG_RESOURCE_DIR" "${llvmPackages.stdenv.cc}/resource-root")
(lib.cmakeBool "ENABLE_TESTS" finalAttrs.finalPackage.doCheck)
(lib.cmakeBool "ENABLE_RELOCATION" true)
(lib.cmakeBool "ENABLE_POCL_BUILDING" true)
(lib.cmakeBool "POCL_ICD_ABSOLUTE_PATH" true)
(lib.cmakeBool "ENABLE_TBB_DEVICE" enableTBB)
(lib.cmakeBool "ENABLE_ICD" enableICD)
(lib.cmakeBool "ENABLE_HWLOC" enableHWLOC)
(lib.cmakeBool "ENABLE_LTTNG" enableLTTNG)
(lib.cmakeBool "ENABLE_REMOTE_CLIENT" enableRemoteClient)
(lib.cmakeBool "ENABLE_REMOTE_SERVER" enableRemoteServer)
# avoid the runtime linker pulling in a different llvm e.g. from graphics drivers
(lib.cmakeBool "STATIC_LLVM" staticLLVM)
]
++ lib.optionals (enableNOSV || enableOVNI) [
(lib.cmakeBool "ENABLE_NOSV" enableNOSV)
(lib.cmakeBool "ENABLE_OVNI" enableOVNI)
]
++ lib.optionals (!isCross && enableDistroVariants) [
(lib.cmakeFeature "KERNELLIB_HOST_CPU_VARIANTS" "distro") # TODO: check if we can do it when cross compiling
]
++ lib.optionals isCross [
(lib.cmakeFeature "CMAKE_SYSTEM_NAME" "Linux")
(lib.cmakeFeature "CMAKE_FIND_ROOT_PATH_MODE_PROGRAM" "NEVER")
(lib.cmakeFeature "CMAKE_FIND_ROOT_PATH_MODE_LIBRARY" "ONLY")
(lib.cmakeFeature "CMAKE_FIND_ROOT_PATH_MODE_INCLUDE" "ONLY")
(lib.cmakeFeature "CMAKE_FIND_ROOT_PATH_MODE_PACKAGE" "ONLY")
]
++ lib.optionals stdenv.hostPlatform.isRiscV [
(lib.cmakeFeature "LLC_TRIPLE" "riscv64-unknown-linux-gnu")
(lib.cmakeFeature "LLC_HOST_CPU" "rv64g")
(lib.cmakeFeature "CLANG_MARCH_FLAG" "-march=")
];
# Fixes error: ld: cannot find -lgcc / -lgcc_s when linking from libpocl on
# host
preConfigure = ''
cmakeFlagsArray+=(
-DEXTRA_HOST_LD_FLAGS="${lib.escapeShellArg (builtins.readFile "${targetPackages.stdenv.cc}/nix-support/cc-ldflags")}"
-DEXTRA_KERNEL_FLAGS="${lib.escapeShellArg (builtins.readFile "${targetPackages.stdenv.cc}/nix-support/cc-ldflags")}"
)
'';
nativeBuildInputs = [
cmake
getconf
ninja
pkg-config
python3
];
buildInputs = [
opencl-headers
llvmPackages.libclang
llvmPackages.llvm
]
++ lib.optionals staticLLVM [ libxml2 ]
++ lib.optionals enableNOSV [ nosv ]
++ lib.optionals enableOVNI [ ovni ]
++ lib.optionals enableHWLOC [ hwloc ]
++ lib.optionals enableTBB [ onetbb ]
++ lib.optionals enableICD [ ocl-icd ]
++ lib.optionals enableLTTNG [ lttng-ust ]
++ lib.optionals enableSPIRV [
(spirv-llvm-translator.override { inherit (llvmPackages) llvm; })
spirv-tools
];
nativeInstallCheckInputs = [
writableTmpDirAsHomeHook # needed for POCL_CACHE_DIR
];
doInstallCheck = true;
installCheckPhase = lib.optionalString enableICD ''
runHook preInstallCheck
export OCL_ICD_VENDORS=$out/etc/OpenCL/vendors
$out/bin/poclcc -o poclcc.cl.pocl $src/examples/poclcc/poclcc.cl
runHook postInstallCheck
'';
setupHook = lib.optionalDrvAttr enableICD (
writeText "setup-hook" ''
addToSearchPath OCL_ICD_VENDORS @out@/etc/OpenCL/vendors
''
);
passthru =
let
self = finalAttrs.finalPackage;
in
{
updateScript = nix-update-script { };
git = self.override { useGit = true; };
withICD = enableICD;
test = {
# Run builtin tests (causes a rebuild)
self = self.overrideAttrs { doCheck = true; };
# Run basic test from Khronos OpenCL Conformance Test Suite
# WARN: despite its name, test_basic is very exhaustive, and can take more
# than 1 hour in a marenostrum5 node.
cts =
assert enableICD;
lib.genAttrs [ "api" "basic" "c11_atomics" "printf" "svm" ] (
name:
runCommand "pocl-cts-test_${name}" {
nativeBuildInputs = [ self ];
requiredSystemFeatures = [ "sys-devices" ];
env = {
POCL_DEBUG = "error,warn";
POCL_CACHE_DIR = "/build/pocl_cache";
};
} "${opencl-cts}/bin/Release/test_${name} | tee $out"
);
};
};
env.HWLOC_SYNTHETIC = lib.optionalDrvAttr enableHWLOC "node:1 core:1 pu:1";
propagatedBuildInputs = [ stdenv.cc.cc ];
meta = with lib; {
description = "A portable open source (MIT-licensed) implementation of the OpenCL standard";
homepage = "http://portablecl.org";
license = licenses.mit;
maintainers = with maintainers; [
leixb
jansol
xddxdd
bsc.maintainers.leixb
];
platforms = platforms.linux ++ platforms.darwin;
};
})

