forked from rarias/jungle
		
	
		
			
				
	
	
		
			76 lines
		
	
	
		
			2.6 KiB
		
	
	
	
		
			Nix
		
	
	
	
	
	
			
		
		
	
	
			76 lines
		
	
	
		
			2.6 KiB
		
	
	
	
		
			Nix
		
	
	
	
	
	
| { lib, config, pkgs, ... }:
 | |
| 
 | |
| {
 | |
|   imports = [
 | |
|     ../common/xeon.nix
 | |
|     ../module/ceph.nix
 | |
|     ../module/emulation.nix
 | |
|     ../module/slurm-client.nix
 | |
|     ../module/slurm-firewall.nix
 | |
|   ];
 | |
| 
 | |
|   # Select the this using the ID to avoid mismatches
 | |
|   boot.loader.grub.device = "/dev/disk/by-id/wwn-0x500a07514b0c1103";
 | |
| 
 | |
|   # No swap, there is plenty of RAM
 | |
|   swapDevices = lib.mkForce [];
 | |
| 
 | |
|   boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
 | |
|   boot.kernelModules = [ "kvm-amd" ];
 | |
| 
 | |
|   hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 | |
|   hardware.cpu.intel.updateMicrocode = lib.mkForce false;
 | |
| 
 | |
|   networking = {
 | |
|     hostName = "fox";
 | |
|     interfaces.enp1s0f0np0.ipv4.addresses = [ {
 | |
|       address = "10.0.40.26";
 | |
|       prefixLength = 24;
 | |
|     } ];
 | |
|   };
 | |
| 
 | |
|   # Configure Nvidia driver to use with CUDA
 | |
|   hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.production;
 | |
|   hardware.graphics.enable = true;
 | |
|   nixpkgs.config.allowUnfree = true;
 | |
|   nixpkgs.config.nvidia.acceptLicense = true;
 | |
|   services.xserver.videoDrivers = [ "nvidia" ];
 | |
| 
 | |
|   # Mount NVME disks
 | |
|   fileSystems."/nvme0" = { device = "/dev/disk/by-label/nvme0"; fsType = "ext4"; };
 | |
|   fileSystems."/nvme1" = { device = "/dev/disk/by-label/nvme1"; fsType = "ext4"; };
 | |
| 
 | |
|   # Make a /nvme{0,1}/$USER directory for each user.
 | |
|   systemd.services.create-nvme-dirs = let
 | |
|     # Take only normal users in fox
 | |
|     users = lib.filterAttrs (_: v: v.isNormalUser) config.users.users;
 | |
|     commands = lib.concatLists (lib.mapAttrsToList
 | |
|       (_: user: [
 | |
|         "install -d -o ${user.name} -g ${user.group} -m 0755 /nvme{0,1}/${user.name}"
 | |
|       ]) users);
 | |
|     script = pkgs.writeShellScript "create-nvme-dirs.sh" (lib.concatLines commands);
 | |
|   in {
 | |
|     enable = true;
 | |
|     wants = [ "local-fs.target" ];
 | |
|     after = [ "local-fs.target" ];
 | |
|     wantedBy = [ "multi-user.target" ];
 | |
|     serviceConfig.ExecStart = script;
 | |
|   };
 | |
| 
 | |
|   # Only allow SSH connections from users who have a SLURM allocation
 | |
|   # See: https://slurm.schedmd.com/pam_slurm_adopt.html
 | |
|   security.pam.services.sshd.rules.account.slurm = {
 | |
|     control = "required";
 | |
|     enable = true;
 | |
|     modulePath = "${pkgs.slurm}/lib/security/pam_slurm_adopt.so";
 | |
|     args = [ "log_level=debug5" ];
 | |
|     order = 999999; # Make it last one
 | |
|   };
 | |
| 
 | |
|   # Disable systemd session (pam_systemd.so) as it will conflict with the
 | |
|   # pam_slurm_adopt.so module. What happens is that the shell is first adopted
 | |
|   # into the slurmstepd task and then into the systemd session, which is not
 | |
|   # what we want, otherwise it will linger even if all jobs are gone.
 | |
|   security.pam.services.sshd.startSession = lib.mkForce false;
 | |
| }
 |