abonerib/jungle
1
0
Fork 0
forked from rarias/jungle
Code Pull Requests Activity

Compare commits

merge into: abonerib:remove-old
Branches Tags
abonerib:master abonerib:fix/cross/ompss-2 abonerib:mega-merge abonerib:pkgs/tacuda abonerib:pkgs/pocl abonerib:pkgs/tasycl abonerib:enableStrictDeps abonerib:upgrade/25.11 abonerib:fix/cross-clang abonerib:add-private abonerib:fix/paraver abonerib:pkgs/gromacs abonerib:pkgs/aocc abonerib:pkgs/clsparse abonerib:pkgs/taopencl abonerib:quick-shell abonerib:fix/gcc14 abonerib:remove-old abonerib:remove-inputs abonerib:weasel-hydra abonerib:feat/hydra rarias:master rarias:enableStrictDeps rarias:fox-regression rarias:pkgs/tacuda rarias:pkgs/tasycl rarias:robust-fetchGit rarias:old-master rarias:gitea-lfs rarias:only-restart-logins rarias:monitor-gpfs-home rarias:add-tent-machine rarias:m/raccoon rarias:add-fpga-u280 rarias:maintenance-purchase rarias:add-fox-machine rarias:share-files rarias:shared-nix-store rarias:intro-nix rarias:lake2-ipoib
...
pull from: abonerib:pkgs/tacuda
Branches Tags
abonerib:fix/cross/ompss-2 abonerib:mega-merge abonerib:pkgs/tacuda abonerib:pkgs/pocl abonerib:pkgs/tasycl abonerib:enableStrictDeps abonerib:upgrade/25.11 abonerib:fix/cross-clang abonerib:master abonerib:add-private abonerib:fix/paraver abonerib:pkgs/gromacs abonerib:pkgs/aocc abonerib:pkgs/clsparse abonerib:pkgs/taopencl abonerib:quick-shell abonerib:fix/gcc14 abonerib:remove-old abonerib:remove-inputs abonerib:weasel-hydra abonerib:feat/hydra rarias:master rarias:enableStrictDeps rarias:fox-regression rarias:pkgs/tacuda rarias:pkgs/tasycl rarias:robust-fetchGit rarias:old-master rarias:gitea-lfs rarias:only-restart-logins rarias:monitor-gpfs-home rarias:add-tent-machine rarias:m/raccoon rarias:add-fpga-u280 rarias:maintenance-purchase rarias:add-fox-machine rarias:share-files rarias:shared-nix-store rarias:intro-nix rarias:lake2-ipoib

47 Commits
remove-old ... pkgs/tacud

Author SHA1 Message Date
Aleix Boné
59b36347d9 Add TACUDA through cudaPackages extensions 2025-12-16 15:57:24 +01:00
Aleix Boné
846f514688 Add TACUDA package 2025-12-15 15:13:52 +01:00
Aleix Boné
08418da067 Add TAOpenCL 2025-12-15 15:13:51 +01:00
Aleix Boné
1437d2da2c Add GROMACS 2025-12-15 15:13:51 +01:00
Aleix Boné
5a8e363e6a Add OpenCL Conformance Tests to PoCL 2025-12-15 15:13:51 +01:00
Aleix Boné
aacfbbd4a1 Use POCL_CACHE_DIR instead of writableHome...Hook 2025-12-15 13:00:51 +01:00
Aleix Boné
13f075e9e6 Add tests for PoCL with and without using icd 2025-12-15 13:00:51 +01:00
Aleix Boné
aec4a158ed Add PoCL passthru test that sets doCheck 2025-12-10 17:09:01 +01:00
Aleix Boné
e5607b2f44 Add clinfo test for PoCL 2025-12-10 17:09:01 +01:00
Aleix Boné
48a1f09888 Add PoCL 2025-12-10 17:09:01 +01:00
Aleix Boné
ee9af71da0 Remove conflicting definitions in amd-uprof-driver 
See: https://lkml.org/lkml/2025/4/9/1709
 2025-12-10 14:34:53 +01:00
Aleix Boné
1d3bda33a0 Mark mcxx as broken and remove from package list 2025-12-03 10:15:17 +01:00
Aleix Boné
87bf095dae Fix moved package linuxPackages.perf is now perf 2025-12-03 10:15:17 +01:00
Aleix Boné
2264e15102 Fix replaced nixseparatedebuginfod 
nixseparatedebuginfod has been replaced by nixseparatedebuginfod2
 2025-12-03 10:15:17 +01:00
Aleix Boné
209f8a582e Use standard gcc for intel packages 
This reverts 26f52aa27d
 2025-12-03 10:15:16 +01:00
Aleix Boné
1457d85f4c Fix renamed option watchdog.runtimeTime 
The option 'systemd.watchdog.runtimeTime' has been renamed to
'systemd.settings.Manager.RuntimeWatchdogSec'.
 2025-12-02 17:53:14 +01:00
Aleix Boné
ad812ea32d Replace wrapGAppsHook with wrapGAppsHook3 2025-12-02 17:53:13 +01:00
Aleix Boné
5bc928c407 Fix changed cudaPackages.cuda_cudart output 
See: https://github.com/NixOS/nixpkgs/pull/437723
 2025-12-02 17:53:13 +01:00
Aleix Boné
eb9358abab Set pyproject=true in buildPythonApplication 
The buildPythonPackage and buildPythonApplication functions now
  require an explicit format attribute. Previously the default format
  used setuptools and called setup.py from the source tree, which is
  deprecated. The modern alternative is to configure pyproject = true
  with build-system = [ setuptools ].
 2025-12-02 17:53:13 +01:00
Aleix Boné
d2025d35d9 Fix renamed llvm bintools 
Moved from llvmPackages_latest.tools.bintools to
llvmPackages_latest.bintools
 2025-12-02 17:53:13 +01:00
Aleix Boné
6e089344da Upgrade nixpkgs to 25.11 2025-12-02 17:53:13 +01:00
Aleix Boné
a173af654f Fix osu cross-compilation 
Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
 2025-10-31 16:23:46 +01:00
Aleix Boné
2fff7e4a7b Set mpich default compilers from targetPackages 
Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
 2025-10-31 16:23:46 +01:00
Aleix Boné
a761b73336 Enable meta.cross for mpich related packages 
Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
 2025-10-31 16:23:46 +01:00
Aleix Boné
86eb796771 Disable meta.cross for gpi-2 and tagaspi 
Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
 2025-10-31 16:23:46 +01:00
Aleix Boné
08633435cf Fix nativeBuildInputs for tagaspi 
Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
 2025-10-31 16:23:46 +01:00
Aleix Boné
39d64456a4 Fix nativeBuildInputs for gpi-2 
Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
 2025-10-31 16:23:46 +01:00
Aleix Boné
410040a4a0 Fix mpich cross compilation (disable fortran) 
Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
 2025-10-31 16:23:46 +01:00
Rodrigo Arias Mallo
fc69ef3217 Enable pam_slurm_adopt in all compute nodes 
Prevents access to owl1 and owl2 too if the user doesn't have any jobs
running there.

Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2025-10-31 11:41:50 +01:00
Rodrigo Arias Mallo
1d025f7a38 Don't suspend owl compute nodes 
Currently the owl nodes are located on top of the rack and turning them
off causes a high temperature increase at that region, which accumulates
heat from the whole rack. To maximize airflow we will leave them on at
all times. This also makes allocations immediate at the extra cost of
around 200 W.

In the future, if we include more nodes in SLURM we can configure those
to turn off if needed.

Fixes: rarias/jungle#156
Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2025-10-31 11:41:44 +01:00
Aleix Boné
7989779c8f Filter out packages by platform from crossSet 
Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
Tested-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
 2025-10-31 11:21:13 +01:00
Aleix Boné
7d721084a7 Add meta to cudainfo 
Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
 2025-10-31 11:20:01 +01:00
Aleix Boné
796d34a549 Set amd-uprof platforms to x86_64-linux only 
Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
 2025-10-31 11:19:57 +01:00
Rodrigo Arias Mallo
5ff1b1343b Add nixgen to all machines 
Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2025-10-29 16:28:05 +01:00
Rodrigo Arias Mallo
c5cc13fad8 Add nixgen package 
Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2025-10-29 16:27:56 +01:00
Rodrigo Arias Mallo
2e09314a7e Update OmpSs-2 LLVM to 2025.11 
Reviewed-by: Aleix Boné <abonerib@bsc.es>
Tested-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
 2025-10-29 16:22:57 +01:00
Rodrigo Arias Mallo
217d9c1fc0 Update NODES to 1.4 
Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2025-10-29 16:21:46 +01:00
Rodrigo Arias Mallo
f47ab7757e Update nOS-V to 4.0.0 
Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2025-10-29 16:21:43 +01:00
Rodrigo Arias Mallo
4b265c071e Update ovni to 1.13.0 
Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2025-10-29 16:21:32 +01:00
Rodrigo Arias Mallo
019826d09e Add OmpSs-2 release timers and services 
Send a reminder email to the STAR group to mark the release cycle dates.

Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2025-10-28 12:38:37 +01:00
Rodrigo Arias Mallo
a294daf7e3 Use specific mail-robot group to send mail 
Allows any user to be able to send mail from the robot account as long
as it is added to the mail-robot group.

Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2025-10-28 12:38:17 +01:00
Rodrigo Arias Mallo
a7018250ca Add missing slurm package to overlay 
Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2025-10-28 11:44:40 +01:00
Rodrigo Arias Mallo
e3d1785285 Run a shell in the allocated node with salloc 
By default, salloc will open a new shell in the *current* node instead
of in the allocated node. This often causes users to leave the extra
shell running once the allocation ends. Repeating this process several
times causes chains of shells.

By running the shell in the remote node, once the allocation ends the
shell finishes as well.

Fixes: rarias/jungle#174
See: https://slurm.schedmd.com/faq.html#prompt
Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2025-10-28 11:44:14 +01:00
Aleix Boné
ab86243a07 Add missing which in nodes checkPhase 
When enabling checks, the build log is polluted with errors.

Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
Tested-by: Aleix Boné <abonerib@bsc.es>
 2025-10-23 15:59:21 +02:00
Rodrigo Arias Mallo
14f2393d30 Update website 
Add apex page and replace bscpkgs references for jungle after the merge.

See: rarias/jungle-website#1
Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2025-10-22 15:48:13 +02:00
Rodrigo Arias Mallo
f115d611e7 Add aaguirre user 
Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2025-10-22 15:28:29 +02:00
Rodrigo Arias Mallo
4261d327c6 Include agenix module and package directly 
Avoids adding an extra flake input only to fetch a single module and
package.

Reviewed-by: Aleix Boné <abonerib@bsc.es>
Tested-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
 2025-10-14 09:37:47 +02:00
66 changed files with 2135 additions and 212 deletions
Expand all files Collapse all files

90
flake.lock generated
View File

@@ -1,107 +1,25 @@
{ {
"nodes": { "nodes": {
"agenix": {
"inputs": {
"darwin": "darwin",
"home-manager": "home-manager",
"nixpkgs": [
"nixpkgs"
],
"systems": "systems"
},
"locked": {
"lastModified": 1750173260,
"narHash": "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=",
"owner": "ryantm",
"repo": "agenix",
"rev": "531beac616433bac6f9e2a19feb8e99a22a66baf",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1744478979,
"narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "43975d782b418ebf4969e9ccba82466728c2851b",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "master",
"repo": "nix-darwin",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1745494811,
"narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1752436162, "lastModified": 1764522689,
"narHash": "sha256-Kt1UIPi7kZqkSc5HVj6UY5YLHHEzPBkgpNUByuyxtlw=", "narHash": "sha256-SqUuBFjhl/kpDiVaKLQBoD8TLD+/cTUzzgVFoaHrkqY=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "dfcd5b901dbab46c9c6e80b265648481aafb01f8", "rev": "8bb5646e0bed5dbd3ab08c7a7cc15b75ab4e1d0f",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "nixos-25.05", "ref": "nixos-25.11",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"root": { "root": {
"inputs": { "inputs": {
"agenix": "agenix",
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs"
} }
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

8
flake.nix
View File

@@ -1,15 +1,13 @@
{ {
inputs = { inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11";
agenix.url = "github:ryantm/agenix";
agenix.inputs.nixpkgs.follows = "nixpkgs";
}; };
outputs = { self, nixpkgs, agenix, ... }: outputs = { self, nixpkgs, ... }:
let let
mkConf = name: nixpkgs.lib.nixosSystem { mkConf = name: nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
specialArgs = { inherit nixpkgs agenix; theFlake = self; }; specialArgs = { inherit nixpkgs; theFlake = self; };
modules = [ "${self.outPath}/m/${name}/configuration.nix" ]; modules = [ "${self.outPath}/m/${name}/configuration.nix" ];
}; };
# For now we only support x86 # For now we only support x86

9
m/common/base/agenix.nix
View File

@@ -1,9 +1,8 @@
{ agenix, ... }: { pkgs, ... }:
{ {
imports = [ agenix.nixosModules.default ]; imports = [ ../../module/agenix.nix ];
environment.systemPackages = [ # Add agenix to system packages
agenix.packages.x86_64-linux.default environment.systemPackages = [ pkgs.agenix ];
];
} }

8
m/common/base/env.nix
View File

@@ -1,12 +1,12 @@
{ pkgs, config, ... }: { pkgs, ... }:
{ {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
vim wget git htop tmux pciutils tcpdump ripgrep nix-index nixos-option vim wget git htop tmux pciutils tcpdump ripgrep nix-index nixos-option
nix-diff ipmitool freeipmi ethtool lm_sensors cmake gnumake file tree nix-diff ipmitool freeipmi ethtool lm_sensors cmake gnumake file tree
ncdu config.boot.kernelPackages.perf ldns pv ncdu perf ldns pv
# From bsckgs overlay # From jungle overlay
osumb osumb nixgen
]; ];
programs.direnv.enable = true; programs.direnv.enable = true;

13
m/common/base/users.nix
View File

@@ -180,6 +180,19 @@
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFmMqKqPg4uocNOr3O41kLbZMOMJn3m2ZdN1JvTR96z3 bsccns@arnau-bsc" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFmMqKqPg4uocNOr3O41kLbZMOMJn3m2ZdN1JvTR96z3 bsccns@arnau-bsc"
]; ];
}; };
aaguirre = {
uid = 9655;
isNormalUser = true;
home = "/home/Computational/aaguirre";
description = "Alejandro Aguirre";
group = "Computational";
hosts = [ "apex" "hut" ];
hashedPassword = "$6$TXRXQT6jjBvxkxU6$E.sh5KspAm1qeG5Ct7OPHpo8REmbGDwjFGvqeGgTVz3GASGOAnPL7UMZsMAsAKBoahOw.v8LNno6XGrTEPzZH1";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOlRX7ZCnqtUJYCxKgWmgSrFCYuA2LHY96rVwqxXPl86 aaguirre@BSC-8488184117"
];
};
}; };
groups = { groups = {

