rarias/jungle
2
0
Fork 3
Code Issues 57 Pull Requests 7 Actions Packages Projects Releases Wiki Activity

Move xeon07 configuration to a directory

Browse Source
This commit is contained in:
Rodrigo Arias
2023-04-18 16:09:23 +02:00
parent 0f7a0c3ac2
commit 848efdcb2d
15 changed files with 0 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
xeon07/boot.nix Normal file
View File

@@ -0,0 +1,32 @@
{ lib, ... }:
{
# Use the GRUB 2 boot loader.
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
# Select the this using the ID to avoid mismatches
boot.loader.grub.device = "/dev/disk/by-id/ata-INTEL_SSDSC2BB240G7_PHDV6462004Y240AGN";
# Enable GRUB2 serial console
boot.loader.grub.extraConfig = ''
serial --unit=0 --speed=115200 --word=8 --parity=no --stop=1
terminal_input --append serial
terminal_output --append serial
'';
# Enable serial console
boot.kernelParams = [
"console=tty1"
"console=ttyS0,115200"
];
boot.kernelPatches = lib.singleton {
name = "osnoise-tracer";
patch = null;
extraStructuredConfig = with lib.kernel; {
OSNOISE_TRACER = yes;
HWLAT_TRACER = yes;
};
};
}

62
xeon07/configuration.nix Normal file
View File

@@ -0,0 +1,62 @@
{ config, pkgs, ... }:
{
imports = [
./hardware-configuration.nix
./boot.nix
./fs.nix
./gitlab-runner.nix
./monitoring.nix
./net.nix
./nfs.nix
./overlays.nix
./slurm.nix
./ssh.nix
./users.nix
<agenix/modules/age.nix>
];
systemd.services."serial-getty@ttyS0" = {
enable = true;
wantedBy = [ "getty.target" ];
serviceConfig.Restart = "always";
};
time.timeZone = "Europe/Madrid";
i18n.defaultLocale = "en_DK.UTF-8";
environment.systemPackages = with pkgs; [
vim wget git htop tmux pciutils tcpdump ripgrep nix-index nixos-option
nix-diff ipmitool freeipmi ethtool lm_sensors
(pkgs.callPackage <agenix/pkgs/agenix.nix> {})
];
environment.variables = {
EDITOR = "vim";
VISUAL = "vim";
};
nix.settings.experimental-features = [ "nix-command" "flakes" ];
nix.settings.sandbox = "relaxed";
nix.settings.trusted-users = [ "@wheel" ];
nix.gc.automatic = true;
nix.gc.dates = "weekly";
programs.zsh.enable = true;
programs.zsh.histSize = 100000;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
system.copySystemConfiguration = true;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.11"; # Did you read the comment?
}

16
xeon07/fs.nix Normal file
View File

@@ -0,0 +1,16 @@
{ ... }:
{
# Mount the home via NFS
fileSystems."/home" = {
device = "10.0.40.30:/home";
fsType = "nfs";
options = [ "nfsvers=3" "rsize=1024" "wsize=1024" "cto" "nofail" ];
};
# Tracing
fileSystems."/sys/kernel/tracing" = {
device = "none";
fsType = "tracefs";
};
}

58
xeon07/gitlab-runner.nix Normal file
View File

@@ -0,0 +1,58 @@
{ pkgs, lib, config, ... }:
{
age.secrets."secrets/ovni-token".file = ./secrets/ovni-token.age;
age.secrets."secrets/nosv-token".file = ./secrets/nosv-token.age;
services.gitlab-runner = {
enable = true;
services = {
ovni-shell = {
registrationConfigFile = config.age.secrets."secrets/ovni-token".path;
executor = "shell";
tagList = [ "nix" "xeon" ];
environmentVariables = {
SHELL = "${pkgs.bash}/bin/bash";
};
};
ovni-docker = {
registrationConfigFile = config.age.secrets."secrets/ovni-token".path;
dockerImage = "debian:stable";
tagList = [ "docker" "xeon" ];
registrationFlags = [ "--docker-network-mode host" ];
environmentVariables = {
https_proxy = "http://localhost:23080";
http_proxy = "http://localhost:23080";
};
};
nosv-docker = {
registrationConfigFile = config.age.secrets."secrets/nosv-token".path;
dockerImage = "debian:stable";
tagList = [ "docker" "xeon" ];
registrationFlags = [ "--docker-network-mode host" ];
environmentVariables = {
https_proxy = "http://localhost:23080";
http_proxy = "http://localhost:23080";
};
};
};
};
#systemd.services.gitlab-runner.serviceConfig.Shell = "${pkgs.bash}/bin/bash";
systemd.services.gitlab-runner.serviceConfig.DynamicUser = lib.mkForce false;
systemd.services.gitlab-runner.serviceConfig.User = "gitlab-runner";
systemd.services.gitlab-runner.serviceConfig.Group = "gitlab-runner";
systemd.services.gitlab-runner.serviceConfig.ExecStart = lib.mkForce
''${pkgs.gitlab-runner}/bin/gitlab-runner run --config ''${HOME}/.gitlab-runner/config.toml --listen-address "127.0.0.1:9252" --working-directory ''${HOME}'';
users.users.gitlab-runner = {
uid = config.ids.uids.gitlab-runner;
#isNormalUser = true;
home = "/var/lib/gitlab-runner";
description = "Gitlab Runner";
group = "gitlab-runner";
extraGroups = [ "docker" ];
createHome = true;
};
users.groups.gitlab-runner.gid = config.ids.gids.gitlab-runner;
}

