Add passthru in ompss2 wrapper for icpx compat

Remove wrapper flags when clang called from intel
When using `icpx -fsycl -fsycl-host-compiler=clang++`, the inner compiler will use the flags set in the icpx wrapper and it will break.
2026-01-21 12:28:03 +01:00 · 2026-01-21 12:28:03 +01:00 · 2026-01-21 12:28:03 +01:00 · 2026-01-21 12:28:03 +01:00 · 2026-01-21 12:28:02 +01:00 · 2026-01-21 12:28:02 +01:00
12 changed files with 30 additions and 19 deletions
--- a/flake.lock
+++ b/flake.lock
@@ -2,11 +2,11 @@
  "nodes": {
    "nixpkgs": {
      "locked": {
-        "lastModified": 1764522689,
-        "narHash": "sha256-SqUuBFjhl/kpDiVaKLQBoD8TLD+/cTUzzgVFoaHrkqY=",
+        "lastModified": 1767634882,
+        "narHash": "sha256-2GffSfQxe3sedHzK+sTKlYo/NTIAGzbFCIsNMUPAAnk=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "8bb5646e0bed5dbd3ab08c7a7cc15b75ab4e1d0f",
+        "rev": "3c9db02515ef1d9b6b709fc60ba9a540957f661c",
        "type": "github"
      },
      "original": {
--- a/m/apex/configuration.nix
+++ b/m/apex/configuration.nix
@@ -57,6 +57,18 @@
    };
  };

+  services.fail2ban = {
+    enable = true;
+    maxretry = 5;
+    bantime-increment = {
+      enable = true; # Double ban time on each attack
+      maxtime = "7d"; # Ban up to a week
+    };
+  };
+
+  # Disable SSH login with password, allow only keypair
+  services.openssh.settings.PasswordAuthentication = false;
+
  networking.firewall = {
    extraCommands = ''
      # Blackhole BSC vulnerability scanner (OpenVAS) as it is spamming our
--- a/m/bay/configuration.nix
+++ b/m/bay/configuration.nix
@@ -24,7 +24,7 @@
      address = "10.0.40.40";
      prefixLength = 24;
    } ];
-    interfaces.ibp5s0.ipv4.addresses = [ {
+    interfaces.ibs785.ipv4.addresses = [ {
      address = "10.0.42.40";
      prefixLength = 24;
    } ];
--- a/m/common/base/users.nix
+++ b/m/common/base/users.nix
@@ -139,6 +139,7 @@
        openssh.authorizedKeys.keys = [
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKGt0ESYxekBiHJQowmKpfdouw0hVm3N7tUMtAaeLejK vincent@varch"
        ];
+        shell = pkgs.zsh;
      };

      pmartin1 = {
--- a/m/eudy/kernel/perf.nix
+++ b/m/eudy/kernel/perf.nix
@@ -1,11 +1,6 @@
-{ config, pkgs, lib, ... }:
+{ pkgs, lib, ... }:

 {
-  # add the perf tool
-  environment.systemPackages = with pkgs; [
-    config.boot.kernelPackages.perf
-  ];
-
  # allow non-root users to read tracing data from the kernel
  boot.kernel.sysctl."kernel.perf_event_paranoid" = -2;
  boot.kernel.sysctl."kernel.kptr_restrict" = 0;
--- a/m/hut/configuration.nix
+++ b/m/hut/configuration.nix
@@ -45,7 +45,7 @@
      address = "10.0.40.7";
      prefixLength = 24;
    } ];
-    interfaces.ibp5s0.ipv4.addresses = [ {
+    interfaces.ibs785.ipv4.addresses = [ {
      address = "10.0.42.7";
      prefixLength = 24;
    } ];
--- a/m/lake2/configuration.nix
+++ b/m/lake2/configuration.nix
@@ -46,7 +46,7 @@
      address = "10.0.40.42";
      prefixLength = 24;
    } ];
-    interfaces.ibp5s0.ipv4.addresses = [ {
+    interfaces.ibs785.ipv4.addresses = [ {
      address = "10.0.42.42";
      prefixLength = 24;
    } ];
--- a/m/owl1/configuration.nix
+++ b/m/owl1/configuration.nix
@@ -20,7 +20,7 @@
      address = "10.0.40.1";
      prefixLength = 24;
    } ];
-    interfaces.ibp5s0.ipv4.addresses = [ {
+    interfaces.ibs785.ipv4.addresses = [ {
      address = "10.0.42.1";
      prefixLength = 24;
    } ];
--- a/m/owl2/configuration.nix