2
m/common/base/watchdog.nix
View File

@@ -5,5 +5,5 @@
boot.kernelModules = [ "ipmi_watchdog" ]; boot.kernelModules = [ "ipmi_watchdog" ];
# Enable systemd watchdog with 30 s interval # Enable systemd watchdog with 30 s interval
systemd.watchdog.runtimeTime = "30s"; systemd.settings.Manager.RuntimeWatchdogSec = 30;
} }

16
m/fox/configuration.nix
View File

@@ -93,20 +93,4 @@
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
serviceConfig.ExecStart = script; serviceConfig.ExecStart = script;
}; };
# Only allow SSH connections from users who have a SLURM allocation
# See: https://slurm.schedmd.com/pam_slurm_adopt.html
security.pam.services.sshd.rules.account.slurm = {
control = "required";
enable = true;
modulePath = "${pkgs.slurm}/lib/security/pam_slurm_adopt.so";
args = [ "log_level=debug5" ];
order = 999999; # Make it last one
};
# Disable systemd session (pam_systemd.so) as it will conflict with the
# pam_slurm_adopt.so module. What happens is that the shell is first adopted
# into the slurmstepd task and then into the systemd session, which is not
# what we want, otherwise it will linger even if all jobs are gone.
security.pam.services.sshd.startSession = lib.mkForce false;
} }

1
m/hut/configuration.nix
View File

@@ -17,6 +17,7 @@
./postgresql.nix ./postgresql.nix
./nginx.nix ./nginx.nix
./p.nix ./p.nix
./ompss2-timer.nix
#./pxe.nix #./pxe.nix
]; ];

3
m/hut/gitea.nix
View File

@@ -29,6 +29,9 @@
}; };
}; };
# Allow gitea user to send mail
users.users.gitea.extraGroups = [ "mail-robot" ];
services.gitea-actions-runner.instances = { services.gitea-actions-runner.instances = {
runrun = { runrun = {
enable = true; enable = true;

5
m/hut/msmtp.nix
View File

@@ -1,8 +1,11 @@
{ config, lib, ... }: { config, lib, ... }:
{ {
# Robot user that can see the password to send mail from jungle-robot
users.groups.mail-robot = {};
age.secrets.jungleRobotPassword = { age.secrets.jungleRobotPassword = {
file = ../../secrets/jungle-robot-password.age; file = ../../secrets/jungle-robot-password.age;
group = "gitea"; group = "mail-robot";
mode = "440"; mode = "440";
}; };

4
m/hut/nginx.nix
View File

@@ -4,8 +4,8 @@ let
name = "jungle-web"; name = "jungle-web";
src = pkgs.fetchgit { src = pkgs.fetchgit {
url = "https://jungle.bsc.es/git/rarias/jungle-website.git"; url = "https://jungle.bsc.es/git/rarias/jungle-website.git";
rev = "739bf0175a7f05380fe7ad7023ff1d60db1710e1"; rev = "52abaf4d71652a9ef77a0b098db14ca33bffff4c";
hash = "sha256-ea5DzhYTzZ9TmqD+x95rdNdLbxPnBluqlYH2NmBYmc4="; hash = "sha256-/ul9GazbOrOkmlvSgDz/+2W+V+ir5725Y7mVLc3rb0M=";
}; };
buildInputs = [ pkgs.hugo ]; buildInputs = [ pkgs.hugo ];
buildPhase = '' buildPhase = ''

85
m/hut/ompss2-timer.nix Normal file
View File

@@ -0,0 +1,85 @@
{ config, pkgs, ... }:
{
systemd.timers = {
"ompss2-closing" = {
wantedBy = [ "timers.target" ];
timerConfig = {
Unit = "ompss2-closing.service";
OnCalendar = [ "*-03-15 07:00:00" "*-09-15 07:00:00"];
};
};
"ompss2-freeze" = {
wantedBy = [ "timers.target" ];
timerConfig = {
Unit = "ompss2-freeze.service";
OnCalendar = [ "*-04-15 07:00:00" "*-10-15 07:00:00" ];
};
};
"ompss2-release" = {
wantedBy = [ "timers.target" ];
timerConfig = {
Unit = "ompss2-release.service";
OnCalendar = [ "*-05-15 07:00:00" "*-11-15 07:00:00" ];
};
};
};
systemd.services =
let
closing = pkgs.writeText "closing.txt"
''
Subject: OmpSs-2 release enters closing period
Hi,
You have one month to merge the remaining features for the next OmpSs-2
release. Please, identify what needs to be merged and discuss it in the next
OmpSs-2 meeting.
Thanks!,
Jungle robot
'';
freeze = pkgs.writeText "freeze.txt"
''
Subject: OmpSs-2 release enters freeze period
Hi,
The period to introduce new features or breaking changes is over, only bug
fixes are allowed now. During this time, please prepare the release notes
to be included in the next OmpSs-2 release.
Thanks!,
Jungle robot
'';
release = pkgs.writeText "release.txt"
''
Subject: OmpSs-2 release now
Hi,
The period to introduce bug fixes is now over. Please, proceed to do the
OmpSs-2 release.
Thanks!,
Jungle robot
'';
mkServ = name: mail: {
"ompss2-${name}" = {
script = ''
set -eu
set -o pipefail
cat ${mail} | ${config.security.wrapperDir}/sendmail star@bsc.es
'';
serviceConfig = {
Type = "oneshot";
DynamicUser = true;
Group = "mail-robot";
};
};
};
in
(mkServ "closing" closing) //
(mkServ "freeze" freeze) //
(mkServ "release" release);
}

357
m/module/agenix.nix Normal file
View File

@@ -0,0 +1,357 @@
{
config,
options,
lib,
pkgs,
...
}:
with lib;
let
cfg = config.age;
isDarwin = lib.attrsets.hasAttrByPath [ "environment" "darwinConfig" ] options;
ageBin = config.age.ageBin;
users = config.users.users;
sysusersEnabled =
if isDarwin then
false
else
options.systemd ? sysusers && (config.systemd.sysusers.enable || config.services.userborn.enable);
mountCommand =
if isDarwin then
''
if ! diskutil info "${cfg.secretsMountPoint}" &> /dev/null; then
num_sectors=1048576
dev=$(hdiutil attach -nomount ram://"$num_sectors" | sed 's/[[:space:]]*$//')
newfs_hfs -v agenix "$dev"
mount -t hfs -o nobrowse,nodev,nosuid,-m=0751 "$dev" "${cfg.secretsMountPoint}"
fi
''
else
''
grep -q "${cfg.secretsMountPoint} ramfs" /proc/mounts ||
mount -t ramfs none "${cfg.secretsMountPoint}" -o nodev,nosuid,mode=0751
'';
newGeneration = ''
_agenix_generation="$(basename "$(readlink ${cfg.secretsDir})" || echo 0)"
(( ++_agenix_generation ))
echo "[agenix] creating new generation in ${cfg.secretsMountPoint}/$_agenix_generation"
mkdir -p "${cfg.secretsMountPoint}"
chmod 0751 "${cfg.secretsMountPoint}"
${mountCommand}
mkdir -p "${cfg.secretsMountPoint}/$_agenix_generation"
chmod 0751 "${cfg.secretsMountPoint}/$_agenix_generation"
'';
chownGroup = if isDarwin then "admin" else "keys";
# chown the secrets mountpoint and the current generation to the keys group
# instead of leaving it root:root.
chownMountPoint = ''
chown :${chownGroup} "${cfg.secretsMountPoint}" "${cfg.secretsMountPoint}/$_agenix_generation"
'';
setTruePath = secretType: ''
${
if secretType.symlink then
''
_truePath="${cfg.secretsMountPoint}/$_agenix_generation/${secretType.name}"
''
else
''
_truePath="${secretType.path}"
''
}
'';
installSecret = secretType: ''
${setTruePath secretType}
echo "decrypting '${secretType.file}' to '$_truePath'..."
TMP_FILE="$_truePath.tmp"
IDENTITIES=()
for identity in ${toString cfg.identityPaths}; do
test -r "$identity" || continue
test -s "$identity" || continue
IDENTITIES+=(-i)
IDENTITIES+=("$identity")
done
test "''${#IDENTITIES[@]}" -eq 0 && echo "[agenix] WARNING: no readable identities found!"
mkdir -p "$(dirname "$_truePath")"
[ "${secretType.path}" != "${cfg.secretsDir}/${secretType.name}" ] && mkdir -p "$(dirname "${secretType.path}")"
(
umask u=r,g=,o=
test -f "${secretType.file}" || echo '[agenix] WARNING: encrypted file ${secretType.file} does not exist!'
test -d "$(dirname "$TMP_FILE")" || echo "[agenix] WARNING: $(dirname "$TMP_FILE") does not exist!"
LANG=${
config.i18n.defaultLocale or "C"
} ${ageBin} --decrypt "''${IDENTITIES[@]}" -o "$TMP_FILE" "${secretType.file}"
)
chmod ${secretType.mode} "$TMP_FILE"
mv -f "$TMP_FILE" "$_truePath"
${optionalString secretType.symlink ''
[ "${secretType.path}" != "${cfg.secretsDir}/${secretType.name}" ] && ln -sfT "${cfg.secretsDir}/${secretType.name}" "${secretType.path}"
''}
'';
testIdentities = map (path: ''
test -f ${path} || echo '[agenix] WARNING: config.age.identityPaths entry ${path} not present!'
'') cfg.identityPaths;
cleanupAndLink = ''
_agenix_generation="$(basename "$(readlink ${cfg.secretsDir})" || echo 0)"
(( ++_agenix_generation ))
echo "[agenix] symlinking new secrets to ${cfg.secretsDir} (generation $_agenix_generation)..."
ln -sfT "${cfg.secretsMountPoint}/$_agenix_generation" ${cfg.secretsDir}
(( _agenix_generation > 1 )) && {
echo "[agenix] removing old secrets (generation $(( _agenix_generation - 1 )))..."
rm -rf "${cfg.secretsMountPoint}/$(( _agenix_generation - 1 ))"
}
'';
installSecrets = builtins.concatStringsSep "\n" (
[ "echo '[agenix] decrypting secrets...'" ]
++ testIdentities
++ (map installSecret (builtins.attrValues cfg.secrets))
++ [ cleanupAndLink ]
);
chownSecret = secretType: ''
${setTruePath secretType}
chown ${secretType.owner}:${secretType.group} "$_truePath"
'';
chownSecrets = builtins.concatStringsSep "\n" (
[ "echo '[agenix] chowning...'" ]
++ [ chownMountPoint ]
++ (map chownSecret (builtins.attrValues cfg.secrets))
);
secretType = types.submodule (
{ config, ... }:
{
options = {
name = mkOption {
type = types.str;
default = config._module.args.name;
defaultText = literalExpression "config._module.args.name";
description = ''
Name of the file used in {option}`age.secretsDir`
'';
};
file = mkOption {
type = types.path;
description = ''
Age file the secret is loaded from.
'';
};
path = mkOption {
type = types.str;
default = "${cfg.secretsDir}/${config.name}";
defaultText = literalExpression ''
"''${cfg.secretsDir}/''${config.name}"
'';
description = ''
Path where the decrypted secret is installed.
'';
};
mode = mkOption {
type = types.str;
default = "0400";
description = ''
Permissions mode of the decrypted secret in a format understood by chmod.
'';
};
owner = mkOption {
type = types.str;
default = "0";
description = ''
User of the decrypted secret.
'';
};
group = mkOption {
type = types.str;
default = users.${config.owner}.group or "0";
defaultText = literalExpression ''
users.''${config.owner}.group or "0"
'';
description = ''
Group of the decrypted secret.
'';
};
symlink = mkEnableOption "symlinking secrets to their destination" // {
default = true;
};
};
}
);
in
{
imports = [
(mkRenamedOptionModule [ "age" "sshKeyPaths" ] [ "age" "identityPaths" ])
];
options.age = {
ageBin = mkOption {
type = types.str;
default = "${pkgs.age}/bin/age";
defaultText = literalExpression ''
"''${pkgs.age}/bin/age"
'';
description = ''
The age executable to use.
'';
};
secrets = mkOption {
type = types.attrsOf secretType;
default = { };
description = ''
Attrset of secrets.
'';
};
secretsDir = mkOption {
type = types.path;
default = "/run/agenix";
description = ''
Folder where secrets are symlinked to
'';
};
secretsMountPoint = mkOption {
type =
types.addCheck types.str (
s:
(builtins.match "[ \t\n]*" s) == null # non-empty
&& (builtins.match ".+/" s) == null
) # without trailing slash
// {
description = "${types.str.description} (with check: non-empty without trailing slash)";
};
default = "/run/agenix.d";
description = ''
Where secrets are created before they are symlinked to {option}`age.secretsDir`
'';
};
identityPaths = mkOption {
type = types.listOf types.path;
default =
if isDarwin then
[
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_rsa_key"
]
else if (config.services.openssh.enable or false) then
map (e: e.path) (
lib.filter (e: e.type == "rsa" || e.type == "ed25519") config.services.openssh.hostKeys
)
else
[ ];
defaultText = literalExpression ''
if isDarwin
then [
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_rsa_key"
]
else if (config.services.openssh.enable or false)
then map (e: e.path) (lib.filter (e: e.type == "rsa" || e.type == "ed25519") config.services.openssh.hostKeys)
else [];
'';
description = ''
Path to SSH keys to be used as identities in age decryption.
'';
};
};
config = mkIf (cfg.secrets != { }) (mkMerge [
{
assertions = [
{
assertion = cfg.identityPaths != [ ];
message = "age.identityPaths must be set, for example by enabling openssh.";
}
];
}
(optionalAttrs (!isDarwin) {
# When using sysusers we no longer be started as an activation script
# because those are started in initrd while sysusers is started later.
systemd.services.agenix-install-secrets = mkIf sysusersEnabled {
wantedBy = [ "sysinit.target" ];
after = [ "systemd-sysusers.service" ];
unitConfig.DefaultDependencies = "no";
path = [ pkgs.mount ];
serviceConfig = {
Type = "oneshot";
ExecStart = pkgs.writeShellScript "agenix-install" (concatLines [
newGeneration
installSecrets
chownSecrets
]);
RemainAfterExit = true;
};
};
# Create a new directory full of secrets for symlinking (this helps
# ensure removed secrets are actually removed, or at least become
# invalid symlinks).
system.activationScripts = mkIf (!sysusersEnabled) {
agenixNewGeneration = {
text = newGeneration;
deps = [
"specialfs"
];
};
agenixInstall = {
text = installSecrets;
deps = [
"agenixNewGeneration"
"specialfs"
];
};
# So user passwords can be encrypted.
users.deps = [ "agenixInstall" ];
# Change ownership and group after users and groups are made.
agenixChown = {
text = chownSecrets;
deps = [
"users"
"groups"
];
};
# So other activation scripts can depend on agenix being done.
agenix = {
text = "";
deps = [ "agenixChown" ];
};
};
})
(optionalAttrs isDarwin {
launchd.daemons.activate-agenix = {
script = ''
set -e
set -o pipefail
export PATH="${pkgs.gnugrep}/bin:${pkgs.coreutils}/bin:@out@/sw/bin:/usr/bin:/bin:/usr/sbin:/sbin"
${newGeneration}
${installSecrets}
${chownSecrets}
exit 0
'';
serviceConfig = {
RunAtLoad = true;
KeepAlive.SuccessfulExit = false;
};
};
})
]);
}