37
xeon07/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,37 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "ehci_pci" "nvme" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/289f78d9-b339-47de-b321-0a6796b9a79b";
fsType = "ext4";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/2bac02f9-7ea1-4868-9536-23710f19baca"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eth0.useDHCP = lib.mkDefault true;
# networking.interfaces.eth1.useDHCP = lib.mkDefault true;
# networking.interfaces.ib0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

60
xeon07/monitoring.nix Normal file
View File

@@ -0,0 +1,60 @@
{ config, lib, ... }:
{
services.grafana = {
enable = true;
settings.server = {
http_port = 2342;
http_addr = "127.0.0.1";
};
};
services.prometheus = {
enable = true;
port = 9001;
};
systemd.services.prometheus-ipmi-exporter.serviceConfig.DynamicUser = lib.mkForce false;
systemd.services.prometheus-ipmi-exporter.serviceConfig.PrivateDevices = lib.mkForce false;
virtualisation.docker.daemon.settings = {
metrics-addr = "127.0.0.1:9323";
};
# Required to allow the smartctl exporter to read the nvme0 character device,
# see the commit message on:
# https://github.com/NixOS/nixpkgs/commit/12c26aca1fd55ab99f831bedc865a626eee39f80
services.udev.extraRules = ''
SUBSYSTEM=="nvme", KERNEL=="nvme[0-9]*", GROUP="disk"
'';
services.prometheus = {
exporters = {
ipmi.enable = true;
ipmi.group = "root";
ipmi.user = "root";
node = {
enable = true;
enabledCollectors = [ "systemd" ];
port = 9002;
};
smartctl.enable = true;
};
scrapeConfigs = [
{
job_name = "xeon07";
static_configs = [{
targets = [
"127.0.0.1:${toString config.services.prometheus.exporters.node.port}"
"127.0.0.1:${toString config.services.prometheus.exporters.ipmi.port}"
"127.0.0.1:9323"
"127.0.0.1:9252"
"127.0.0.1:${toString config.services.prometheus.exporters.smartctl.port}"
];
}];
}
];
};
}