+++ b/m/owl2/configuration.nix
@@ -21,7 +21,7 @@
      prefixLength = 24;
    } ];
    # Watch out! The OmniPath device is not in the same place here:
-    interfaces.ibp129s0.ipv4.addresses = [ {
+    interfaces.ibs801.ipv4.addresses = [ {
      address = "10.0.42.2";
      prefixLength = 24;
    } ];
--- a/m/tent/gitea.nix
+++ b/m/tent/gitea.nix
@@ -27,4 +27,7 @@
      };
    };
  };
+
+  # Allow gitea user to send mail
+  users.users.gitea.extraGroups = [ "mail-robot" ];
 }
--- a/pkgs/intel-oneapi/patch_intel.nix
+++ b/pkgs/intel-oneapi/patch_intel.nix
@@ -155,12 +155,12 @@ lib.makeOverridable (
          let
            original = "${finalAttrs.finalPackage}/${folder}/${version}";
          in
-          (symlinkJoin {
+          symlinkJoin {
            pname = "intel-${folder}";
            inherit version;
            paths = [ original ];
-          }).overrideAttrs
-            { passthru = { inherit original; }; }
+            passthru = { inherit original; };
+          }
        ) _components;
      in
      pkgs
@@ -175,7 +175,7 @@ lib.makeOverridable (
        # NOTE: there are clashes with packages that have symlinks outside their
        # scope (libtcm and env/vars.sh)
        all = symlinkJoin {
-          pname = finalAttrs.finalPackage + "-symlinked";
+          pname = finalAttrs.finalPackage.pname + "-symlinked";
          inherit (finalAttrs.finalPackage) version;
          paths = filter lib.isDerivation (attrValues finalAttrs.finalPackage.pkgs);
        };
--- a/test/compilers/hello-sycl.nix
+++ b/test/compilers/hello-sycl.nix
@@ -30,7 +30,7 @@ let
        return 0;
    } catch (sycl::exception &e) {
        std::cout << "SYCL exception: " << e.what() << std::endl;
-        return 0; // we excpect to fail since no devices should be available;
+        return 0; // we expect to fail since no devices should be available;
    }
  '';
 in
Author	SHA1	Message	Date
Aleix Boné	1e9d37a3ec	Add passthru in ompss2 wrapper for icpx compat	2026-01-21 12:28:03 +01:00
Aleix Boné	79c7965e10	Remove wrapper flags when clang called from intel When using `icpx -fsycl -fsycl-host-compiler=clang++`, the inner compiler will use the flags set in the icpx wrapper and it will break.	2026-01-21 12:28:03 +01:00
Aleix Boné	f942d8e849	Add oneMath	2026-01-21 12:28:03 +01:00
Aleix Boné	025f82cbcd	Use json for Intel 2023 instead of awk + ifd This reuses the existing json from the new 2024-25 intel packages instead of parsing the raw data from the apt output and doing IFD.	2026-01-21 12:28:03 +01:00
Aleix Boné	6bbc1135e7	Add TASYCL 2.1.0	2026-01-21 12:28:02 +01:00
Aleix Boné	5443225701	Add test for icpx with ompss-2 as host compiler	2026-01-21 12:28:02 +01:00
Aleix Boné	2355c294c3	Add SYCL test compilation	2026-01-21 12:28:02 +01:00
Aleix Boné	1021ef5ebd	Add intelPackages_202{4,5} and make 2025 the default	2026-01-21 12:28:02 +01:00
Rodrigo Arias Mallo	dda6a66782	Fix gitea user to allow sending email In order to send email, the gitea user needs to be in the mail-robot group. Fixes: rarias/jungle#220 Reviewed-by: Aleix Boné <abonerib@bsc.es>	2026-01-20 12:18:52 +01:00
Rodrigo Arias Mallo	22420e6ac8	Remove unneeded perf package from eudy It is already included in the base list of packages, which is now only "perf" and doesn't depend on the kernel version. Reviewed-by: Aleix Boné <abonerib@bsc.es>	2026-01-20 12:18:49 +01:00