9
m/module/debuginfod.nix
View File

@@ -1,3 +1,10 @@
{ {
services.nixseparatedebuginfod.enable = true; services.nixseparatedebuginfod2 = {
enable = true;
substituters = [
"local:"
"https://cache.nixos.org"
"http://hut/cache"
];
};
} }

18
m/module/slurm-client.nix
View File

@@ -1,4 +1,4 @@
{ lib, ... }: { lib, pkgs, ... }:
{ {
imports = [ imports = [
@@ -21,4 +21,20 @@
}; };
services.slurm.client.enable = true; services.slurm.client.enable = true;
# Only allow SSH connections from users who have a SLURM allocation
# See: https://slurm.schedmd.com/pam_slurm_adopt.html
security.pam.services.sshd.rules.account.slurm = {
control = "required";
enable = true;
modulePath = "${pkgs.slurm}/lib/security/pam_slurm_adopt.so";
args = [ "log_level=debug5" ];
order = 999999; # Make it last one
};
# Disable systemd session (pam_systemd.so) as it will conflict with the
# pam_slurm_adopt.so module. What happens is that the shell is first adopted
# into the slurmstepd task and then into the systemd session, which is not
# what we want, otherwise it will linger even if all jobs are gone.
security.pam.services.sshd.startSession = lib.mkForce false;
} }

41
m/module/slurm-common.nix
View File

@@ -1,31 +1,6 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
let {
suspendProgram = pkgs.writeShellScript "suspend.sh" ''
exec 1>>/var/log/power_save.log 2>>/var/log/power_save.log
set -x
export "PATH=/run/current-system/sw/bin:$PATH"
echo "$(date) Suspend invoked $0 $*" >> /var/log/power_save.log
hosts=$(scontrol show hostnames $1)
for host in $hosts; do
echo Shutting down host: $host
ipmitool -I lanplus -H ''${host}-ipmi -P "" -U "" chassis power off
done
'';
resumeProgram = pkgs.writeShellScript "resume.sh" ''
exec 1>>/var/log/power_save.log 2>>/var/log/power_save.log
set -x
export "PATH=/run/current-system/sw/bin:$PATH"
echo "$(date) Suspend invoked $0 $*" >> /var/log/power_save.log
hosts=$(scontrol show hostnames $1)
for host in $hosts; do
echo Starting host: $host
ipmitool -I lanplus -H ''${host}-ipmi -P "" -U "" chassis power on
done
'';
in {
services.slurm = { services.slurm = {
controlMachine = "apex"; controlMachine = "apex";
clusterName = "jungle"; clusterName = "jungle";
@@ -59,16 +34,6 @@ in {
# the resources. Use the task/cgroup plugin to enable process containment. # the resources. Use the task/cgroup plugin to enable process containment.
TaskPlugin=task/affinity,task/cgroup TaskPlugin=task/affinity,task/cgroup
# Power off unused nodes until they are requested
SuspendProgram=${suspendProgram}
SuspendTimeout=60
ResumeProgram=${resumeProgram}
ResumeTimeout=300
SuspendExcNodes=fox
# Turn the nodes off after 1 hour of inactivity
SuspendTime=3600
# Reduce port range so we can allow only this range in the firewall # Reduce port range so we can allow only this range in the firewall
SrunPortRange=60000-61000 SrunPortRange=60000-61000
@@ -86,9 +51,7 @@ in {
# when a task runs (srun) so we can ssh early. # when a task runs (srun) so we can ssh early.
PrologFlags=Alloc,Contain,X11 PrologFlags=Alloc,Contain,X11
# LaunchParameters=ulimit_pam_adopt will set RLIMIT_RSS in processes LaunchParameters=use_interactive_step
# adopted by the external step, similar to tasks running in regular steps
# LaunchParameters=ulimit_pam_adopt
SlurmdDebug=debug5 SlurmdDebug=debug5
#DebugFlags=Protocol,Cgroup #DebugFlags=Protocol,Cgroup
''; '';

4
m/tent/nginx.nix
View File

@@ -4,8 +4,8 @@ let
name = "jungle-web"; name = "jungle-web";
src = pkgs.fetchgit { src = pkgs.fetchgit {
url = "https://jungle.bsc.es/git/rarias/jungle-website.git"; url = "https://jungle.bsc.es/git/rarias/jungle-website.git";
rev = "739bf0175a7f05380fe7ad7023ff1d60db1710e1"; rev = "52abaf4d71652a9ef77a0b098db14ca33bffff4c";
hash = "sha256-ea5DzhYTzZ9TmqD+x95rdNdLbxPnBluqlYH2NmBYmc4="; hash = "sha256-/ul9GazbOrOkmlvSgDz/+2W+V+ir5725Y7mVLc3rb0M=";
}; };
buildInputs = [ pkgs.hugo ]; buildInputs = [ pkgs.hugo ];
buildPhase = '' buildPhase = ''

38
overlay.nix
View File

@@ -7,6 +7,7 @@ let
callPackage = final.callPackage; callPackage = final.callPackage;
bscPkgs = { bscPkgs = {
agenix = prev.callPackage ./pkgs/agenix/default.nix { };
amd-uprof = prev.callPackage ./pkgs/amd-uprof/default.nix { }; amd-uprof = prev.callPackage ./pkgs/amd-uprof/default.nix { };
bench6 = callPackage ./pkgs/bench6/default.nix { }; bench6 = callPackage ./pkgs/bench6/default.nix { };
bigotes = callPackage ./pkgs/bigotes/default.nix { }; bigotes = callPackage ./pkgs/bigotes/default.nix { };
@@ -29,13 +30,15 @@ let
amd-uprof-driver = _prev.callPackage ./pkgs/amd-uprof/driver.nix { }; amd-uprof-driver = _prev.callPackage ./pkgs/amd-uprof/driver.nix { };
}); });
lmbench = callPackage ./pkgs/lmbench/default.nix { }; lmbench = callPackage ./pkgs/lmbench/default.nix { };
mcxx = callPackage ./pkgs/mcxx/default.nix { }; # Broken and unmantained
# mcxx = callPackage ./pkgs/mcxx/default.nix { };
meteocat-exporter = prev.callPackage ./pkgs/meteocat-exporter/default.nix { }; meteocat-exporter = prev.callPackage ./pkgs/meteocat-exporter/default.nix { };
mpi = final.mpich; # Set MPICH as default mpi = final.mpich; # Set MPICH as default
mpich = callPackage ./pkgs/mpich/default.nix { mpich = prev.mpich; }; mpich = callPackage ./pkgs/mpich/default.nix { mpich = prev.mpich; };
nanos6 = callPackage ./pkgs/nanos6/default.nix { }; nanos6 = callPackage ./pkgs/nanos6/default.nix { };
nanos6Debug = final.nanos6.override { enableDebug = true; }; nanos6Debug = final.nanos6.override { enableDebug = true; };
nixtools = callPackage ./pkgs/nixtools/default.nix { }; nixtools = callPackage ./pkgs/nixtools/default.nix { };
nixgen = callPackage ./pkgs/nixgen/default.nix { };
# Broken because of pkgsStatic.libcap # Broken because of pkgsStatic.libcap
# See: https://github.com/NixOS/nixpkgs/pull/268791 # See: https://github.com/NixOS/nixpkgs/pull/268791
#nix-wrap = callPackage ./pkgs/nix-wrap/default.nix { }; #nix-wrap = callPackage ./pkgs/nix-wrap/default.nix { };
@@ -47,9 +50,12 @@ let
ovni = callPackage ./pkgs/ovni/default.nix { }; ovni = callPackage ./pkgs/ovni/default.nix { };
ovniGit = final.ovni.override { useGit = true; }; ovniGit = final.ovni.override { useGit = true; };
paraverKernel = callPackage ./pkgs/paraver/kernel.nix { }; paraverKernel = callPackage ./pkgs/paraver/kernel.nix { };
pocl = callPackage ./pkgs/pocl/default.nix { };
pocl-noicd = callPackage ./pkgs/pocl/default.nix { enableICD = false; };
prometheus-slurm-exporter = prev.callPackage ./pkgs/slurm-exporter/default.nix { }; prometheus-slurm-exporter = prev.callPackage ./pkgs/slurm-exporter/default.nix { };
#pscom = callPackage ./pkgs/parastation/pscom.nix { }; # Unmaintaned #pscom = callPackage ./pkgs/parastation/pscom.nix { }; # Unmaintaned
#psmpi = callPackage ./pkgs/parastation/psmpi.nix { }; # Unmaintaned #psmpi = callPackage ./pkgs/parastation/psmpi.nix { }; # Unmaintaned
slurm = import ./pkgs/slurm/default.nix { slurm = prev.slurm; };
sonar = callPackage ./pkgs/sonar/default.nix { }; sonar = callPackage ./pkgs/sonar/default.nix { };
stdenvClangOmpss2 = final.stdenv.override { cc = final.clangOmpss2; allowedRequisites = null; }; stdenvClangOmpss2 = final.stdenv.override { cc = final.clangOmpss2; allowedRequisites = null; };
stdenvClangOmpss2Nanos6 = final.stdenv.override { cc = final.clangOmpss2Nanos6; allowedRequisites = null; }; stdenvClangOmpss2Nanos6 = final.stdenv.override { cc = final.clangOmpss2Nanos6; allowedRequisites = null; };
@@ -58,7 +64,16 @@ let
tagaspi = callPackage ./pkgs/tagaspi/default.nix { }; tagaspi = callPackage ./pkgs/tagaspi/default.nix { };
tampi = callPackage ./pkgs/tampi/default.nix { }; tampi = callPackage ./pkgs/tampi/default.nix { };
upc-qaire-exporter = prev.callPackage ./pkgs/upc-qaire-exporter/default.nix { }; upc-qaire-exporter = prev.callPackage ./pkgs/upc-qaire-exporter/default.nix { };
taopencl = callPackage ./pkgs/taopencl/default.nix { };
wxparaver = callPackage ./pkgs/paraver/default.nix { }; wxparaver = callPackage ./pkgs/paraver/default.nix { };
gromacs = callPackage ./pkgs/gromacs/default.nix { enableSYCL = true; };
_cuda = prev._cuda.extend (_: _prev: final.lib.recursiveUpdate _prev {
extensions = _prev.extensions ++ [(finalAttrs: _: {
tacuda = finalAttrs.callPackage ./pkgs/tacuda/default.nix { };
})];
});
}; };
tests = rec { tests = rec {
@@ -92,20 +107,29 @@ let
clangNosvOmpv-ld = callPackage ./test/compilers/clang-openmp-ld.nix { clangNosvOmpv-ld = callPackage ./test/compilers/clang-openmp-ld.nix {
stdenv = final.stdenvClangOmpss2NodesOmpv; stdenv = final.stdenvClangOmpss2NodesOmpv;
}; };
ocl-build = callPackage ./test/compilers/opencl.nix { };
ocl-build-noicd = callPackage ./test/compilers/opencl.nix { ocl-icd = final.pocl-noicd; };
pocl = callPackage ./test/compilers/pocl.nix { };
ocl-run-pocl = ocl-build.test-icd;
ocl-run-pocl-noicd = ocl-build-noicd.test-noicd;
}; };
# For now, only build toplevel packages in CI/Hydra # For now, only build toplevel packages in CI/Hydra
pkgsTopLevel = filterAttrs (_: isDerivation) bscPkgs; pkgsTopLevel = filterAttrs (_: isDerivation) bscPkgs;
# Native build in that platform doesn't imply cross build works # Native build in that platform doesn't imply cross build works
canCrossCompile = platform: pkg: canCrossCompile = platform: default: pkg:
(isDerivation pkg) && (isDerivation pkg) &&
# Must be defined explicitly # If meta.cross is undefined, use default
(pkg.meta.cross or false) && (pkg.meta.cross or default) &&
(meta.availableOn platform pkg); (meta.availableOn final.pkgsCross.${platform}.stdenv.hostPlatform pkg);
# For now only RISC-V # For now only RISC-V
crossSet = { riscv64 = final.pkgsCross.riscv64.bsc.pkgsTopLevel; }; crossSet = genAttrs [ "riscv64" ] (platform:
filterAttrs (_: canCrossCompile platform true)
final.pkgsCross.${platform}.bsc.pkgsTopLevel);
buildList = name: paths: buildList = name: paths:
final.runCommandLocal name { } '' final.runCommandLocal name { } ''
@@ -125,7 +149,7 @@ let
# For now only RISC-V # For now only RISC-V
crossList = buildList "ci-cross" crossList = buildList "ci-cross"
(filter (filter
(canCrossCompile final.pkgsCross.riscv64.stdenv.hostPlatform) (canCrossCompile "riscv64" false) # opt-in (pkgs with: meta.cross = true)
(builtins.attrValues crossSet.riscv64)); (builtins.attrValues crossSet.riscv64));
in bscPkgs // { in bscPkgs // {