58
pkgs/rodinia/default.nix
View File

@@ -1,58 +0,0 @@
{
stdenv,
lib,
fetchurl,
ocl-icd,
opencl-headers,
}:
stdenv.mkDerivation {
pname = "rodinia-opencl";
version = "3.1";
src = fetchurl {
url = "http://www.cs.virginia.edu/~skadron/lava/Rodinia/Packages/rodinia_3.1.tar.bz2";
hash = "sha256-+uusfBHtj4/Pa/LX6FwwhvwtEfciBNbfwo3FsujyrP0=";
};
patches = [
./rodinia-fixes.patch
./rodinia-rm.patch
];
buildInputs = [
opencl-headers
ocl-icd
];
buildFlags = [
"OPENCL"
"--always-make"
];
preBuild = ''
mkdir -p bin/linux/{cuda,omp,opencl}
'';
installPhase = ''
runHook preInstall
mkdir -p $out/share
cp -r bin data opencl $out
cp LICENSE README $out/share
runHook postInstall
'';
meta = {
homepage = "https://rodinia.cs.virginia.edu/";
description = "Test Suite of Compute-Intensive Applications with Accelerators";
maintainers = with lib.maintainers.bsc; [ abonerib ];
platforms = lib.platforms.linux;
license = {
deprecated = false;
free = false;
fullName = "Rodinia License";
redistributable = true;
shortName = "rodinia";
url = "https://www.cs.virginia.edu/~skadron/lava/rodinia/license.htm";
};
};
}

1540
pkgs/rodinia/rodinia-fixes.patch
View File

File diff suppressed because it is too large Load Diff

1880
pkgs/rodinia/rodinia-rm.patch
View File

File diff suppressed because it is too large Load Diff

1
pkgs/sonar/default.nix
View File

@@ -35,6 +35,5 @@ stdenv.mkDerivation rec {
maintainers = with lib.maintainers.bsc; [ rarias ]; maintainers = with lib.maintainers.bsc; [ rarias ];
platforms = lib.platforms.linux; platforms = lib.platforms.linux;
license = lib.licenses.mit; license = lib.licenses.mit;
cross = true;
}; };
} }