Rodrigo Arias Mallo	a71cd78b4c	Fix infiniband interface names Reviewed-by: Aleix Boné <abonerib@bsc.es>	2026-01-20 12:18:46 +01:00
Rodrigo Arias Mallo	e84a2cadbb	flake.lock: Update Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/8bb5646e0bed5dbd3ab08c7a7cc15b75ab4e1d0f?narHash=sha256-SqUuBFjhl/kpDiVaKLQBoD8TLD%2B/cTUzzgVFoaHrkqY%3D' (2025-11-30) → 'github:NixOS/nixpkgs/3c9db02515ef1d9b6b709fc60ba9a540957f661c?narHash=sha256-2GffSfQxe3sedHzK%2BsTKlYo/NTIAGzbFCIsNMUPAAnk%3D' (2026-01-05) Reviewed-by: Aleix Boné <abonerib@bsc.es>	2026-01-20 12:18:41 +01:00
Aleix Boné	d3e43eb651	Remove conflicting definitions in amd-uprof-driver See: https://lkml.org/lkml/2025/4/9/1709 Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>	2026-01-20 12:15:18 +01:00
Aleix Boné	a491546ffb	Mark mcxx as broken and remove from package list Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>	2026-01-20 12:15:14 +01:00
Aleix Boné	933c78a80b	Fix moved package linuxPackages.perf is now perf Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>	2026-01-20 12:15:10 +01:00
Aleix Boné	150969be9b	Fix replaced nixseparatedebuginfod nixseparatedebuginfod has been replaced by nixseparatedebuginfod2 Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>	2026-01-20 12:15:06 +01:00
Aleix Boné	9097729759	Use standard gcc for intel packages This reverts `26f52aa27d` Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>	2026-01-20 12:15:02 +01:00
Aleix Boné	779449f1db	Fix renamed option watchdog.runtimeTime The option 'systemd.watchdog.runtimeTime' has been renamed to 'systemd.settings.Manager.RuntimeWatchdogSec'. Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>	2026-01-20 12:14:59 +01:00
Aleix Boné	6cbe33bd80	Replace wrapGAppsHook with wrapGAppsHook3 Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>	2026-01-20 12:14:56 +01:00
Aleix Boné	3f1f5ae8f2	Fix changed cudaPackages.cuda_cudart output See: https://github.com/NixOS/nixpkgs/pull/437723 Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>	2026-01-20 12:14:49 +01:00
Aleix Boné	fe8586e780	Set pyproject=true in buildPythonApplication The buildPythonPackage and buildPythonApplication functions now require an explicit format attribute. Previously the default format used setuptools and called setup.py from the source tree, which is deprecated. The modern alternative is to configure pyproject = true with build-system = [ setuptools ]. Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>	2026-01-20 12:14:31 +01:00
Aleix Boné	8677adba27	Fix renamed llvm bintools Moved from llvmPackages_latest.tools.bintools to llvmPackages_latest.bintools Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>	2026-01-20 12:14:27 +01:00
Aleix Boné	f614149edf	Upgrade nixpkgs to 25.11 Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>	2026-01-20 12:14:11 +01:00
Vincent A. Arcila	859eebda98	Change varcila shell to zsh Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>	2026-01-07 13:22:17 +01:00
Rodrigo Arias Mallo	c2a201b085	Increase fail2ban ban time on each attempt Reviewed-by: Aleix Boné <abonerib@bsc.es>	2026-01-07 13:14:34 +01:00
Rodrigo Arias Mallo	f921f0a4bd	Disable password login via SSH in apex Reviewed-by: Aleix Boné <abonerib@bsc.es>	2026-01-07 13:14:30 +01:00
Rodrigo Arias Mallo	aa16bfc0bc	Enable fail2ban in apex login node We are seeing a lot of failed attempts from the same IPs: apex% sudo journalctl -u sshd -b0 \| grep 'Failed password' \| wc -l 2441 Reviewed-by: Aleix Boné <abonerib@bsc.es>	2026-01-07 13:14:22 +01:00