212
pkgs/agenix/agenix.sh Normal file
View File

@@ -0,0 +1,212 @@
#!/usr/bin/env bash
set -Eeuo pipefail
PACKAGE="agenix"
function show_help () {
echo "$PACKAGE - edit and rekey age secret files"
echo " "
echo "$PACKAGE -e FILE [-i PRIVATE_KEY]"
echo "$PACKAGE -r [-i PRIVATE_KEY]"
echo ' '
echo 'options:'
echo '-h, --help show help'
# shellcheck disable=SC2016
echo '-e, --edit FILE edits FILE using $EDITOR'
echo '-r, --rekey re-encrypts all secrets with specified recipients'
echo '-d, --decrypt FILE decrypts FILE to STDOUT'
echo '-i, --identity identity to use when decrypting'
echo '-v, --verbose verbose output'
echo ' '
echo 'FILE an age-encrypted file'
echo ' '
echo 'PRIVATE_KEY a path to a private SSH key used to decrypt file'
echo ' '
echo 'EDITOR environment variable of editor to use when editing FILE'
echo ' '
echo 'If STDIN is not interactive, EDITOR will be set to "cp /dev/stdin"'
echo ' '
echo 'RULES environment variable with path to Nix file specifying recipient public keys.'
echo "Defaults to './secrets.nix'"
echo ' '
echo "agenix version: @version@"
echo "age binary path: @ageBin@"
echo "age version: $(@ageBin@ --version)"
}
function warn() {
printf '%s\n' "$*" >&2
}
function err() {
warn "$*"
exit 1
}
test $# -eq 0 && (show_help && exit 1)
REKEY=0
DECRYPT_ONLY=0
DEFAULT_DECRYPT=(--decrypt)
while test $# -gt 0; do
case "$1" in
-h|--help)
show_help
exit 0
;;
-e|--edit)
shift
if test $# -gt 0; then
export FILE=$1
else
echo "no FILE specified"
exit 1
fi
shift
;;
-i|--identity)
shift
if test $# -gt 0; then
DEFAULT_DECRYPT+=(--identity "$1")
else
echo "no PRIVATE_KEY specified"
exit 1
fi
shift
;;
-r|--rekey)
shift
REKEY=1
;;
-d|--decrypt)
shift
DECRYPT_ONLY=1
if test $# -gt 0; then
export FILE=$1
else
echo "no FILE specified"
exit 1
fi
shift
;;
-v|--verbose)
shift
set -x
;;
*)
show_help
exit 1
;;
esac
done
RULES=${RULES:-./secrets.nix}
function cleanup {
if [ -n "${CLEARTEXT_DIR+x}" ]
then
rm -rf -- "$CLEARTEXT_DIR"
fi
if [ -n "${REENCRYPTED_DIR+x}" ]
then
rm -rf -- "$REENCRYPTED_DIR"
fi
}
trap "cleanup" 0 2 3 15
function keys {
(@nixInstantiate@ --json --eval --strict -E "(let rules = import $RULES; in rules.\"$1\".publicKeys)" | @jqBin@ -r .[]) || exit 1
}
function armor {
(@nixInstantiate@ --json --eval --strict -E "(let rules = import $RULES; in (builtins.hasAttr \"armor\" rules.\"$1\" && rules.\"$1\".armor))") || exit 1
}
function decrypt {
FILE=$1
KEYS=$2
if [ -z "$KEYS" ]
then
err "There is no rule for $FILE in $RULES."
fi
if [ -f "$FILE" ]
then
DECRYPT=("${DEFAULT_DECRYPT[@]}")
if [[ "${DECRYPT[*]}" != *"--identity"* ]]; then
if [ -f "$HOME/.ssh/id_rsa" ]; then
DECRYPT+=(--identity "$HOME/.ssh/id_rsa")
fi
if [ -f "$HOME/.ssh/id_ed25519" ]; then
DECRYPT+=(--identity "$HOME/.ssh/id_ed25519")
fi
fi
if [[ "${DECRYPT[*]}" != *"--identity"* ]]; then
err "No identity found to decrypt $FILE. Try adding an SSH key at $HOME/.ssh/id_rsa or $HOME/.ssh/id_ed25519 or using the --identity flag to specify a file."
fi
@ageBin@ "${DECRYPT[@]}" -- "$FILE" || exit 1
fi
}
function edit {
FILE=$1
KEYS=$(keys "$FILE") || exit 1
ARMOR=$(armor "$FILE") || exit 1
CLEARTEXT_DIR=$(@mktempBin@ -d)
CLEARTEXT_FILE="$CLEARTEXT_DIR/$(basename -- "$FILE")"
DEFAULT_DECRYPT+=(-o "$CLEARTEXT_FILE")
decrypt "$FILE" "$KEYS" || exit 1
[ ! -f "$CLEARTEXT_FILE" ] || cp -- "$CLEARTEXT_FILE" "$CLEARTEXT_FILE.before"
[ -t 0 ] || EDITOR='cp -- /dev/stdin'
$EDITOR "$CLEARTEXT_FILE"
if [ ! -f "$CLEARTEXT_FILE" ]
then
warn "$FILE wasn't created."
return
fi
[ -f "$FILE" ] && [ "$EDITOR" != ":" ] && @diffBin@ -q -- "$CLEARTEXT_FILE.before" "$CLEARTEXT_FILE" && warn "$FILE wasn't changed, skipping re-encryption." && return
ENCRYPT=()
if [[ "$ARMOR" == "true" ]]; then
ENCRYPT+=(--armor)
fi
while IFS= read -r key
do
if [ -n "$key" ]; then
ENCRYPT+=(--recipient "$key")
fi
done <<< "$KEYS"
REENCRYPTED_DIR=$(@mktempBin@ -d)
REENCRYPTED_FILE="$REENCRYPTED_DIR/$(basename -- "$FILE")"
ENCRYPT+=(-o "$REENCRYPTED_FILE")
@ageBin@ "${ENCRYPT[@]}" <"$CLEARTEXT_FILE" || exit 1
mkdir -p -- "$(dirname -- "$FILE")"
mv -f -- "$REENCRYPTED_FILE" "$FILE"
}
function rekey {
FILES=$( (@nixInstantiate@ --json --eval -E "(let rules = import $RULES; in builtins.attrNames rules)" | @jqBin@ -r .[]) || exit 1)
for FILE in $FILES
do
warn "rekeying $FILE..."
EDITOR=: edit "$FILE"
cleanup
done
}
[ $REKEY -eq 1 ] && rekey && exit 0
[ $DECRYPT_ONLY -eq 1 ] && DEFAULT_DECRYPT+=("-o" "-") && decrypt "${FILE}" "$(keys "$FILE")" && exit 0
edit "$FILE" && cleanup && exit 0

66
pkgs/agenix/default.nix Normal file
View File

@@ -0,0 +1,66 @@
{
lib,
stdenv,
age,
jq,
nix,
mktemp,
diffutils,
replaceVars,
ageBin ? "${age}/bin/age",
shellcheck,
}:
let
bin = "${placeholder "out"}/bin/agenix";
in
stdenv.mkDerivation rec {
pname = "agenix";
version = "0.15.0";
src = replaceVars ./agenix.sh {
inherit ageBin version;
jqBin = "${jq}/bin/jq";
nixInstantiate = "${nix}/bin/nix-instantiate";
mktempBin = "${mktemp}/bin/mktemp";
diffBin = "${diffutils}/bin/diff";
};
dontUnpack = true;
doInstallCheck = true;
installCheckInputs = [ shellcheck ];
postInstallCheck = ''
shellcheck ${bin}
${bin} -h | grep ${version}
test_tmp=$(mktemp -d 2>/dev/null || mktemp -d -t 'mytmpdir')
export HOME="$test_tmp/home"
export NIX_STORE_DIR="$test_tmp/nix/store"
export NIX_STATE_DIR="$test_tmp/nix/var"
mkdir -p "$HOME" "$NIX_STORE_DIR" "$NIX_STATE_DIR"
function cleanup {
rm -rf "$test_tmp"
}
trap "cleanup" 0 2 3 15
mkdir -p $HOME/.ssh
cp -r "${./example}" $HOME/secrets
chmod -R u+rw $HOME/secrets
(
umask u=rw,g=r,o=r
cp ${./example_keys/user1.pub} $HOME/.ssh/id_ed25519.pub
chown $UID $HOME/.ssh/id_ed25519.pub
)
(
umask u=rw,g=,o=
cp ${./example_keys/user1} $HOME/.ssh/id_ed25519
chown $UID $HOME/.ssh/id_ed25519
)
cd $HOME/secrets
test $(${bin} -d secret1.age) = "hello"
'';
installPhase = ''
install -D $src ${bin}
'';
meta.description = "age-encrypted secrets for NixOS";
}

7
pkgs/agenix/example/-leading-hyphen-filename.age Normal file
View File

@@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 V3XmEA zirqdzZZ1E+sedBn7fbEHq4ntLEkokZ4GctarBBOHXY
Rvs5YHaAUeCZyNwPedubPcHClWYIuXXWA5zadXPWY6w
-> ssh-ed25519 KLPP8w BVp4rDkOYSQyn8oVeHFeinSqW+pdVtxBF9+5VM1yORY
bMwppAi8Nhz0328taU4AzUkTVyWtSLvFZG6c5W/Fs78
--- xCbqLhXAcOziO2wmbjTiSQfZvt5Rlsc4SCvF+iEzpQA
<EFBFBD>KB<EFBFBD><EFBFBD>/<2F>Z<><5A>r<EFBFBD>%<01><>4<EFBFBD><34><EFBFBD>Mq5<71><35>_<EFBFBD><5F>ݒ<><DD92><EFBFBD><EFBFBD><EFBFBD>11 ܨqM;& <20><>Lr<4C><72><EFBFBD>f<EFBFBD><66><EFBFBD>]>N

7
pkgs/agenix/example/armored-secret.age Normal file
View File

@@ -0,0 +1,7 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFYzWG1FQSBpZkZW
aFpLNnJxc0VUMHRmZ2dZS0pjMGVENnR3OHd5K0RiT1RjRUhibFZBCnN5UG5vUjA3
SXpsNGtiVUw4T0tIVFo5Wkk5QS9NQlBndzVvektiQ0ozc0kKLS0tIGxyY1Q4dEZ1
VGZEanJyTFNta2JNRmpZb2FnK2JyS1hSVml1UGdMNWZKQXMKYla+wTXcRedyZoEb
LVWaSx49WoUTU0KBPJg9RArxaeC23GoCDzR/aM/1DvYU
-----END AGE ENCRYPTED FILE-----

9
pkgs/agenix/example/passwordfile-user1.age Normal file
View File

@@ -0,0 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 KLPP8w s1DYZRlZuSsyhmZCF1lFB+E9vB8bZ/+ZhBRlx8nprwE
nmYVCsVBrX2CFXXPU+D+bbkkIe/foofp+xoUrg9DHZw
-> ssh-ed25519 V3XmEA Pwv3oCwcY0DX8rY48UNfsj9RumWsn4dbgorYHCwObgI
FKxRYkL3JHtJxUwymWDF0rAtJ33BivDI6IfPsfumM90
-> V'v(/u$-grease em/Vgf 2qDuk
7I3iiQLPGi1COML9u/JeYkr7EqbSLoU
--- 57WJRigUGtmcObrssS3s4PvmR8wgh1AOC/ijJn1s3xI
<EFBFBD>'K<>ƷY&<26>7G<37>O<EFBFBD><4F>Fj<13>k<EFBFBD>X<EFBFBD><58>BnuJ<75><4A>:9<>(<><7F><EFBFBD>X<EFBFBD>#<23>A<EFBFBD><41><EFBFBD><EFBFBD>ڧj<DAA7>,<02>_<17><><EFBFBD>?<3F>Z<EFBFBD><17>v<EFBFBD><76>V<EFBFBD>96]oks~%<25>c <04>e^C<>%JQ5<51><H<>z}<7D>C<EFBFBD>,<2C>p<EFBFBD><70>*!W<><57><EFBFBD>A<EFBFBD><41><EFBFBD>҅dC<15>K)<10><>-<2D>y

BIN
pkgs/agenix/example/secret1.age Normal file
View File

Binary file not shown.

5
pkgs/agenix/example/secret2.age Normal file
View File

@@ -0,0 +1,5 @@
age-encryption.org/v1
-> ssh-ed25519 V3XmEA OB4+1FbPhQ3r6iGksM7peWX5it8NClpXIq/o5nnP7GA
FmHVUj+A5i5+bDFgySQskmlvynnosJiWUTJmBRiNA9I
--- tP+3mFVtd7ogVu1Lkboh55zoi5a77Ht08Uc/QuIviv4
<EFBFBD><EFBFBD>X<EFBFBD>{<7B><>O<EFBFBD><4F><1F><04>tMXx<58>vӪ(<28>I<EFBFBD>myP<79><50><EFBFBD><EFBFBD>+3<>S3i

23
pkgs/agenix/example/secrets.nix Normal file
View File

@@ -0,0 +1,23 @@
let
user1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL0idNvgGiucWgup/mP78zyC23uFjYq0evcWdjGQUaBH";
system1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPJDyIr/FSz1cJdcoW69R+NrWzwGK/+3gJpqD1t8L2zE";
in
{
"secret1.age".publicKeys = [
user1
system1
];
"secret2.age".publicKeys = [ user1 ];
"passwordfile-user1.age".publicKeys = [
user1
system1
];
"-leading-hyphen-filename.age".publicKeys = [
user1
system1
];
"armored-secret.age" = {
publicKeys = [ user1 ];
armor = true;
};
}

7
pkgs/agenix/example_keys/system1 Normal file
View File

@@ -0,0 +1,7 @@
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
QyNTUxOQAAACDyQ8iK/xUs9XCXXKFuvUfja1s8Biv/t4Caag9bfC9sxAAAAJA3yvCWN8rw
lgAAAAtzc2gtZWQyNTUxOQAAACDyQ8iK/xUs9XCXXKFuvUfja1s8Biv/t4Caag9bfC9sxA
AAAEA+J2V6AG1NriAIvnNKRauIEh1JE9HSdhvKJ68a5Fm0w/JDyIr/FSz1cJdcoW69R+Nr
WzwGK/+3gJpqD1t8L2zEAAAADHJ5YW50bUBob21lMQE=
-----END OPENSSH PRIVATE KEY-----

1
pkgs/agenix/example_keys/system1.pub Normal file
View File

@@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPJDyIr/FSz1cJdcoW69R+NrWzwGK/+3gJpqD1t8L2zE