18
pkgs/tagaspi/default.nix
View File

@@ -5,14 +5,23 @@
, automake , automake
, autoconf , autoconf
, libtool , libtool
, mpi
, autoreconfHook , autoreconfHook
, gpi-2 , gpi-2
, boost , boost
, numactl , numactl
, rdma-core , rdma-core
, gfortran , gfortran
, symlinkJoin
}: }:
let
mpiAll = symlinkJoin {
name = "mpi-all";
paths = [ mpi.all ];
};
in
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
pname = "tagaspi"; pname = "tagaspi";
enableParallelBuilding = true; enableParallelBuilding = true;
@@ -26,18 +35,16 @@ stdenv.mkDerivation rec {
hash = "sha256-RGG/Re2uM293HduZfGzKUWioDtwnSYYdfeG9pVrX9EM="; hash = "sha256-RGG/Re2uM293HduZfGzKUWioDtwnSYYdfeG9pVrX9EM=";
}; };
nativeBuildInputs = [ buildInputs = [
autoreconfHook autoreconfHook
automake automake
autoconf autoconf
libtool libtool
gfortran
];
buildInputs = [
boost boost
numactl numactl
rdma-core rdma-core
gfortran
mpiAll
]; ];
dontDisableStatic = true; dontDisableStatic = true;
@@ -56,6 +63,5 @@ stdenv.mkDerivation rec {
maintainers = with lib.maintainers.bsc; [ rarias ]; maintainers = with lib.maintainers.bsc; [ rarias ];
platforms = lib.platforms.linux; platforms = lib.platforms.linux;
license = lib.licenses.gpl3Plus; license = lib.licenses.gpl3Plus;
cross = false; # gpi-2 cannot cross
}; };
} }

1
pkgs/tampi/default.nix
View File

@@ -68,6 +68,5 @@ in stdenv.mkDerivation {
maintainers = with lib.maintainers.bsc; [ rarias ]; maintainers = with lib.maintainers.bsc; [ rarias ];
platforms = lib.platforms.linux; platforms = lib.platforms.linux;
license = lib.licenses.gpl3Plus; license = lib.licenses.gpl3Plus;
cross = true;
}; };
} }

87
pkgs/tasycl/default.nix
View File

@@ -1,87 +0,0 @@
{
lib,
stdenv,
autoconf,
automake,
autoreconfHook,
boost,
fetchFromGitHub,
gnumake,
libtool,
withCFlags,
useIntel ? true,
adaptivecpp ? null,
intelPackages ? null,
useGit ? false,
gitUrl ? "git@gitlab-internal.bsc.es:task-awareness/tasycl/tasycl.git",
gitBranch ? "main",
gitCommit ? "78f98dcf60a66e0eaa3b4ebcf55be076bec64825",
}:
assert !useIntel -> adaptivecpp != null;
assert useIntel -> intelPackages != null;
let
variant = if useIntel then "intel" else "acpp";
syclStdenv = withCFlags [ "-O3" ] (if useIntel then intelPackages.stdenv else stdenv);
release = rec {
version = "2.1.0";
src = fetchFromGitHub {
owner = "bsc-pm";
repo = "tasycl";
rev = version;
hash = "sha256-0kXnb0lHeQNHR27GTLbJ8xbiICLU8k2+FqEnnFSrzzo=";
};
};
git = rec {
version = src.shortRev;
src = builtins.fetchGit {
url = gitUrl;
ref = gitBranch;
rev = gitCommit;
};
};
source = if (useGit) then git else release;
in
syclStdenv.mkDerivation {
pname = "tasycl-${variant}";
inherit (source) src version;
enableParallelBuilding = true;
separateDebugInfo = true;
nativeBuildInputs = [
autoreconfHook
automake
autoconf
libtool
gnumake
];
buildInputs = [
boost
];
configureFlags = lib.optionals (!useIntel) [
"CXX=${lib.getExe adaptivecpp}"
];
# add symlinks so we can explicitly link with tasycl-intel / tasycl-acpp
postInstall = ''
pushd $out/lib
for i in libtasycl* ; do
ln -s "$i" "''\${i/tasycl/tasycl-${variant}}"
done
popd
'';
hardeningDisable = [ "all" ];
}

