abonerib/jungle
1
0
Fork 0
forked from rarias/jungle
Code Pull Requests Activity

Compare commits

base: abonerib:pkgs/tasycl
Branches Tags
abonerib:master abonerib:fix/cross/ompss-2 abonerib:mega-merge abonerib:pkgs/tacuda abonerib:pkgs/pocl abonerib:pkgs/tasycl abonerib:enableStrictDeps abonerib:upgrade/25.11 abonerib:fix/cross-clang abonerib:add-private abonerib:fix/paraver abonerib:pkgs/gromacs abonerib:pkgs/aocc abonerib:pkgs/clsparse abonerib:pkgs/taopencl abonerib:quick-shell abonerib:fix/gcc14 abonerib:remove-old abonerib:remove-inputs abonerib:weasel-hydra abonerib:feat/hydra rarias:add-ssanzmar rarias:master rarias:enableStrictDeps rarias:fox-regression rarias:pkgs/tacuda rarias:pkgs/tasycl rarias:robust-fetchGit rarias:old-master rarias:gitea-lfs rarias:only-restart-logins rarias:monitor-gpfs-home rarias:add-tent-machine rarias:m/raccoon rarias:add-fpga-u280 rarias:maintenance-purchase rarias:add-fox-machine rarias:share-files rarias:shared-nix-store rarias:intro-nix rarias:lake2-ipoib
..
compare: rarias:pkgs/tasycl
Branches Tags
rarias:add-ssanzmar rarias:master rarias:enableStrictDeps rarias:fox-regression rarias:pkgs/tacuda rarias:pkgs/tasycl rarias:robust-fetchGit rarias:old-master rarias:gitea-lfs rarias:only-restart-logins rarias:monitor-gpfs-home rarias:add-tent-machine rarias:m/raccoon rarias:add-fpga-u280 rarias:maintenance-purchase rarias:add-fox-machine rarias:share-files rarias:shared-nix-store rarias:intro-nix rarias:lake2-ipoib abonerib:master abonerib:fix/cross/ompss-2 abonerib:mega-merge abonerib:pkgs/tacuda abonerib:pkgs/pocl abonerib:pkgs/tasycl abonerib:enableStrictDeps abonerib:upgrade/25.11 abonerib:fix/cross-clang abonerib:add-private abonerib:fix/paraver abonerib:pkgs/gromacs abonerib:pkgs/aocc abonerib:pkgs/clsparse abonerib:pkgs/taopencl abonerib:quick-shell abonerib:fix/gcc14 abonerib:remove-old abonerib:remove-inputs abonerib:weasel-hydra abonerib:feat/hydra

27 Commits
pkgs/tasyc ... pkgs/tasyc

Author SHA1 Message Date
Aleix Boné
1e9d37a3ec Add passthru in ompss2 wrapper for icpx compat 2026-01-21 12:28:03 +01:00
Aleix Boné
79c7965e10 Remove wrapper flags when clang called from intel 
When using `icpx -fsycl -fsycl-host-compiler=clang++`, the inner
compiler will use the flags set in the icpx wrapper and it will break.
 2026-01-21 12:28:03 +01:00
Aleix Boné
f942d8e849 Add oneMath 2026-01-21 12:28:03 +01:00
Aleix Boné
025f82cbcd Use json for Intel 2023 instead of awk + ifd 
This reuses the existing json from the new 2024-25
intel packages instead of parsing the raw data from
the apt output and doing IFD.
 2026-01-21 12:28:03 +01:00
Aleix Boné
6bbc1135e7 Add TASYCL 2.1.0 2026-01-21 12:28:02 +01:00
Aleix Boné
5443225701 Add test for icpx with ompss-2 as host compiler 2026-01-21 12:28:02 +01:00
Aleix Boné
2355c294c3 Add SYCL test compilation 2026-01-21 12:28:02 +01:00
Aleix Boné
1021ef5ebd Add intelPackages_202{4,5} and make 2025 the default 2026-01-21 12:28:02 +01:00
Rodrigo Arias Mallo
dda6a66782 Fix gitea user to allow sending email 
In order to send email, the gitea user needs to be in the mail-robot
group.

Fixes: rarias/jungle#220
Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2026-01-20 12:18:52 +01:00
Rodrigo Arias Mallo
22420e6ac8 Remove unneeded perf package from eudy 
It is already included in the base list of packages, which is now only
"perf" and doesn't depend on the kernel version.

Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2026-01-20 12:18:49 +01:00
Rodrigo Arias Mallo
a71cd78b4c Fix infiniband interface names 
Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2026-01-20 12:18:46 +01:00
Rodrigo Arias Mallo
e84a2cadbb flake.lock: Update 
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/8bb5646e0bed5dbd3ab08c7a7cc15b75ab4e1d0f?narHash=sha256-SqUuBFjhl/kpDiVaKLQBoD8TLD%2B/cTUzzgVFoaHrkqY%3D' (2025-11-30)
  → 'github:NixOS/nixpkgs/3c9db02515ef1d9b6b709fc60ba9a540957f661c?narHash=sha256-2GffSfQxe3sedHzK%2BsTKlYo/NTIAGzbFCIsNMUPAAnk%3D' (2026-01-05)

Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2026-01-20 12:18:41 +01:00
Aleix Boné
d3e43eb651 Remove conflicting definitions in amd-uprof-driver 
See: https://lkml.org/lkml/2025/4/9/1709

Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
 2026-01-20 12:15:18 +01:00
Aleix Boné
a491546ffb Mark mcxx as broken and remove from package list 
Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
 2026-01-20 12:15:14 +01:00
Aleix Boné
933c78a80b Fix moved package linuxPackages.perf is now perf 
Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
 2026-01-20 12:15:10 +01:00
Aleix Boné
150969be9b Fix replaced nixseparatedebuginfod 
nixseparatedebuginfod has been replaced by nixseparatedebuginfod2

Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
 2026-01-20 12:15:06 +01:00
Aleix Boné
9097729759 Use standard gcc for intel packages 
This reverts 26f52aa27d

Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
 2026-01-20 12:15:02 +01:00
Aleix Boné
779449f1db Fix renamed option watchdog.runtimeTime 
The option 'systemd.watchdog.runtimeTime' has been renamed to
'systemd.settings.Manager.RuntimeWatchdogSec'.

Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
 2026-01-20 12:14:59 +01:00
Aleix Boné
6cbe33bd80 Replace wrapGAppsHook with wrapGAppsHook3 
Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
 2026-01-20 12:14:56 +01:00
Aleix Boné
3f1f5ae8f2 Fix changed cudaPackages.cuda_cudart output 
See: https://github.com/NixOS/nixpkgs/pull/437723
Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
 2026-01-20 12:14:49 +01:00
Aleix Boné
fe8586e780 Set pyproject=true in buildPythonApplication 
The buildPythonPackage and buildPythonApplication functions now
  require an explicit format attribute. Previously the default format
  used setuptools and called setup.py from the source tree, which is
  deprecated. The modern alternative is to configure pyproject = true
  with build-system = [ setuptools ].

Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
 2026-01-20 12:14:31 +01:00
Aleix Boné
8677adba27 Fix renamed llvm bintools 
Moved from llvmPackages_latest.tools.bintools to
llvmPackages_latest.bintools

Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
 2026-01-20 12:14:27 +01:00
Aleix Boné
f614149edf Upgrade nixpkgs to 25.11 
Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
 2026-01-20 12:14:11 +01:00
Vincent A. Arcila
859eebda98 Change varcila shell to zsh 
Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
 2026-01-07 13:22:17 +01:00
Rodrigo Arias Mallo
c2a201b085 Increase fail2ban ban time on each attempt 
Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2026-01-07 13:14:34 +01:00
Rodrigo Arias Mallo
f921f0a4bd Disable password login via SSH in apex 
Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2026-01-07 13:14:30 +01:00
Rodrigo Arias Mallo
aa16bfc0bc Enable fail2ban in apex login node 
We are seeing a lot of failed attempts from the same IPs:

    apex% sudo journalctl -u sshd -b0 | grep 'Failed password' | wc -l
    2441

Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2026-01-07 13:14:22 +01:00
12 changed files with 30 additions and 19 deletions
Expand all files Collapse all files

6
flake.lock generated
View File

@@ -2,11 +2,11 @@
"nodes": { "nodes": {
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1764522689, "lastModified": 1767634882,
"narHash": "sha256-SqUuBFjhl/kpDiVaKLQBoD8TLD+/cTUzzgVFoaHrkqY=", "narHash": "sha256-2GffSfQxe3sedHzK+sTKlYo/NTIAGzbFCIsNMUPAAnk=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "8bb5646e0bed5dbd3ab08c7a7cc15b75ab4e1d0f", "rev": "3c9db02515ef1d9b6b709fc60ba9a540957f661c",
"type": "github" "type": "github"
}, },
"original": { "original": {

12
m/apex/configuration.nix
View File

@@ -57,6 +57,18 @@
}; };
}; };
services.fail2ban = {
enable = true;
maxretry = 5;
bantime-increment = {
enable = true; # Double ban time on each attack
maxtime = "7d"; # Ban up to a week
};
};
# Disable SSH login with password, allow only keypair
services.openssh.settings.PasswordAuthentication = false;
networking.firewall = { networking.firewall = {
extraCommands = '' extraCommands = ''
# Blackhole BSC vulnerability scanner (OpenVAS) as it is spamming our # Blackhole BSC vulnerability scanner (OpenVAS) as it is spamming our

2
m/bay/configuration.nix
View File

@@ -24,7 +24,7 @@
address = "10.0.40.40"; address = "10.0.40.40";
prefixLength = 24; prefixLength = 24;
} ]; } ];
interfaces.ibp5s0.ipv4.addresses = [ { interfaces.ibs785.ipv4.addresses = [ {
address = "10.0.42.40"; address = "10.0.42.40";
prefixLength = 24; prefixLength = 24;
} ]; } ];