7
pkgs/agenix/example_keys/user1 Normal file
View File

@@ -0,0 +1,7 @@
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
QyNTUxOQAAACC9InTb4BornFoLqf5j+/M8gtt7hY2KtHr3FnYxkFGgRwAAAJC2JJ8htiSf
IQAAAAtzc2gtZWQyNTUxOQAAACC9InTb4BornFoLqf5j+/M8gtt7hY2KtHr3FnYxkFGgRw
AAAEDxt5gC/s53IxiKAjfZJVCCcFIsdeERdIgbYhLO719+Kb0idNvgGiucWgup/mP78zyC
23uFjYq0evcWdjGQUaBHAAAADHJ5YW50bUBob21lMQE=
-----END OPENSSH PRIVATE KEY-----

1
pkgs/agenix/example_keys/user1.pub Normal file
View File

@@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL0idNvgGiucWgup/mP78zyC23uFjYq0evcWdjGQUaBH

23
pkgs/agenix/update.sh Executable file
View File

@@ -0,0 +1,23 @@
#!/bin/sh
set -e
# All operations are done relative to root
GITROOT=$(git rev-parse --show-toplevel)
cd "$GITROOT"
REVISION=${1:-main}
TMPCLONE=$(mktemp -d)
trap "rm -rf ${TMPCLONE}" EXIT
git clone https://github.com/ryantm/agenix.git --revision="$REVISION" "$TMPCLONE" --depth=1
cp "${TMPCLONE}/pkgs/agenix.sh" pkgs/agenix/agenix.sh
cp "${TMPCLONE}/pkgs/agenix.nix" pkgs/agenix/default.nix
sed -i 's#../example#./example#' pkgs/agenix/default.nix
cp "${TMPCLONE}/example/"* pkgs/agenix/example/
cp "${TMPCLONE}/example_keys/"* pkgs/agenix/example_keys/
cp "${TMPCLONE}/modules/age.nix" m/module/agenix.nix

2
pkgs/amd-uprof/default.nix
View File

@@ -90,7 +90,7 @@ in
meta = { meta = {
description = "Performance analysis tool-suite for x86 based applications"; description = "Performance analysis tool-suite for x86 based applications";
homepage = "https://www.amd.com/es/developer/uprof.html"; homepage = "https://www.amd.com/es/developer/uprof.html";
platforms = lib.platforms.linux; platforms = [ "x86_64-linux" ];
license = lib.licenses.unfree; license = lib.licenses.unfree;
maintainers = with lib.maintainers.bsc; [ rarias varcila ]; maintainers = with lib.maintainers.bsc; [ rarias varcila ];
}; };

2
pkgs/amd-uprof/driver.nix
View File

@@ -19,7 +19,7 @@ in stdenv.mkDerivation {
''; '';
hardeningDisable = [ "pic" "format" ]; hardeningDisable = [ "pic" "format" ];
nativeBuildInputs = kernel.moduleBuildDependencies; nativeBuildInputs = kernel.moduleBuildDependencies;
patches = [ ./makefile.patch ./hrtimer.patch ]; patches = [ ./makefile.patch ./hrtimer.patch ./remove-wr-rdmsrq.patch ];
makeFlags = [ makeFlags = [
"KERNEL_VERSION=${kernel.modDirVersion}" "KERNEL_VERSION=${kernel.modDirVersion}"
"KERNEL_DIR=${kernel.dev}/lib/modules/${kernel.modDirVersion}/build" "KERNEL_DIR=${kernel.dev}/lib/modules/${kernel.modDirVersion}/build"

20
pkgs/amd-uprof/remove-wr-rdmsrq.patch Normal file
View File

@@ -0,0 +1,20 @@
diff --git a/inc/PwrProfAsm.h b/inc/PwrProfAsm.h
index d77770a..c93a0e9 100644
--- a/inc/PwrProfAsm.h
+++ b/inc/PwrProfAsm.h
@@ -347,6 +347,7 @@
#endif
+/*
#define rdmsrq(msr,val1,val2,val3,val4) ({ \
__asm__ __volatile__( \
"rdmsr\n" \
@@ -362,6 +363,7 @@
:"c"(msr), "a"(val1), "d"(val2), "S"(val3), "D"(val4) \
); \
})
+*/
#define rdmsrpw(msr,val1,val2,val3,val4) ({ \
__asm__ __volatile__( \

8
pkgs/cudainfo/default.nix
View File

@@ -1,5 +1,6 @@
{ {
stdenv stdenv
, lib
, cudatoolkit , cudatoolkit
, cudaPackages , cudaPackages
, autoAddDriverRunpath , autoAddDriverRunpath
@@ -11,7 +12,7 @@ stdenv.mkDerivation (finalAttrs: {
src = ./.; src = ./.;
buildInputs = [ buildInputs = [
cudatoolkit # Required for nvcc cudatoolkit # Required for nvcc
cudaPackages.cuda_cudart.static # Required for -lcudart_static (lib.getOutput "static" cudaPackages.cuda_cudart) # Required for -lcudart_static
autoAddDriverRunpath autoAddDriverRunpath
]; ];
installPhase = '' installPhase = ''
@@ -40,4 +41,9 @@ stdenv.mkDerivation (finalAttrs: {
''; '';
installPhase = "touch $out"; installPhase = "touch $out";
}; };
meta = {
platforms = [ "x86_64-linux" ];
maintainers = with lib.maintainers.bsc; [ rarias ];
};
}) })

17
pkgs/gpi-2/default.nix
View File

@@ -9,7 +9,6 @@
, automake , automake
, libtool , libtool
, mpi , mpi
, rsync
, gfortran , gfortran
}: }:
@@ -44,13 +43,24 @@ stdenv.mkDerivation rec {
configureFlags = [ configureFlags = [
"--with-infiniband=${rdma-core-all}" "--with-infiniband=${rdma-core-all}"
"--with-mpi=${mpiAll}" "--with-mpi=yes" # fixes mpi detection when cross-compiling
"--with-slurm" "--with-slurm"
"CFLAGS=-fPIC" "CFLAGS=-fPIC"
"CXXFLAGS=-fPIC" "CXXFLAGS=-fPIC"
]; ];
buildInputs = [ slurm mpiAll rdma-core-all autoconf automake libtool rsync gfortran ]; nativeBuildInputs = [
autoconf
automake
gfortran
libtool
];
buildInputs = [
slurm
mpiAll
rdma-core-all
];
hardeningDisable = [ "all" ]; hardeningDisable = [ "all" ];
@@ -60,5 +70,6 @@ stdenv.mkDerivation rec {
maintainers = with lib.maintainers.bsc; [ rarias ]; maintainers = with lib.maintainers.bsc; [ rarias ];
platforms = lib.platforms.linux; platforms = lib.platforms.linux;
license = lib.licenses.gpl3Plus; license = lib.licenses.gpl3Plus;
cross = false; # infiniband detection does not work
}; };
} }

190
pkgs/gromacs/default.nix Normal file
View File

@@ -0,0 +1,190 @@
{
lib,
stdenv,
fetchurl,
cmake,
hwloc,
fftw,
perl,
blas,
lapack,
llvmPackages,
intelPackages ? null,
mpi,
cudaPackages,
plumed,
singlePrec ? true,
config,
enableSYCL ? false,
enableCuda ? config.cudaSupport,
enableMpi ? false,
enablePlumed ? false,
cpuAcceleration ? null,
}:
# CUDA is only implemented for single precission
assert enableCuda -> singlePrec;
assert !(enableSYCL && enableCuda);
assert enableSYCL -> intelPackages != null;
let
inherit (cudaPackages.flags) cmakeCudaArchitecturesString;
# Select reasonable defaults for all major platforms
# The possible values are defined in CMakeLists.txt:
# AUTO None SSE2 SSE4.1 AVX_128_FMA AVX_256 AVX2_256
# AVX2_128 AVX_512 AVX_512_KNL MIC ARM_NEON ARM_NEON_ASIMD
SIMD =
x:
if (cpuAcceleration != null) then
x
else if stdenv.hostPlatform.system == "i686-linux" then
"SSE2"
else if stdenv.hostPlatform.system == "x86_64-linux" then
"SSE4.1"
else if stdenv.hostPlatform.system == "x86_64-darwin" then
"SSE4.1"
else if stdenv.hostPlatform.system == "aarch64-linux" then
"ARM_NEON_ASIMD"
else
"None";
source =
if enablePlumed then
{
version = "2024.2";
hash = "sha256-gCp+M18uiVdw9XsVnk7DaOuw/yzm2sz3BsboAlw2hSs=";
}
else
{
version = "2025.3";
hash = "sha256-i9/KAmjz8Qp8o8BuWbYvc+oCQgxnIRwP85EvMteDPGU=";
};
stdenv' = if enableSYCL then intelPackages.stdenv else stdenv;
in
stdenv'.mkDerivation rec {
pname = "gromacs";
version = source.version;
src = fetchurl {
url = "ftp://ftp.gromacs.org/pub/gromacs/gromacs-${version}.tar.gz";
inherit (source) hash;
};
patches = [ (if enablePlumed then ./pkgconfig-2024.patch else ./pkgconfig-2025.patch) ];
postPatch = lib.optionalString enablePlumed ''
plumed patch -p -e gromacs-${source.version}
'';
outputs = [
"out"
"dev"
"man"
];
nativeBuildInputs = [
cmake
]
++ lib.optional enablePlumed plumed
++ lib.optionals enableCuda [ cudaPackages.cuda_nvcc ];
env.MKLROOT = intelPackages.mkl;
buildInputs = [
fftw
perl
hwloc
blas
lapack
]
++ lib.optional enableMpi mpi
++ lib.optionals enableCuda [
cudaPackages.cuda_cccl
cudaPackages.cuda_cudart
cudaPackages.libcufft
cudaPackages.cuda_profiler_api
]
++ lib.optional stdenv.hostPlatform.isDarwin llvmPackages.openmp;
propagatedBuildInputs = lib.optional enableMpi mpi;
propagatedUserEnvPkgs = lib.optional enableMpi mpi;
cmakeFlags = [
(lib.cmakeBool "GMX_HWLOC" true)
"-DGMX_SIMD:STRING=${SIMD cpuAcceleration}"
"-DGMX_OPENMP:BOOL=TRUE"
"-DBUILD_SHARED_LIBS=ON"
]
++ (
if singlePrec then
[
"-DGMX_DOUBLE=OFF"
]
else
[
"-DGMX_DOUBLE=ON"
"-DGMX_DEFAULT_SUFFIX=OFF"
]
)
++ (
if enableMpi then
[
"-DGMX_MPI:BOOL=TRUE"
"-DGMX_THREAD_MPI:BOOL=FALSE"
]
else
[
"-DGMX_MPI:BOOL=FALSE"
]
)
++ (lib.optionals enableSYCL [
"-DGMX_GPU=SYCL"
"-DGMX_OPENMP=OFF" # TODO: enable OpenMP with SYCL?
])
++ lib.optionals enableCuda [
"-DGMX_GPU=CUDA"
(lib.cmakeFeature "CMAKE_CUDA_ARCHITECTURES" cmakeCudaArchitecturesString)
# Gromacs seems to ignore and override the normal variables, so we add this ad hoc:
(lib.cmakeFeature "GMX_CUDA_TARGET_COMPUTE" cmakeCudaArchitecturesString)
];
postInstall = ''
moveToOutput share/cmake $dev
'';
meta = with lib; {
homepage = "https://www.gromacs.org";
license = licenses.lgpl21Plus;
description = "Molecular dynamics software package";
longDescription = ''
GROMACS is a versatile package to perform molecular dynamics,
i.e. simulate the Newtonian equations of motion for systems
with hundreds to millions of particles.
It is primarily designed for biochemical molecules like
proteins, lipids and nucleic acids that have a lot of
complicated bonded interactions, but since GROMACS is
extremely fast at calculating the nonbonded interactions (that
usually dominate simulations) many groups are also using it
for research on non-biological systems, e.g. polymers.
GROMACS supports all the usual algorithms you expect from a
modern molecular dynamics implementation, (check the online
reference or manual for details), but there are also quite a
few features that make it stand out from the competition.
See: https://www.gromacs.org/about.html for details.
'';
platforms = platforms.unix;
maintainers = with maintainers; [
sheepforce
markuskowa
];
};
}

24
pkgs/gromacs/pkgconfig-2024.patch Normal file
View File

@@ -0,0 +1,24 @@
diff --git a/src/external/muparser/muparser.pc.in b/src/external/muparser/muparser.pc.in
index 646787cb53..9b97ad57f7 100644
--- a/src/external/muparser/muparser.pc.in
+++ b/src/external/muparser/muparser.pc.in
@@ -1,7 +1,5 @@
-prefix=@CMAKE_INSTALL_PREFIX@
-exec_prefix=${prefix}
-libdir=${prefix}/@CMAKE_INSTALL_LIBDIR@
-includedir=${prefix}/@CMAKE_INSTALL_INCLUDEDIR@
+libdir=@CMAKE_INSTALL_FULL_LIBDIR@
+includedir=@CMAKE_INSTALL_FULL_INCLUDEDIR@
Name: @PACKAGE_NAME@
Description: Mathematical expressions parser library
diff --git a/src/gromacs/libgromacs.pc.cmakein b/src/gromacs/libgromacs.pc.cmakein
index ec1ed6684e..ca1105474a 100644
--- a/src/gromacs/libgromacs.pc.cmakein
+++ b/src/gromacs/libgromacs.pc.cmakein
@@ -1,4 +1,4 @@
-libdir=@CMAKE_INSTALL_PREFIX@/@CMAKE_INSTALL_LIBDIR@
+libdir=@CMAKE_INSTALL_FULL_LIBDIR@
Name: libgromacs@GMX_LIBS_SUFFIX@
Description: Gromacs library

36
pkgs/gromacs/pkgconfig-2025.patch Normal file
View File

@@ -0,0 +1,36 @@
diff --git a/src/external/muparser/muparser.pc.in b/src/external/muparser/muparser.pc.in
index 646787cb53..d26e84de8f 100644
--- a/src/external/muparser/muparser.pc.in
+++ b/src/external/muparser/muparser.pc.in
@@ -1,11 +1,9 @@
-prefix=@CMAKE_INSTALL_PREFIX@
-exec_prefix=${prefix}
-libdir=${prefix}/@CMAKE_INSTALL_LIBDIR@
-includedir=${prefix}/@CMAKE_INSTALL_INCLUDEDIR@
-
-Name: @PACKAGE_NAME@
-Description: Mathematical expressions parser library
-Version: @MUPARSER_VERSION@
-Requires:
-Libs: -L${libdir} -lmuparser
-Cflags: -I${includedir} @PKG_CONFIG_FLAGS@
+libdir=@CMAKE_INSTALL_FULL_LIBDIR@
+includedir=@CMAKE_INSTALL_FULL_INCLUDEDIR@
+
+Name: @PACKAGE_NAME@
+Description: Mathematical expressions parser library
+Version: @MUPARSER_VERSION@
+Requires:
+Libs: -L${libdir} -lmuparser
+Cflags: -I${includedir} @PKG_CONFIG_FLAGS@
diff --git a/src/gromacs/libgromacs.pc.cmakein b/src/gromacs/libgromacs.pc.cmakein
index af9b5a6dc0..5f58d549bf 100644
--- a/src/gromacs/libgromacs.pc.cmakein
+++ b/src/gromacs/libgromacs.pc.cmakein
@@ -1,5 +1,4 @@
-prefix=@CMAKE_INSTALL_PREFIX@
-libdir=${prefix}/@CMAKE_INSTALL_LIBDIR@
+libdir=@CMAKE_INSTALL_FULL_LIBDIR@
Name: libgromacs@GMX_LIBS_SUFFIX@
Description: Gromacs library