4
pkgs/upc-qaire-exporter/default.nix
View File

@@ -1,11 +1,9 @@
{ python3Packages, lib }: { python3Packages, lib }:
python3Packages.buildPythonApplication { python3Packages.buildPythonApplication rec {
pname = "upc-qaire-exporter"; pname = "upc-qaire-exporter";
version = "1.0"; version = "1.0";
pyproject = true;
src = ./.; src = ./.;
doCheck = false; doCheck = false;

52
secrets/ceph-user.age
View File

@@ -1,29 +1,25 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 AY8zKw Crgof1PMHzv3jBw8VeJAst6FKSoyqPFdANFpf79CAgo -> ssh-ed25519 AY8zKw /gmhFOFqOs8IobAImvQVKeM5Y6k0FpuR61/Cu5drVVI
7fagE5BmlWdTsdY/i3RbExu1KBcjW1LQXbYwu6chxlk g9FXJg2oIoien0zJ70FWHwSTM8SBwbpS188S3Swj7EM
-> ssh-ed25519 sgAamA tGRCaK8mjvz65YziXjRcjMOHIRoyGNJFzBEEbivXPDo -> ssh-ed25519 sgAamA opPjlWPhSiI0Rd5l7kd204S5FXFLcQcQftyKb7MDmnU
YLzE5a3J81r+gzkfZIeh9gS+mXzMooC82tBbZ+C3C8o 3XrRDVnglCP+vBwvfd1rP5gHttsGDHyXwbf10a8/kKY
-> ssh-ed25519 HY2yRg +vhO1/vdGPM1JnZRsvVnViFWaFWUZ7MIqvWdePivkxA -> ssh-ed25519 HY2yRg QKZbubM76C3tobPoyCFDRclA9Pzb2fC7s4WOoIgdORc
2K+JdN82DTeGh9QwZBTaghg8C5BCLoEsOgTCM64PU28 K5kckU0KhQFTE6SikJXFJgM41Tco5+VqOsaG0qLrY1Q
-> ssh-ed25519 fw2Xhg NHDn0dq32I/AVdUZlpzBX6retlEYEUipde7A9R90qW4 -> ssh-ed25519 fw2Xhg +ohqts8dLFjvdHxrGHcOGxU0dm+V3N//giljHkobpDM
SJO78ooqEwfHlBRW+YCzgSQJb1JHNo8jz37t3qvLClE jR/UzGrfS9lrJ/VeolKLxfzeJAf2fIB2pdIn/6ukqNk
-> ssh-ed25519 G5LX5w d4HfLzI2623artkR2FIfRJgr5yb2BKZJUWqPnwOWDCk -> ssh-ed25519 tcumPQ 3DPkDPIQQSVtXSLzIRETsIyXQ0k1o18Evn6vf+l/6R8
Kh50QESJZSjaJPyp3xroHGn0fD5pPNEYgKkDdqxGpjs bLXF62OmJjnOT1vvgq3+AcOKKSG5NonrK5EqCVc0Mwo
-> ssh-ed25519 tcumPQ wQyOKtT15Qezs3cyv5/xxIPVD7Jyk6N6ZLkfxxBHLTo -> ssh-ed25519 JJ1LWg 2Wefc7eLolMU5InEmCNTq21Mf71mI0a2N1HgDrlHvy4
rKlRBjJdfDVT6U8211+ssFF8yY9yRs1u3GhCSvsw2oE qXFW9CQBnrzubZ0mzS0Io2WGRrwGBkmeYndBTcZn/fM