1
m/common/base/users.nix
View File

@@ -139,6 +139,7 @@
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKGt0ESYxekBiHJQowmKpfdouw0hVm3N7tUMtAaeLejK vincent@varch" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKGt0ESYxekBiHJQowmKpfdouw0hVm3N7tUMtAaeLejK vincent@varch"
]; ];
shell = pkgs.zsh;
}; };
pmartin1 = { pmartin1 = {

7
m/eudy/kernel/perf.nix
View File

@@ -1,11 +1,6 @@
{ config, pkgs, lib, ... }: { pkgs, lib, ... }:
{ {
# add the perf tool
environment.systemPackages = with pkgs; [
config.boot.kernelPackages.perf
];
# allow non-root users to read tracing data from the kernel # allow non-root users to read tracing data from the kernel
boot.kernel.sysctl."kernel.perf_event_paranoid" = -2; boot.kernel.sysctl."kernel.perf_event_paranoid" = -2;
boot.kernel.sysctl."kernel.kptr_restrict" = 0; boot.kernel.sysctl."kernel.kptr_restrict" = 0;

2
m/hut/configuration.nix
View File

@@ -45,7 +45,7 @@
address = "10.0.40.7"; address = "10.0.40.7";
prefixLength = 24; prefixLength = 24;
} ]; } ];
interfaces.ibp5s0.ipv4.addresses = [ { interfaces.ibs785.ipv4.addresses = [ {
address = "10.0.42.7"; address = "10.0.42.7";
prefixLength = 24; prefixLength = 24;
} ]; } ];

2
m/lake2/configuration.nix
View File

@@ -46,7 +46,7 @@
address = "10.0.40.42"; address = "10.0.40.42";
prefixLength = 24; prefixLength = 24;
} ]; } ];
interfaces.ibp5s0.ipv4.addresses = [ { interfaces.ibs785.ipv4.addresses = [ {
address = "10.0.42.42"; address = "10.0.42.42";
prefixLength = 24; prefixLength = 24;
} ]; } ];

2
m/owl1/configuration.nix
View File

@@ -20,7 +20,7 @@
address = "10.0.40.1"; address = "10.0.40.1";
prefixLength = 24; prefixLength = 24;
} ]; } ];
interfaces.ibp5s0.ipv4.addresses = [ { interfaces.ibs785.ipv4.addresses = [ {
address = "10.0.42.1"; address = "10.0.42.1";
prefixLength = 24; prefixLength = 24;
} ]; } ];

2
m/owl2/configuration.nix
View File

@@ -21,7 +21,7 @@
prefixLength = 24; prefixLength = 24;
} ]; } ];
# Watch out! The OmniPath device is not in the same place here: # Watch out! The OmniPath device is not in the same place here:
interfaces.ibp129s0.ipv4.addresses = [ { interfaces.ibs801.ipv4.addresses = [ {
address = "10.0.42.2"; address = "10.0.42.2";
prefixLength = 24; prefixLength = 24;
} ]; } ];

3
m/tent/gitea.nix
View File

@@ -27,4 +27,7 @@
}; };
}; };
}; };
# Allow gitea user to send mail
users.users.gitea.extraGroups = [ "mail-robot" ];
} }

8
pkgs/intel-oneapi/patch_intel.nix
View File

@@ -155,12 +155,12 @@ lib.makeOverridable (
let let
original = "${finalAttrs.finalPackage}/${folder}/${version}"; original = "${finalAttrs.finalPackage}/${folder}/${version}";
in in
(symlinkJoin { symlinkJoin {
pname = "intel-${folder}"; pname = "intel-${folder}";
inherit version; inherit version;
paths = [ original ]; paths = [ original ];
}).overrideAttrs passthru = { inherit original; };
{ passthru = { inherit original; }; } }
) _components; ) _components;
in in
pkgs pkgs
@@ -175,7 +175,7 @@ lib.makeOverridable (
# NOTE: there are clashes with packages that have symlinks outside their # NOTE: there are clashes with packages that have symlinks outside their
# scope (libtcm and env/vars.sh) # scope (libtcm and env/vars.sh)
all = symlinkJoin { all = symlinkJoin {
pname = finalAttrs.finalPackage + "-symlinked"; pname = finalAttrs.finalPackage.pname + "-symlinked";
inherit (finalAttrs.finalPackage) version; inherit (finalAttrs.finalPackage) version;
paths = filter lib.isDerivation (attrValues finalAttrs.finalPackage.pkgs); paths = filter lib.isDerivation (attrValues finalAttrs.finalPackage.pkgs);
}; };

2
test/compilers/hello-sycl.nix
View File

@@ -30,7 +30,7 @@ let
return 0; return 0;
} catch (sycl::exception &e) { } catch (sycl::exception &e) {
std::cout << "SYCL exception: " << e.what() << std::endl; std::cout << "SYCL exception: " << e.what() << std::endl;
return 0; // we excpect to fail since no devices should be available; return 0; // we expect to fail since no devices should be available;
} }
''; '';
in in