4
pkgs/intel-oneapi/2023.nix
View File

@@ -10,7 +10,7 @@
, zlib , zlib
, autoPatchelfHook , autoPatchelfHook
, libfabric , libfabric
, gcc13 , gcc
, wrapCCWith , wrapCCWith
}: }:
@@ -33,8 +33,6 @@ let
maintainers = with lib.maintainers.bsc; [ abonerib ]; maintainers = with lib.maintainers.bsc; [ abonerib ];
}; };
gcc = gcc13;
v = { v = {
hpckit = "2023.1.0"; hpckit = "2023.1.0";
compiler = "2023.1.0"; compiler = "2023.1.0";

6
pkgs/llvm-ompss2/clang.nix
View File

@@ -16,19 +16,19 @@
, useGit ? false , useGit ? false
, gitUrl ? "ssh://git@bscpm04.bsc.es/llvm-ompss/llvm-mono.git" , gitUrl ? "ssh://git@bscpm04.bsc.es/llvm-ompss/llvm-mono.git"
, gitBranch ? "master" , gitBranch ? "master"
, gitCommit ? "880e2341c56bad1dc14e8c369fb3356bec19018e" , gitCommit ? "872ba63f86edaefc9787984ef3fae9f2f94e0124" # github-release-2025.11
}: }:
let let
stdenv = llvmPackages_latest.stdenv; stdenv = llvmPackages_latest.stdenv;
release = rec { release = rec {
version = "2025.06"; version = "2025.11";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "bsc-pm"; owner = "bsc-pm";
repo = "llvm"; repo = "llvm";
rev = "refs/tags/github-release-${version}"; rev = "refs/tags/github-release-${version}";
hash = "sha256-ww9PpRmtz/M9IyLiZ8rAehx2UW4VpQt+svf4XfKBzKo="; hash = "sha256-UgwMTUkM9Z87dDH205swZFBeFhrcbLAxginViG40pBM=";
}; };
}; };

4
pkgs/llvm-ompss2/default.nix
View File

@@ -27,10 +27,10 @@ let
# We need to replace the lld linker from bintools with our linker just built, # We need to replace the lld linker from bintools with our linker just built,
# otherwise we run into incompatibility issues when mixing compiler and linker # otherwise we run into incompatibility issues when mixing compiler and linker
# versions. # versions.
bintools-unwrapped = llvmPackages_latest.tools.bintools-unwrapped.override { bintools-unwrapped = llvmPackages_latest.bintools-unwrapped.override {
lld = clangOmpss2Unwrapped; lld = clangOmpss2Unwrapped;
}; };
bintools = llvmPackages_latest.tools.bintools.override { bintools = llvmPackages_latest.bintools.override {
bintools = bintools-unwrapped; bintools = bintools-unwrapped;
}; };
targetConfig = stdenv.targetPlatform.config; targetConfig = stdenv.targetPlatform.config;

1
pkgs/mcxx/default.nix
View File

@@ -65,6 +65,7 @@ stdenv.mkDerivation rec {
]; ];
meta = { meta = {
broken = true;
homepage = "https://github.com/bsc-pm/mcxx"; homepage = "https://github.com/bsc-pm/mcxx";
description = "C/C++/Fortran source-to-source compilation infrastructure aimed at fast prototyping"; description = "C/C++/Fortran source-to-source compilation infrastructure aimed at fast prototyping";
maintainers = with lib.maintainers.bsc; [ rpenacob ]; maintainers = with lib.maintainers.bsc; [ rpenacob ];

4
pkgs/meteocat-exporter/default.nix
View File

@@ -1,9 +1,11 @@
{ python3Packages, lib }: { python3Packages, lib }:
python3Packages.buildPythonApplication rec { python3Packages.buildPythonApplication {
pname = "meteocat-exporter"; pname = "meteocat-exporter";
version = "1.0"; version = "1.0";
pyproject = true;
src = ./.; src = ./.;
doCheck = false; doCheck = false;

23
pkgs/mpich/default.nix
View File

@@ -6,6 +6,13 @@
, pmix , pmix
, gfortran , gfortran
, symlinkJoin , symlinkJoin
# Disabled when cross-compiling
# To fix cross compilation, we should fill the values in:
# https://github.com/pmodels/mpich/blob/main/maint/fcrosscompile/cross_values.txt.in
# For each arch
, enableFortran ? stdenv.hostPlatform == stdenv.buildPlatform
, perl
, targetPackages
}: }:
let let
@@ -15,10 +22,13 @@ let
paths = [ pmix.dev pmix.out ]; paths = [ pmix.dev pmix.out ];
}; };
in mpich.overrideAttrs (old: { in mpich.overrideAttrs (old: {
buildInput = old.buildInputs ++ [ buildInputs = old.buildInputs ++ [
libfabric libfabric
pmixAll pmixAll
]; ];
nativeBuildInputs = old.nativeBuildInputs ++ [
perl
];
configureFlags = [ configureFlags = [
"--enable-shared" "--enable-shared"
"--enable-sharedlib" "--enable-sharedlib"
@@ -31,10 +41,21 @@ in mpich.overrideAttrs (old: {
] ++ lib.optionals (lib.versionAtLeast gfortran.version "10") [ ] ++ lib.optionals (lib.versionAtLeast gfortran.version "10") [
"FFLAGS=-fallow-argument-mismatch" # https://github.com/pmodels/mpich/issues/4300 "FFLAGS=-fallow-argument-mismatch" # https://github.com/pmodels/mpich/issues/4300
"FCFLAGS=-fallow-argument-mismatch" "FCFLAGS=-fallow-argument-mismatch"
] ++ lib.optionals (!enableFortran) [
"--disable-fortran"
]; ];
preFixup = ''
sed -i 's:^CC=.*:CC=${targetPackages.stdenv.cc}/bin/${targetPackages.stdenv.cc.targetPrefix}cc:' $out/bin/mpicc
sed -i 's:^CXX=.*:CXX=${targetPackages.stdenv.cc}/bin/${targetPackages.stdenv.cc.targetPrefix}c++:' $out/bin/mpicxx
'' + lib.optionalString enableFortran ''
sed -i 's:^FC=.*:FC=${targetPackages.gfortran or gfortran}/bin/${targetPackages.gfortran.targetPrefix or gfortran.targetPrefix}gfortran:' $out/bin/mpifort
'';
hardeningDisable = [ "all" ]; hardeningDisable = [ "all" ];
meta = old.meta // { meta = old.meta // {
maintainers = old.meta.maintainers ++ (with lib.maintainers.bsc; [ rarias ]); maintainers = old.meta.maintainers ++ (with lib.maintainers.bsc; [ rarias ]);
cross = true;
}; };
}) })

22
pkgs/nixgen/default.nix Normal file
View File

@@ -0,0 +1,22 @@
{
stdenv
, lib
}:
stdenv.mkDerivation {
pname = "nixgen";
version = "0.0.1";
src = ./nixgen;
dontUnpack = true;
phases = [ "installPhase" ];
installPhase = ''
mkdir -p $out/bin
cp -a $src $out/bin/nixgen
'';
meta = {
description = "Quickly generate flake.nix from command line";
maintainers = with lib.maintainers.bsc; [ rarias ];
platforms = lib.platforms.linux;
license = lib.licenses.gpl3Plus;
};
}

97
pkgs/nixgen/nixgen Executable file
View File

@@ -0,0 +1,97 @@
#!/bin/sh
#
# Copyright (c) 2025, Barcelona Supercomputing Center (BSC)
# SPDX-License-Identifier: GPL-3.0+
# Author: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
function usage() {
echo "USAGE: nixgen [-f] [package [...]] [-b package [...]]" >&2
echo " Generates a flake.nix file with the given packages." >&2
echo " After flake.nix is created, use 'nix develop' to enter the shell." >&2
echo "OPTIONS" >&2
echo " -f Overwrite existing flake.nix (default: no)." >&2
echo " packages... Add these packages to the shell." >&2
echo " -b packages... Add the dependencies needed to build these packages." >&2
echo "EXAMPLE" >&2
echo " $ nixgen ovni bigotes -b nosv tampi" >&2
echo " Adds the packages ovni and bigotes as well as all required dependencies" >&2
echo " to build nosv and tampi." >&2
echo "AUTHOR" >&2
echo " Rodrigo Arias Mallo <rodrigo.arias@bsc.es>" >&2
exit 1
}
mode=package
packages=
inputsFrom=
force=
if [[ $# -eq 0 ]]; then
usage
fi
while [[ $# -gt 0 ]]; do
case $1 in -b)
mode=build
shift
;;
-f)
force=1
shift
;;
-h)
usage
;;
-*|--*)
echo "error: unknown option $1" >&2
exit 1
;;
*)
if [ "$mode" == "package" ]; then
packages+="${packages:+ }$1"
else
inputsFrom+="${inputsFrom:+ }$1"
fi
shift
;;
esac
done
if [ ! "$force" -a -e flake.nix ]; then
echo "error: flake.nix exists, force overwrite with -f" >&2
exit 1
fi
cat > flake.nix <<EOF
{
inputs.jungle.url = "git+https://jungle.bsc.es/git/rarias/jungle";
outputs = { self, jungle }:
let
nixpkgs = jungle.inputs.nixpkgs;
customOverlay = (final: prev: {
# Example overlay, for now empty
});
pkgs = import nixpkgs {
system = "x86_64-linux";
overlays = [
# Apply jungle overlay to get our BSC custom packages
jungle.outputs.bscOverlay
# And on top apply our local changes to customize for cluster
customOverlay
];
};
in {
devShells.x86_64-linux.default = pkgs.mkShell {
pname = "devshell";
# Include these packages in the shell
packages = with pkgs; [
$packages
];
# The dependencies needed to build these packages will be also included
inputsFrom = with pkgs; [
$inputsFrom
];
};
};
}
EOF

9
pkgs/nodes/default.nix
View File

@@ -3,7 +3,6 @@
, lib , lib
, fetchFromGitHub , fetchFromGitHub
, pkg-config , pkg-config
, perl
, numactl , numactl
, hwloc , hwloc
, boost , boost
@@ -11,22 +10,23 @@
, ovni , ovni
, nosv , nosv
, clangOmpss2 , clangOmpss2
, which
, useGit ? false , useGit ? false
, gitUrl ? "ssh://git@gitlab-internal.bsc.es/nos-v/nodes.git" , gitUrl ? "ssh://git@gitlab-internal.bsc.es/nos-v/nodes.git"
, gitBranch ? "master" , gitBranch ? "master"
, gitCommit ? "6002ec9ae6eb876d962cc34366952a3b26599ba6" , gitCommit ? "511489e71504a44381e0930562e7ac80ac69a848" # version-1.4
}: }:
with lib; with lib;
let let
release = rec { release = rec {
version = "1.3"; version = "1.4";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "bsc-pm"; owner = "bsc-pm";
repo = "nodes"; repo = "nodes";
rev = "version-${version}"; rev = "version-${version}";
hash = "sha256-cFb9pxcjtkMmH0CsGgUO9LTdXDNh7MCqicgGWawLrsU="; hash = "sha256-+lR/R0l3fGZO3XG7whMorFW2y2YZ0ZFnLeOHyQYrAsQ=";
}; };
}; };
@@ -59,6 +59,7 @@ in
doCheck = false; doCheck = false;
nativeCheckInputs = [ nativeCheckInputs = [
clangOmpss2 clangOmpss2
which
]; ];
# The "bindnow" flags are incompatible with ifunc resolution mechanism. We # The "bindnow" flags are incompatible with ifunc resolution mechanism. We

6
pkgs/nosv/default.nix
View File

@@ -13,19 +13,19 @@
, useGit ? false , useGit ? false
, gitUrl ? "git@gitlab-internal.bsc.es:nos-v/nos-v.git" , gitUrl ? "git@gitlab-internal.bsc.es:nos-v/nos-v.git"
, gitBranch ? "master" , gitBranch ? "master"
, gitCommit ? "9f47063873c3aa9d6a47482a82c5000a8c813dd8" , gitCommit ? "1108e4786b58e0feb9a16fa093010b763eb2f8e8" # version 4.0.0
}: }:
with lib; with lib;
let let
release = rec { release = rec {
version = "3.2.0"; version = "4.0.0";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "bsc-pm"; owner = "bsc-pm";
repo = "nos-v"; repo = "nos-v";
rev = "${version}"; rev = "${version}";
hash = "sha256-yaz92426EM8trdkBJlISmAoG9KJCDTvoAW/HKrasvOw="; hash = "sha256-llaq73bd/YxLVKNlMebnUHKa4z3sdcsuDUoVwUxNuw8=";
}; };
}; };

6
pkgs/osu/default.nix
View File

@@ -32,6 +32,11 @@ stdenv.mkDerivation rec {
"CXX=mpicxx" "CXX=mpicxx"
]; ];
env = {
MPICH_CC="${stdenv.cc}/bin/${stdenv.cc.targetPrefix}cc";
MPICH_CXX="${stdenv.cc}/bin/${stdenv.cc.targetPrefix}c++";
};
postInstall = '' postInstall = ''
mkdir -p $out/bin mkdir -p $out/bin
for f in $(find $out -executable -type f); do for f in $(find $out -executable -type f); do
@@ -44,5 +49,6 @@ stdenv.mkDerivation rec {
homepage = "http://mvapich.cse.ohio-state.edu/benchmarks/"; homepage = "http://mvapich.cse.ohio-state.edu/benchmarks/";
maintainers = [ ]; maintainers = [ ];
platforms = lib.platforms.all; platforms = lib.platforms.all;
cross = true;
}; };
} }