-> ssh-ed25519 JJ1LWg 98tF1MdA244xNny4w3RnMFuubf4WcuQaZf2bN2Uq8Qc -> ssh-ed25519 cDBabA oiH36AoIt/fFFYgnoxtH7OoetP+2/wjtn8qo3RJDSHc
MA1Xh1H9vHisVYdqkxNeBkngtn8cYuT2eSimvooIXYo qKmkxy1aZGP4ZwC0iH7n7hiJ0+rFQYvjQb5O1a1Z0r4
-> ssh-ed25519 cDBabA imJ0rXLQETELP7yo3sArhqA9nJwY+S6gkC7tA7CJsQA -> ssh-ed25519 cK5kHw bX3RtO5StMejUYWAaA37fjHA5nO7Xs1vWDQk3yOjs2o
pKMHW/KDAoEj5ZD64VKekg6et9hlS2PKSgDw3eB3eu8 Egxmcf8FKAd+E5hMLmhV1yQsCo5rJyUazf1szOvpTAM
-> ssh-ed25519 WY7yGw +2g5021/02HvLxLqq42ynr6qKgOKJ3J5GgB1a1bmFXg -> ssh-ed25519 CAWG4Q oKqqRDJH0w8lsoQBQk0w8PO+z5gFNmSaGBUSumvDp1I
fYvj52R6bM6ngPOZ2lwVezTJnx+8LJBbdnaapKKbyd0 m1zWp9MfViAmtpbJhqOHraIokDaPKb0DvvO4vAGCTWI
-> ssh-ed25519 cK5kHw fLZ6yF3NggJ724rjYqhs5ZZh1xUExuK+ITAyqONluzk -> ssh-ed25519 xA739A G26kPOz6sbFATs+KAr7gbDvji13eA1smFusQAOJXMwA
NS9OMX70XEHrbPQnmC4KB/eoiHChIb8DwDLYJiwOLUU Sppvz7A103kZoNxoGsd6eXeCvVh7mBE2MRwLFj9O1dY
-> ssh-ed25519 CAWG4Q tVduE/wMzdfS+DjNbU3Q4blNhL/A63IehNSZGJkJjD0 -> ssh-ed25519 MSF3dg 55ekNcp+inbUd+GQ/VZ7BoBASaJ8YDqF74CVXy1PUxQ
jEBB5zG+gLA/88YF+KqWQsNH7lfCsWNvAkrgfbescFs aTHLLAbzQPWWld/OT3BKebc6FcmsqMTaWCPBGm1UHic
-> ssh-ed25519 xA739A ZhFvev77I+YOl1YSHKn2ZcEvGoLjWOILufjd4q/k8HM --- mVkAMnI9XQhS3fMiFuuXP/yLR9wEG9+Rr8pA4Uc0avY
YXEtHHtjPQlgZW60zHgHm7CLI6vYiRo+AM8QERL9tCg <04>DU <20><>s<EFBFBD><73><EFBFBD><EFBFBD>j<EFBFBD><6A>M<EFBFBD><4D>$<24>[<5B>M<EFBFBD><4D><EFBFBD><03>[_<>K7s<37>ju<>v<EFBFBD>D<EFBFBD>4<EFBFBD>g<EFBFBD><67>܄3<>Gn<47><6E><EFBFBD> ɽ<>P<EFBFBD>7~rZs<><73>
-> ssh-ed25519 MSF3dg 9DvLNheBU1vlfW2zNNxBrGnJ6k4P5ox7s+OGKlgRdyQ
wseHfLGHz0huNi5sZsNOfeNkm6Kjjx0SZ8lK4/oXtUQ
--- bnJE+14onuSla0XmckD4z/wChWGZh6exbkcbyhcmNYU
<EFBFBD><EFBFBD>t<>N<><10>U<EFBFBD>wi2<69><32>-<2D>iV'(<1E>IF<49><46> S<><53>xs/s<><73> <09><>NDm<44>Q<EFBFBD><51><EFBFBD>o<EFBFBD><6F><EFBFBD><EFBFBD>wZv<7F><76>.\

