jungle/m/hut/configuration.nix

{ config, pkgs, ... }:

{
  imports = [
    ../common/xeon.nix

    ../module/ceph.nix
    ../module/debuginfod.nix
    ../module/slurm-client.nix
    ./gitlab-runner.nix
    ./monitoring.nix
    ./nfs.nix
    ./slurm-server.nix
    ./nix-serve.nix
    ./public-inbox.nix
    ./gitea.nix
    ./msmtp.nix
    ./postgresql.nix
    #./pxe.nix
  ];

  boot.binfmt.emulatedSystems = [ "armv7l-linux" "aarch64-linux" "powerpc64le-linux" "riscv64-linux" ];

  # Select the this using the ID to avoid mismatches
  boot.loader.grub.device = "/dev/disk/by-id/ata-INTEL_SSDSC2BB240G7_PHDV6462004Y240AGN";

  networking = {
    hostName = "hut";
    interfaces.eno1.ipv4.addresses = [ {
      address = "10.0.40.7";
      prefixLength = 24;
    } ];
    interfaces.ibp5s0.ipv4.addresses = [ {
      address = "10.0.42.7";
      prefixLength = 24;
    } ];
    firewall = {
      extraCommands = ''
        # Accept all proxy traffic from compute nodes but not the login
        iptables -A nixos-fw -p tcp -s 10.0.40.30 --dport 23080 -j nixos-fw-log-refuse
        iptables -A nixos-fw -p tcp -s 10.0.40.0/24 --dport 23080 -j nixos-fw-accept
      '';
    };
  };

  # Allow proxy to bind to the ethernet interface
  services.openssh.settings.GatewayPorts = "clientspecified";
}
Add agenix to all nodes 2023-09-04 22:09:40 +02:00			`{ config, pkgs, ... }:`
Add initial configuration 2023-03-31 18:27:25 +02:00
			`{`
			`imports = [`
Split xeon specific configuration from base To accomodate the raccoon knights workstation, some of the configuration pulled by m/common/main.nix has to be removed. To solve it, the xeon specific parts are placed into m/common/xeon.nix and only the common configuration is at m/common/base.nix. Reviewed-by: Aleix Roca Nonell <aleix.rocanonell@bsc.es> 2024-06-03 09:20:11 +02:00			`../common/xeon.nix`
Add initial configuration 2023-03-31 18:27:25 +02:00
Move the ceph client config to an external module 2023-09-04 21:59:04 +02:00			`../module/ceph.nix`
Enable nixseparatedebuginfod module The module is only enabled on Hut and Eudy because we noticed activity on the debuginfod service even if no debug session was active. Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es> 2023-12-01 19:57:04 +01:00			`../module/debuginfod.nix`
Move slurm client in a separate module Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es> 2024-02-09 11:14:34 +01:00			`../module/slurm-client.nix`
Add initial configuration 2023-03-31 18:27:25 +02:00			`./gitlab-runner.nix`
Add monitoring services 2023-04-05 17:00:01 +02:00			`./monitoring.nix`
Export nix store over nfs 2023-04-06 13:57:32 +02:00			`./nfs.nix`
Move slurm client in a separate module Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es> 2024-02-09 11:14:34 +01:00			`./slurm-server.nix`
Serve the nix store from hut 2023-09-12 12:19:43 +02:00			`./nix-serve.nix`
Enable public-inbox at jungle.bsc.es/lists The public-inbox service fetches emails from the sourcehut mailing lists and displays them on the web. The idea is to reduce the dependency on external services and add a secondary storage for the mailing lists in case sourcehut goes down or changes the current free plans. The service is available in https://jungle.bsc.es/lists/ and is open to the public. It currently mirrors the bscpkgs and jungle mailing list. We also edited the CSS to improve the readability and have larger fonts by default. The service for public-inbox produced by NixOS is not well configured to fetch emails from an IMAP mail server, so we also manually edit the service file to enable the network. Reviewed-by: Aleix Roca Nonell <aleix.rocanonell@bsc.es> 2023-12-07 11:08:15 +01:00			`./public-inbox.nix`
Add Gitea service Reviewed-by: Aleix Roca Nonell <aleix.rocanonell@bsc.es> 2024-04-26 16:52:52 +02:00			`./gitea.nix`
Add msmtp to send notifications via email Reviewed-by: Aleix Roca Nonell <aleix.rocanonell@bsc.es> 2024-05-02 17:54:09 +02:00			`./msmtp.nix`
Add PostgreSQL DB for performance test results The database will hold the performance results of the execution of the benchmarks. We follow the same setup on knights3 for now. Reviewed-by: Aleix Roca Nonell <aleix.rocanonell@bsc.es> 2024-05-30 13:35:58 +02:00			`./postgresql.nix`
Disable pixiecore in hut for now 2023-08-25 13:21:00 +02:00			`#./pxe.nix`
Add agenix to PATH in hut 2023-08-23 17:42:50 +02:00			`];`

Add support for armv7 emulation in hut Reviewed-by: Aleix Roca Nonell <aleix.rocanonell@bsc.es> 2024-06-21 13:52:08 +02:00			`boot.binfmt.emulatedSystems = [ "armv7l-linux" "aarch64-linux" "powerpc64le-linux" "riscv64-linux" ];`
Enable binary emulation for other architectures 2023-08-31 17:22:36 +02:00
Move disk selection to configuration.nix 2023-04-18 18:28:37 +02:00			`# Select the this using the ID to avoid mismatches`
			`boot.loader.grub.device = "/dev/disk/by-id/ata-INTEL_SSDSC2BB240G7_PHDV6462004Y240AGN";`

Remove host specific network options from net.nix 2023-04-18 18:49:54 +02:00			`networking = {`
Rename xeon07 to hut 2023-06-14 11:15:00 +02:00			`hostName = "hut";`
Remove host specific network options from net.nix 2023-04-18 18:49:54 +02:00			`interfaces.eno1.ipv4.addresses = [ {`
			`address = "10.0.40.7";`
			`prefixLength = 24;`
			`} ];`
			`interfaces.ibp5s0.ipv4.addresses = [ {`
			`address = "10.0.42.7";`
			`prefixLength = 24;`
			`} ];`
Allow incoming traffic to hut proxy Reviewed-by: Aleix Boné <abonerib@bsc.es> 2024-07-17 12:56:59 +02:00			`firewall = {`
			`extraCommands = ''`
			`# Accept all proxy traffic from compute nodes but not the login`
			`iptables -A nixos-fw -p tcp -s 10.0.40.30 --dport 23080 -j nixos-fw-log-refuse`
			`iptables -A nixos-fw -p tcp -s 10.0.40.0/24 --dport 23080 -j nixos-fw-accept`
			`'';`
			`};`
Remove host specific network options from net.nix 2023-04-18 18:49:54 +02:00			`};`
Allow incoming traffic to hut proxy Reviewed-by: Aleix Boné <abonerib@bsc.es> 2024-07-17 12:56:59 +02:00
			`# Allow proxy to bind to the ethernet interface`
			`services.openssh.settings.GatewayPorts = "clientspecified";`
Add initial configuration 2023-03-31 18:27:25 +02:00			`}`