8
pkgs/ovni/default.nix
View File

@@ -7,7 +7,7 @@
, useGit ? false , useGit ? false
, gitBranch ? "master" , gitBranch ? "master"
, gitUrl ? "ssh://git@bscpm04.bsc.es/rarias/ovni.git" , gitUrl ? "ssh://git@bscpm04.bsc.es/rarias/ovni.git"
, gitCommit ? "e4f62382076f0cf0b1d08175cf57cc0bc51abc61" , gitCommit ? "06432668f346c8bdc1006fabc23e94ccb81b0d8b" # version 1.13.0
, enableDebug ? false , enableDebug ? false
# Only enable MPI if the build is native (fails on cross-compilation) # Only enable MPI if the build is native (fails on cross-compilation)
, useMpi ? (stdenv.buildPlatform.canExecute stdenv.hostPlatform) , useMpi ? (stdenv.buildPlatform.canExecute stdenv.hostPlatform)
@@ -15,13 +15,13 @@
let let
release = rec { release = rec {
version = "1.12.0"; version = "1.13.0";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "bsc-pm"; owner = "bsc-pm";
repo = "ovni"; repo = "ovni";
rev = "${version}"; rev = "${version}";
hash = "sha256-H04JvsVKrdqr3ON7JhU0g17jjlg/jzQ7eTfx9vUNd3E="; hash = "sha256-0l2ryIyWNiZqeYdVlnj/WnQGS3xFCY4ICG8JedX424w=";
} // { shortRev = "a73afcf"; }; } // { shortRev = "0643266"; };
}; };
git = rec { git = rec {

4
pkgs/paraver/default.nix
View File

@@ -12,7 +12,7 @@
, paraverKernel , paraverKernel
, openssl , openssl
, glibcLocales , glibcLocales
, wrapGAppsHook , wrapGAppsHook3
}: }:
let let
@@ -64,7 +64,7 @@ stdenv.mkDerivation rec {
autoconf autoconf
automake automake
autoreconfHook autoreconfHook
wrapGAppsHook wrapGAppsHook3
]; ];
buildInputs = [ buildInputs = [

26
pkgs/pocl/0001-cmake-do-not-use-suffix.patch Normal file
View File

@@ -0,0 +1,26 @@
From ccf301659caac9b5e973ba1f2d32352acf617a98 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Aleix=20Bon=C3=A9?= <aleix.boneribo@bsc.es>
Date: Tue, 2 Jul 2024 16:45:05 +0200
Subject: [PATCH] cmake: do not use suffix
---
cmake/LLVM.cmake | 3 ++
1 files changed, 3 insertions(+)
diff --git a/cmake/LLVM.cmake b/cmake/LLVM.cmake
index f4dbda065..e29144dce 100644
--- a/cmake/LLVM.cmake
+++ b/cmake/LLVM.cmake
@@ -65,6 +65,9 @@ else()
message(WARNING "Cannot determine llvm binary suffix from ${LLVM_CONFIG}")
endif()
message(STATUS "LLVM binaries suffix : ${LLVM_BINARY_SUFFIX}")
+
+ # We don't want suffixes in nix
+ set(LLVM_BINARY_SUFFIX "")
endif()
get_filename_component(LLVM_CONFIG_LOCATION "${LLVM_CONFIG}" DIRECTORY)
--
2.45.1

33
pkgs/pocl/0001-cmake-native-build-tools.patch Normal file
View File

@@ -0,0 +1,33 @@
From f24b456c50f587b05cc8f2699c94d8cdefc5b13e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Aleix=20Bon=C3=A9?= <aleix.boneribo@bsc.es>
Date: Tue, 2 Jul 2024 17:11:11 +0200
Subject: [PATCH] cmake: native build tools
---
cmake/LLVM.cmake | 7 +-
1 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/cmake/LLVM.cmake b/cmake/LLVM.cmake
index e29144dce..b9f14ce6a 100644
--- a/cmake/LLVM.cmake
+++ b/cmake/LLVM.cmake
@@ -269,10 +269,15 @@ endforeach()
####################################################################
+if(DEFINED LLVM_NATIVE_TOOL_DIR)
+ set(TOOL_DIR "${LLVM_NATIVE_TOOL_DIR}")
+ message(STATUS "TOOL_DIR=${TOOL_DIR}")
+endif()
+
macro(find_program_or_die OUTPUT_VAR PROG_NAME DOCSTRING)
find_program(${OUTPUT_VAR}
NAMES "${PROG_NAME}${LLVM_BINARY_SUFFIX}${CMAKE_EXECUTABLE_SUFFIX}"
- HINTS "${LLVM_BINDIR}" "${LLVM_CONFIG_LOCATION}"
+ HINTS "${TOOL_DIR}" "${LLVM_BINDIR}" "${LLVM_CONFIG_LOCATION}"
DOC "${DOCSTRING}"
NO_CMAKE_PATH
NO_CMAKE_ENVIRONMENT_PATH
--
2.45.1

48
pkgs/pocl/0001-cmake-use-clang-from-cmake-variable.patch Normal file
View File

@@ -0,0 +1,48 @@
From 4688b5ce895761c884ae15fc0234ed8d623b988b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Aleix=20Bon=C3=A9?= <aleix.boneribo@bsc.es>
Date: Tue, 2 Jul 2024 15:41:47 +0200
Subject: [PATCH] cmake: use clang from cmake variable
---
cmake/LLVM.cmake | 22 ++++++++++++++++++++--
1 file changed, 20 insertions(+), 2 deletions(-)
diff --git a/cmake/LLVM.cmake b/cmake/LLVM.cmake
index 71b786dc7..f4dbda065 100644
--- a/cmake/LLVM.cmake
+++ b/cmake/LLVM.cmake
@@ -281,11 +281,29 @@ macro(find_program_or_die OUTPUT_VAR PROG_NAME DOCSTRING)
endif()
endmacro()
-find_program_or_die( CLANG "clang" "clang binary")
+# -DCMAKE_C_COMPILER=riscv64-unknown-linux-gnu-clang -DCMAKE_CXX_COMPILER=riscv64-unknown-linux-gnu-clang++
+
+# if(DEFINED CLANG_EXECUTABLE)
+if(DEFINED CMAKE_C_COMPILER)
+ # set(CLANG "${CLANG_EXECUTABLE}")
+ set(CLANG "${CMAKE_C_COMPILER}")
+ message(STATUS "Using CLANG_EXECUTABLE: ${CLANG}")
+else()
+ find_program_or_die( CLANG "clang" "clang binary")
+endif()
execute_process(COMMAND "${CLANG}" "--version" OUTPUT_VARIABLE LLVM_CLANG_VERSION RESULT_VARIABLE CLANG_RES)
+
# TODO this should be optional
-find_program_or_die( CLANGXX "clang++" "clang++ binary")
+# if(DEFINED CLANGXX_EXECUTABLE)
+if(DEFINED CMAKE_CXX_COMPILER)
+ # set(CLANGXX "${CLANGXX_EXECUTABLE}")
+ set(CLANGXX "${CMAKE_CXX_COMPILER}")
+ message(STATUS "Using CLANGXX_EXECUTABLE: ${CLANGXX}")
+else()
+ find_program_or_die( CLANGXX "clang++" "clang++ binary")
+endif()
execute_process(COMMAND "${CLANGXX}" "--version" OUTPUT_VARIABLE LLVM_CLANGXX_VERSION RESULT_VARIABLE CLANGXX_RES)
+
if(CLANGXX_RES OR CLANG_RES)
message(FATAL_ERROR "Failed running clang/clang++ --version")
endif()
--
2.45.1

255
pkgs/pocl/default.nix Normal file
View File

@@ -0,0 +1,255 @@
{
lib,
llvmPackages,
ninja,
cmake,
hwloc,
ocl-icd,
opencl-headers,
getconf,
pkg-config,
spirv-llvm-translator,
spirv-tools,
libxml2, # required for statically linked llvm
python3,
writableTmpDirAsHomeHook,
writeText,
runCommand,
opencl-cts,
fetchFromGitHub,
useGit ? false,
gitUrl ? "git@gitlab-internal.bsc.es:task-awareness/pocl/pocl.git",
gitBranch ? "new-device",
gitCommit ? "dd10c2221b31223cbb796182df6a07f11c7541f5",
staticLLVM ? true,
enableICD ? true,
enableSPIRV ? true,
enableHWLOC ? true,
enableRemoteServer ? false,
enableRemoteClient ? false,
enableDistroVariants ? false,
lttng-ust,
enableLTTNG ? false,
onetbb,
enableTBB ? false,
nosv ? null,
ovni ? null,
enableNOSV ? useGit,
enableOVNI ? useGit,
buildPackages,
targetPackages,
nix-update-script,
}:
assert (enableNOSV || enableOVNI) -> useGit;
let
release = rec {
version = "7.1";
src = fetchFromGitHub {
owner = "pocl";
repo = "pocl";
tag = "v${version}";
hash = "sha256-bS6vTIjLO7YLs7qYLKW0cYYbEJ/hRS/+IjjAKbkj8ac=";
};
};
git = rec {
version = src.shortRev;
src = builtins.fetchGit {
url = gitUrl;
ref = gitBranch;
rev = gitCommit;
};
};
source = if (useGit) then git else release;
stdenv = llvmPackages.stdenv;
buildLlvmPackages = buildPackages.llvmPackages;
isCross = stdenv.hostPlatform != stdenv.buildPlatform;
featureList = lib.concatStringsSep "+" (
(lib.optionals enableICD [ "icd" ])
++ (lib.optionals enableNOSV [ "nosv" ])
++ (lib.optionals enableOVNI [ "ovni" ])
++ (lib.optionals enableSPIRV [ "spirv" ])
++ (lib.optionals enableTBB [ "tbb" ])
++ (lib.optionals enableRemoteClient [ "server" ])
++ (lib.optionals enableRemoteServer [ "client" ])
);
in
stdenv.mkDerivation (finalAttrs: {
pname = "pocl";
version = featureList + "-" + source.version;
inherit (source) src;
patches = lib.optionals useGit [
./0001-cmake-use-clang-from-cmake-variable.patch
./0001-cmake-do-not-use-suffix.patch
./0001-cmake-native-build-tools.patch
];
cmakeFlags = [
# TODO: all these are broken when cross compiling. Upstream has refactored
# all the cmake infra for cross compilation, but it's not in a release yet
(lib.cmakeOptionType "filepath" "WITH_LLVM_CONFIG" (
lib.getExe' buildLlvmPackages.llvm.dev "llvm-config"
))
(lib.cmakeOptionType "filepath" "CLANG" (lib.getExe' buildLlvmPackages.clangUseLLVM "clang"))
(lib.cmakeOptionType "filepath" "CLANGXX" (lib.getExe' buildLlvmPackages.clangUseLLVM "clang++"))
(lib.cmakeOptionType "path" "CLANG_RESOURCE_DIR" "${llvmPackages.stdenv.cc}/resource-root")
(lib.cmakeBool "ENABLE_TESTS" finalAttrs.finalPackage.doCheck)
(lib.cmakeBool "ENABLE_RELOCATION" true)
(lib.cmakeBool "ENABLE_POCL_BUILDING" true)
(lib.cmakeBool "POCL_ICD_ABSOLUTE_PATH" true)
(lib.cmakeBool "ENABLE_TBB_DEVICE" enableTBB)
(lib.cmakeBool "ENABLE_ICD" enableICD)
(lib.cmakeBool "ENABLE_HWLOC" enableHWLOC)
(lib.cmakeBool "ENABLE_LTTNG" enableLTTNG)
(lib.cmakeBool "ENABLE_REMOTE_CLIENT" enableRemoteClient)
(lib.cmakeBool "ENABLE_REMOTE_SERVER" enableRemoteServer)
# avoid the runtime linker pulling in a different llvm e.g. from graphics drivers
(lib.cmakeBool "STATIC_LLVM" staticLLVM)
]
++ lib.optionals (enableNOSV || enableOVNI) [
(lib.cmakeBool "ENABLE_NOSV" enableNOSV)
(lib.cmakeBool "ENABLE_OVNI" enableOVNI)
]
++ lib.optionals (!isCross && enableDistroVariants) [
(lib.cmakeFeature "KERNELLIB_HOST_CPU_VARIANTS" "distro") # TODO: check if we can do it when cross compiling
]
++ lib.optionals isCross [
(lib.cmakeFeature "CMAKE_SYSTEM_NAME" "Linux")
(lib.cmakeFeature "CMAKE_FIND_ROOT_PATH_MODE_PROGRAM" "NEVER")
(lib.cmakeFeature "CMAKE_FIND_ROOT_PATH_MODE_LIBRARY" "ONLY")
(lib.cmakeFeature "CMAKE_FIND_ROOT_PATH_MODE_INCLUDE" "ONLY")
(lib.cmakeFeature "CMAKE_FIND_ROOT_PATH_MODE_PACKAGE" "ONLY")
]
++ lib.optionals stdenv.hostPlatform.isRiscV [
(lib.cmakeFeature "LLC_TRIPLE" "riscv64-unknown-linux-gnu")
(lib.cmakeFeature "LLC_HOST_CPU" "rv64g")
(lib.cmakeFeature "CLANG_MARCH_FLAG" "-march=")
];
# Fixes error: ld: cannot find -lgcc / -lgcc_s when linking from libpocl on
# host
preConfigure = ''
cmakeFlagsArray+=(
-DEXTRA_HOST_LD_FLAGS="${lib.escapeShellArg (builtins.readFile "${targetPackages.stdenv.cc}/nix-support/cc-ldflags")}"
-DEXTRA_KERNEL_FLAGS="${lib.escapeShellArg (builtins.readFile "${targetPackages.stdenv.cc}/nix-support/cc-ldflags")}"
)
'';
nativeBuildInputs = [
cmake
getconf
ninja
pkg-config
python3
];
buildInputs = [
opencl-headers
llvmPackages.libclang
llvmPackages.llvm
]
++ lib.optionals staticLLVM [ libxml2 ]
++ lib.optionals enableNOSV [ nosv ]
++ lib.optionals enableOVNI [ ovni ]
++ lib.optionals enableHWLOC [ hwloc ]
++ lib.optionals enableTBB [ onetbb ]
++ lib.optionals enableICD [ ocl-icd ]
++ lib.optionals enableLTTNG [ lttng-ust ]
++ lib.optionals enableSPIRV [
(spirv-llvm-translator.override { inherit (llvmPackages) llvm; })
spirv-tools
];
nativeInstallCheckInputs = [
writableTmpDirAsHomeHook # needed for POCL_CACHE_DIR
];
doInstallCheck = true;
installCheckPhase = lib.optionalString enableICD ''
runHook preInstallCheck
export OCL_ICD_VENDORS=$out/etc/OpenCL/vendors
$out/bin/poclcc -o poclcc.cl.pocl $src/examples/poclcc/poclcc.cl
runHook postInstallCheck
'';
setupHook = lib.optionalDrvAttr enableICD (
writeText "setup-hook" ''
addToSearchPath OCL_ICD_VENDORS @out@/etc/OpenCL/vendors
''
);
passthru =
let
self = finalAttrs.finalPackage;
in
{
updateScript = nix-update-script { };
git = self.override { useGit = true; };
withICD = enableICD;
test = {
# Run builtin tests (causes a rebuild)
self = self.overrideAttrs { doCheck = true; };
# Run basic test from Khronos OpenCL Conformance Test Suite
# WARN: despite its name, test_basic is very exhaustive, and can take more
# than 1 hour in a marenostrum5 node.
cts =
assert enableICD;
lib.genAttrs [ "api" "basic" "c11_atomics" "printf" "svm" ] (
name:
runCommand "pocl-cts-test_${name}" {
nativeBuildInputs = [ self ];
requiredSystemFeatures = [ "sys-devices" ];
env = {
POCL_DEBUG = "error,warn";
POCL_CACHE_DIR = "/build/pocl_cache";
};
} "${opencl-cts}/bin/Release/test_${name} | tee $out"
);
};
};
env.HWLOC_SYNTHETIC = lib.optionalDrvAttr enableHWLOC "node:1 core:1 pu:1";
propagatedBuildInputs = [ stdenv.cc.cc ];
meta = with lib; {
description = "A portable open source (MIT-licensed) implementation of the OpenCL standard";
homepage = "http://portablecl.org";
license = licenses.mit;
maintainers = with maintainers; [
leixb
jansol
xddxdd
bsc.maintainers.leixb
];
platforms = platforms.linux ++ platforms.darwin;
};
})