BIN
secrets/gitea-runner-token.age
View File

Binary file not shown.

BIN
secrets/gitlab-bsc-docker-token.age
View File

Binary file not shown.

24
secrets/gitlab-runner-docker-token.age
View File

@@ -1,13 +1,13 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 HY2yRg eHM55QsHK1ca9b5nP3EoVUZYu0w2d4B5tkilNK0j/lw -> ssh-ed25519 HY2yRg U2KQWviZIVNemm9e8h7H+eOzoYNxXgLLS3hsZLMAuGk
6Na6lkMe0fOd7+vNP1fLIaVEQDUw5m65Wh8jUH1I6C0 6n5dH1McNzk3rscP4v2pqZYDWtUFMd15rZsEd/mqIFM
-> ssh-ed25519 cK5kHw 0ekhoBYwF7OSWwn4P5f/J4gXb9UHJAWGKV0yI7HCzzE -> ssh-ed25519 cK5kHw Ebrj/cpz1cFWAYAV9OxgyyH85OEMUnfUIV66p7jaoFY
2Q+Tt5jXAB9ip9jf1z+jeM4FSiqd1w5DNtbqtacuOcM 6J7hWqODtS/fIF4BpxhxbrxZq5vbolvbLqRKqazT02M
-> ssh-ed25519 CAWG4Q Jmw4v9efOFXHjjNky96q/d6vGBP5dNM4wK9zoGrwOh8 -> ssh-ed25519 CAWG4Q mXqoQH9ycHF7u0y8mazCgynHxNLxTnrmQHke+2a5QCc
u5I17wcIq8/2ARWckDXsYckhfX0jWE4AEm5mip/KHws mq6PdSF+KOqthuXwzTCsOQsi5KG0z1wHUck+bSTyOBY
-> ssh-ed25519 xA739A 10pPeC2YG9DJzaQlt7p+fGo27VDiL2dN6JmvY2npcUw -> ssh-ed25519 xA739A TADeswueqDEroZWLjMw3RDNwVQ2xRD+JUMVZENovn0M
4aRV8DekYeL9HagGWgOSjlYnPKmYdKZH8Aw4lRdm+r8 KFlnSjVFbjc+ZsbY8Ed7edC5B01TJGzd/dSryiLArPc
-> ssh-ed25519 MSF3dg hDwIE3Su6cN3sq2E5v/oy6vTNfxTT1ZPts85//gIhwY -> ssh-ed25519 MSF3dg Pq+ZD8AqJGDHDbd4PO1ngNFST8+6C2ghZkO/knKzzEc
aoiaGjQYJB1ededhIuVBCKDRLIOVThWz1pSTvg65J3Y wyiL/u38hdQMokmfTsBrY7CtYwc+31FG4EDaqVEn31U
--- OYPAGb5U/nwLOIV5VchSvxhChjNnwzbEgU9glSkWCl4 --- 1z4cOipayh0zYkvasEVEvGreajegE/dqBV7b6E7aFh0
<EFBFBD>=<EFBFBD><EFBFBD><EFBFBD>c<EFBFBD>WȟJSaІ&<26><1F>ቧ)E<> <0B> C<><43>J~u<>c<63><7F>2<EFBFBD><32>v<EFBFBD><76><EFBFBD><03><>s<EFBFBD><73><EFBFBD>vf<76><10><>X7(<28>~<7E><1A>=XCi;<3B>״<EFBFBD><><DFA2><EFBFBD>ܣ<EFBFBD><10><><07>ɳCe<43>D;;X*<2A>3<EFBFBD>i<EFBFBD><69>r<EFBFBD>Em<45><6D>< <EFBFBD><EFBFBD><EFBFBD><EFBFBD>R<EFBFBD>@<40>/i<>I'<27><><EFBFBD>Nx<4E>r"<1D>`<1E>O<EFBFBD><4F><EFBFBD>y<><79>8<EFBFBD><38> \/<2F><>I<19><17>D<EFBFBD>`<60>ߓ<EFBFBD><DF93><EFBFBD><1E><04>uy<75><79><EFBFBD>:9Lt<4C><1D><><EFBFBD>؋<EFBFBD><D88B><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>AU<41><55><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>`<60>;<3B>q8<71>GLU#<23>i<EFBFBD>y<EFBFBD><79>i<03>ڜ

BIN
secrets/gitlab-runner-shell-token.age
View File

Binary file not shown.

BIN
secrets/ipmi.yml.age
View File

Binary file not shown.

BIN
secrets/jungle-robot-password.age
View File

Binary file not shown.

BIN
secrets/munge-key.age
View File

Binary file not shown.