1
pkgs/sonar/default.nix
View File

@@ -35,5 +35,6 @@ stdenv.mkDerivation rec {
maintainers = with lib.maintainers.bsc; [ rarias ]; maintainers = with lib.maintainers.bsc; [ rarias ];
platforms = lib.platforms.linux; platforms = lib.platforms.linux;
license = lib.licenses.mit; license = lib.licenses.mit;
cross = true;
}; };
} }

72
pkgs/tacuda/default.nix Normal file
View File

@@ -0,0 +1,72 @@
{
backendStdenv,
fetchFromGitHub,
automake,
autoconf,
libtool,
gnumake,
autoreconfHook,
boost,
cudatoolkit,
libcublas,
cuda_cudart,
useGit ? false,
gitUrl ? "git@gitlab-internal.bsc.es:task-awareness/tacuda/tacuda.git",
gitBranch ? "main",
gitCommit ? "35234f9445e6149a2bd38d119841e2485d6ee05e",
}:
let
release_ver = "2.1.0";
release = {
version = release_ver;
src = fetchFromGitHub {
owner = "bsc-pm";
repo = "tacuda";
rev = release_ver;
hash = "sha256-Cj3EiLVJSLvRv0ydeg7Vp4SpkniEqHkcWF+YOJQ8EcM=";
};
};
git = rec {
version = src.shortRev;
src = builtins.fetchGit {
url = gitUrl;
ref = gitBranch;
rev = gitCommit;
};
};
source = if (useGit) then git else release;
in
backendStdenv.mkDerivation {
pname = "tacuda";
inherit (source) src version;
enableParallelBuilding = true;
separateDebugInfo = true;
strictDeps = true;
nativeBuildInputs = [
autoreconfHook
automake
autoconf
libtool
gnumake
];
patches = [ ./fix_config.patch ];
configureFlags = [ "--with-cuda-include=${cudatoolkit}/include" ];
buildInputs = [
boost
libcublas
cuda_cudart
];
}

13
pkgs/tacuda/fix_config.patch Normal file
View File

@@ -0,0 +1,13 @@
diff --git a/m4/cuda.m4 b/m4/cuda.m4
index 23f5c94..8f9b534 100644
--- a/m4/cuda.m4
+++ b/m4/cuda.m4
@@ -40,7 +40,7 @@ search_libs="cuda cublas cudart"
required_libs=""
m4_foreach([function],
- [cuInit,
+ [
cublasSgemm,
cudaStreamCreate,
cudaLaunchKernel,

18
pkgs/tagaspi/default.nix
View File

@@ -5,23 +5,14 @@
, automake , automake
, autoconf , autoconf
, libtool , libtool
, mpi
, autoreconfHook , autoreconfHook
, gpi-2 , gpi-2
, boost , boost
, numactl , numactl
, rdma-core , rdma-core
, gfortran , gfortran
, symlinkJoin
}: }:
let
mpiAll = symlinkJoin {
name = "mpi-all";
paths = [ mpi.all ];
};
in
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
pname = "tagaspi"; pname = "tagaspi";
enableParallelBuilding = true; enableParallelBuilding = true;
@@ -35,16 +26,18 @@ stdenv.mkDerivation rec {
hash = "sha256-RGG/Re2uM293HduZfGzKUWioDtwnSYYdfeG9pVrX9EM="; hash = "sha256-RGG/Re2uM293HduZfGzKUWioDtwnSYYdfeG9pVrX9EM=";
}; };
buildInputs = [ nativeBuildInputs = [
autoreconfHook autoreconfHook
automake automake
autoconf autoconf
libtool libtool
gfortran
];
buildInputs = [
boost boost
numactl numactl
rdma-core rdma-core
gfortran
mpiAll
]; ];
dontDisableStatic = true; dontDisableStatic = true;
@@ -63,5 +56,6 @@ stdenv.mkDerivation rec {
maintainers = with lib.maintainers.bsc; [ rarias ]; maintainers = with lib.maintainers.bsc; [ rarias ];
platforms = lib.platforms.linux; platforms = lib.platforms.linux;
license = lib.licenses.gpl3Plus; license = lib.licenses.gpl3Plus;
cross = false; # gpi-2 cannot cross
}; };
} }

1
pkgs/tampi/default.nix
View File

@@ -68,5 +68,6 @@ in stdenv.mkDerivation {
maintainers = with lib.maintainers.bsc; [ rarias ]; maintainers = with lib.maintainers.bsc; [ rarias ];
platforms = lib.platforms.linux; platforms = lib.platforms.linux;
license = lib.licenses.gpl3Plus; license = lib.licenses.gpl3Plus;
cross = true;
}; };
} }

46
pkgs/taopencl/default.nix Normal file
View File

@@ -0,0 +1,46 @@
{
stdenv,
automake,
autoconf,
libtool,
gnumake,
boost,
mpi,
gcc,
autoreconfHook,
ocl-icd,
opencl-headers,
}:
stdenv.mkDerivation (finalAttrs: {
pname = "taopencl";
version = finalAttrs.src.shortRev;
src = builtins.fetchGit {
url = "git@gitlab-internal.bsc.es:task-awareness/taopencl/taopencl.git";
ref = "master";
rev = "c3b7b32ae8fa4af7ceff598532a881f8f1490aaf";
};
enableParallelBuilding = true;
separateDebugInfo = true;
configureFlags = [
"--with-opencl-lib=${ocl-icd}/lib"
"--with-opencl-include=${opencl-headers}/include"
];
buildInputs = [
autoreconfHook
automake
autoconf
libtool
gnumake
boost
mpi
gcc
];
dontDisableStatic = true;
hardeningDisable = [ "all" ];
})

4
pkgs/upc-qaire-exporter/default.nix
View File

@@ -1,9 +1,11 @@
{ python3Packages, lib }: { python3Packages, lib }:
python3Packages.buildPythonApplication rec { python3Packages.buildPythonApplication {
pname = "upc-qaire-exporter"; pname = "upc-qaire-exporter";
version = "1.0"; version = "1.0";
pyproject = true;
src = ./.; src = ./.;
doCheck = false; doCheck = false;

127
test/compilers/opencl.c Normal file
View File

@@ -0,0 +1,127 @@
#include <CL/cl.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#define BUF_LEN 128
cl_int exit_err = CL_SUCCESS;
#define CHECK(cmd) \
do { \
cl_int err = cmd; \
if (err != CL_SUCCESS) { \
printf("[ERROR] " #cmd " (Error code: %d)\n" \
"@ "__FILE__ \
":%d", \
err, __LINE__); \
exit_err = err; \
goto cleanup; \
} \
} while (0)
const char *kernel_source = "__kernel void vector_add(__global const float *a, "
"__global const float *b, __global float *c) {\n"
" int gid = get_global_id(0);\n"
" c[gid] = a[gid] + b[gid];\n"
"}\n";
cl_int test_kernel_compilation(cl_platform_id platform) {
cl_device_id device = NULL;
cl_context context = NULL;
cl_program program = NULL;
cl_int err = CL_SUCCESS;
char device_name[BUF_LEN];
// Get first device for this platform
CHECK(clGetDeviceIDs(platform, CL_DEVICE_TYPE_ALL, 1, &device, NULL));
// Get device name
CHECK(clGetDeviceInfo(device, CL_DEVICE_NAME, sizeof(device_name),
device_name, NULL));
printf(" Device: %s\n", device_name);
context = clCreateContext(NULL, 1, &device, NULL, NULL, &err);
CHECK(err);
program = clCreateProgramWithSource(context, 1, &kernel_source, NULL, &err);
CHECK(err);
err = clBuildProgram(program, 1, &device, NULL, NULL, NULL);
if (err != CL_SUCCESS) {
printf(" [ERROR] Kernel compilation failed (Error code: %d)\n", err);
// Build log
size_t log_size;
CHECK(clGetProgramBuildInfo(program, device, CL_PROGRAM_BUILD_LOG, 0, NULL,
&log_size));
char *log = (char *)malloc(log_size);
CHECK(clGetProgramBuildInfo(program, device, CL_PROGRAM_BUILD_LOG, log_size,
log, NULL));
printf(" Build log:\n%s\n", log);
free(log);
goto cleanup;
}
printf(" [OK] Kernel compiled successfully!\n");
cleanup:
if (program)
clReleaseProgram(program);
if (context)
clReleaseContext(context);
printf("\n");
return exit_err;
}
int main() {
cl_uint num_platforms;
cl_platform_id *platforms = NULL;
// Get number of platforms
CHECK(clGetPlatformIDs(0, NULL, &num_platforms));
printf("Found %d OpenCL platform(s)\n\n", num_platforms);
if (num_platforms == 0) {
printf("No OpenCL platforms found!\n");
return EXIT_FAILURE;
}
// Allocate memory for platforms
platforms = (cl_platform_id *)malloc(sizeof(cl_platform_id) * num_platforms);
// Get platform IDs
CHECK(clGetPlatformIDs(num_platforms, platforms, NULL));
// Query each platform and test kernel compilation
for (cl_uint i = 0; i < num_platforms; i++) {
char platform_name[BUF_LEN];
char platform_vendor[BUF_LEN];
char platform_version[BUF_LEN];
CHECK(clGetPlatformInfo(platforms[i], CL_PLATFORM_NAME,
sizeof(platform_name), platform_name, NULL));
CHECK(clGetPlatformInfo(platforms[i], CL_PLATFORM_VENDOR,
sizeof(platform_vendor), platform_vendor, NULL));
CHECK(clGetPlatformInfo(platforms[i], CL_PLATFORM_VERSION,
sizeof(platform_version), platform_version, NULL));
printf("Platform %d: %s\n", i, platform_name);
printf(" Vendor: %s\n", platform_vendor);
printf(" Version: %s\n", platform_version);
// Test kernel compilation
CHECK(test_kernel_compilation(platforms[i]));
}
cleanup:
if (platforms)
free(platforms);
if (exit_err == CL_SUCCESS)
return EXIT_SUCCESS;
return EXIT_FAILURE;
}

104
test/compilers/opencl.nix Normal file
View File

@@ -0,0 +1,104 @@
{
stdenv,
ocl-icd,
opencl-headers,
pocl,
clinfo,
runCommand,
lib,
}:
stdenv.mkDerivation (finalAttrs: {
pname = "opencl-pocl-test";
version = "1.0.0";
src = ./opencl.c;
dontUnpack = true;
dontConfigure = true;
buildInputs = [
ocl-icd
opencl-headers
];
buildPhase = ''
runHook preBuild
$CC -Wall -Wextra -D CL_TARGET_OPENCL_VERSION=100 $src -o ocl-hello -lOpenCL
runHook postBuild
'';
installPhase = ''
runHook preInstall
mkdir -p $out/bin
cp ocl-hello $out/bin
runHook postInstall
'';
passthru = {
test-icd =
runCommand "custom-clinfo"
{
nativeBuildInputs =
assert !(lib.hasPrefix "pocl" ocl-icd.pname);
[
clinfo
finalAttrs.finalPackage
pocl
];
env = {
POCL_DEBUG = "error,warn";
POCL_CACHE_DIR = "/build/pocl_cache";
};
requiredSystemFeatures = [ "sys-devices" ];
}
''
set -x
mkdir $out
clinfo -l >$out/clinfo
clinfo >$out/clinfo-full
ocl-hello >$out/hello
for i in $out/*; do
grep "Portable Computing Language" $i
done
echo $OCL_ICD_VENDORS >$out/env
grep "pocl.*/etc/OpenCL/vendors" $out/env
set +x
'';
# this needs: ocl-icd = pocl-noicd
test-noicd =
runCommand "custom-clinfo"
{
nativeBuildInputs = [
finalAttrs.finalPackage
];
env = {
POCL_DEBUG = "error,warn";
POCL_CACHE_DIR = "/build/pocl_cache";
};
requiredSystemFeatures = [ "sys-devices" ];
}
''
ocl-hello >$out
grep "Portable Computing Language" $out
'';
};
})

27
test/compilers/pocl.nix Normal file
View File

@@ -0,0 +1,27 @@
{
runCommand,
pocl,
clinfo,
}:
runCommand "clinfo-pocl"
{
nativeBuildInputs = [
clinfo
pocl
];
requiredSystemFeatures = [ "sys-devices" ];
env = {
POCL_DEBUG = "error,warn";
POCL_CACHE_DIR = "/build/pocl_cache";
};
}
''
echo $OCL_ICD_VENDORS
clinfo >$out
# check that we have PoCL:
grep "Portable Computing Language" $out
''