BIN
secrets/nix-serve.age
View File

Binary file not shown.

BIN
secrets/tent-gitlab-runner-bsc-docker-token.age
View File

Binary file not shown.

BIN
secrets/tent-gitlab-runner-pm-docker-token.age
View File

Binary file not shown.

BIN
secrets/tent-gitlab-runner-pm-shell-token.age
View File

Binary file not shown.

BIN
secrets/vpn-dac-client-key.age
View File

Binary file not shown.

25
secrets/vpn-dac-login.age
View File

@@ -1,13 +1,14 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 G5LX5w /9lcJOXC9CN02+XLswUaJ0H7jU6Xhjd8Xg4+KY0l1Vc -> ssh-ed25519 G5LX5w SRJhNenoQXbT1FgX3TMPnVH5P6oe2eHot+M1YsEjsEk
fCLzsLc9zrocM8SHOKyZwt6eUEr8r1WLug9RLi63KU0 hfTSLgKi98Eh7JK5o7x2POpTEtQlQCpEa3keUFYCuME
-> ssh-ed25519 cK5kHw 1qza6h2NRSs4g8LYdFU7E+Dn1CgdtCU7DPdYInP1GwM -> ssh-ed25519 cK5kHw z5TwWJTkvx7HztjXHJW/aCOtOfPrQaLP0gyIT7rXcyU
/6uk7pTFkNTRTI7nA+x4y4CyOBVQVXX2lnpOg3ktPe4 b4NCpHfasgvkLLr+6LcWUl60p59aSNnfp3bl2OFYXo0
-> ssh-ed25519 CAWG4Q o+vyzcejSaNVYPSGzzOdzaqPByZ6zA1uaJf4KOg+wQA -> ssh-ed25519 CAWG4Q 4VpS1/OnFe8nxcQbRTKNhjsh/ZQ5cbhSMXwK/jjQ+3o
wfZmWrDSfRV8C+Hu+SeZDcomf/qigBqxuQK77SfnuEo WF9wvOkqVml4UcEzyzeumKuUwCwwr2zvKLMg+PCB8nk
-> ssh-ed25519 xA739A +rBsOC+IBE3lmc/pfrziftLIqMSyaGMsggRjC5Pqwl0 -> ssh-ed25519 xA739A 67FhuJ070jBVMt/xbKHWhfri6iIm0FyaFvzQabsvFBM
xa7ulLz2+YC3g2hu7e9XhRYDIUb2sriaaigJRYF2oB8 1G5/913dDv/r/6p1x/c5YiUnZzrX/LvIj33KW+PN0KU
-> ssh-ed25519 MSF3dg TK6PmKjjQt8ni0mJLCt7P41lUsgimlj3o5Q6n3N+DE4 -> ssh-ed25519 MSF3dg Bj/yB4N2wkyHCHC22tcjjJAA4ebSamN0Z4UVX3ZnryI
ne+s3ctcg8cBjY06LY2lrW7wcxomvKHxu6MlirEA8Kg 6D/ZgTs+j+MGDAbPU5zyK0i9zN6tQy68IcOnQZ27mYg
--- eorg2ckkUZ1Ogi4iTTg2MoiVBwl1F0RCmH2D8N1d1So --- 169erk3ICSYLs4FPEuXCn7QlekWhsmSn0Lr+/R14I5Q
<EFBFBD><EFBFBD><EFBFBD>8<1C><><EFBFBD><EFBFBD><EFBFBD><12>i<17>$]K<>J=2Z<1D><>ӼF<D3BC>][<14><><EFBFBD>8<EFBFBD><38>ޤ<12> <09>=<3D><>LD/<2F>gz <EFBFBD><EFBFBD><EFBFBD><EFBFBD><05>ҽ3<D2BD>s<EFBFBD>
w<EFBFBD><EFBFBD>4D<EFBFBD><EFBFBD>b.<2E><><EFBFBD>"|<7C><><EFBFBD>)"<22><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>;<3B>.<2E>ɫ7)<29>LeC<05>=S؟

Some files were not shown because too many files have changed in this diff Show More