98
xeon07/net.nix Normal file
View File

@@ -0,0 +1,98 @@
{ pkgs, ... }:
{
# Infiniband (IPoIB)
environment.systemPackages = [ pkgs.rdma-core ];
boot.kernelModules = [ "ib_umad" "ib_ipoib" ];
networking = {
hostName = "xeon07";
enableIPv6 = false;
useDHCP = false;
#defaultGateway = "10.0.40.30";
nameservers = ["8.8.8.8"];
interfaces.eno1.ipv4.addresses = [ {
address = "10.0.40.7";
prefixLength = 24;
} ];
interfaces.ibp5s0.ipv4.addresses = [ {
address = "10.0.42.7";
prefixLength = 24;
} ];
proxy = {
default = "http://localhost:23080/";
noProxy = "127.0.0.1,localhost,internal.domain";
};
firewall = {
enable = true;
allowedTCPPorts = [ 22 ];
# FIXME: For slurmd as it requests the compute nodes to connect to us
allowedTCPPortRanges = [ { from=1024; to=65535; } ];
};
extraHosts = ''
10.0.40.30 ssfhead
84.88.53.236 ssfhead.bsc.es ssfhead
# Node Entry for node: mds01 (ID=72)
10.0.40.40 mds01 mds01-eth0
10.0.42.40 mds01-ib0
10.0.40.141 mds01-ipmi0
# Node Entry for node: oss01 (ID=73)
10.0.40.41 oss01 oss01-eth0
10.0.42.41 oss01-ib0
10.0.40.142 oss01-ipmi0
# Node Entry for node: oss02 (ID=74)
10.0.40.42 oss02 oss02-eth0
10.0.42.42 oss02-ib0
10.0.40.143 oss02-ipmi0
# Node Entry for node: xeon01 (ID=15)
10.0.40.1 xeon01 xeon01-eth0
10.0.42.1 xeon01-ib0
10.0.40.101 xeon01-ipmi0
# Node Entry for node: xeon02 (ID=16)
10.0.40.2 xeon02 xeon02-eth0
10.0.42.2 xeon02-ib0
10.0.40.102 xeon02-ipmi0
# Node Entry for node: xeon03 (ID=17)
10.0.40.3 xeon03 xeon03-eth0
10.0.42.3 xeon03-ib0
10.0.40.103 xeon03-ipmi0
# Node Entry for node: xeon04 (ID=18)
10.0.40.4 xeon04 xeon04-eth0
10.0.42.4 xeon04-ib0
10.0.40.104 xeon04-ipmi0
# Node Entry for node: xeon05 (ID=19)
10.0.40.5 xeon05 xeon05-eth0
10.0.42.5 xeon05-ib0
10.0.40.105 xeon05-ipmi0
# Node Entry for node: xeon06 (ID=20)
10.0.40.6 xeon06 xeon06-eth0
10.0.42.6 xeon06-ib0
10.0.40.106 xeon06-ipmi0
# Node Entry for node: xeon07 (ID=21)
10.0.40.7 xeon07 xeon07-eth0
10.0.42.7 xeon07-ib0
10.0.40.107 xeon07-ipmi0
# Node Entry for node: xeon08 (ID=22)
10.0.40.8 xeon08 xeon08-eth0
10.0.42.8 xeon08-ib0
10.0.40.108 xeon08-ipmi0
'';
};
}

9
xeon07/nfs.nix Normal file
View File

@@ -0,0 +1,9 @@
{ ... }:
{
services.nfs.server.enable = true;
services.nfs.server.exports = ''
/nix 10.0.40.0/24(ro,sync,no_subtree_check,root_squash)
'';
networking.firewall.allowedTCPPorts = [ 2049 ];
}

25
xeon07/overlays.nix Normal file
View File

@@ -0,0 +1,25 @@
{ options, ... }:
let
bscpkgsSrc = builtins.fetchTarball "https://pm.bsc.es/gitlab/rarias/bscpkgs/-/archive/master/bscpkgs-master.tar.gz";
bscpkgs = import "${bscpkgsSrc}/overlay.nix";
xeon07Overlay = (self: super: {
slurm = super.bsc.slurm-16-05-8-1;
});
in
{
nix.nixPath =
# Prepend default nixPath values.
options.nix.nixPath.default ++
# Append our nixpkgs-overlays.
[ "nixpkgs-overlays=/etc/nixos/overlays-compat/" ]
;
nixpkgs.overlays = [
bscpkgs xeon07Overlay
];
}

9
xeon07/secrets.nix Normal file
View File

@@ -0,0 +1,9 @@
let
root = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIII/1TNArcwA6D47mgW4TArwlxQRpwmIGiZDysah40Gb";
system = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICO7jIp6JRnRWTMDsTB/aiaICJCl4x8qmKMPSs4lCqP1";
systems = [ root system ];
in
{
"secrets/ovni-token.age".publicKeys = systems;
"secrets/nosv-token.age".publicKeys = systems;
}

BIN
xeon07/secrets/nosv-token.age Normal file
View File

Binary file not shown.

11
xeon07/secrets/ovni-token.age Normal file
View File

@@ -0,0 +1,11 @@
age-encryption.org/v1
-> ssh-ed25519 MSF3dg Ivlduky3TjzCthY9RB/Jb0+MouX2FYW06hoNdQ+f818
NKnuQrTQBXjTArXG6/5KV5cdg/9JUk/l3vVdYq0fXOE
-> ssh-ed25519 HY2yRg 1ZCKpZ7sXNPgllHoozCgyW8NqK2TCoyCYZdug6YeJkM
BEeThDkjfaK9S5a81HcyaZv9zobKANVMEimduc/IO54
-> &eB%}y-grease o;.XY Yirz }Xh\DG
CkLRClqWRkCr7n8o5UV9+kdCik2iTG/dI1s666CKcgxbAPohmryJzOKdgRLyzCf0
CSPMUfrixmuQtuShigtmY6Pm2A
--- GEuNMnWZ3+B6QNXv7s7bfJdJ2bJAAW+jbfHQZ0UQB+k
<EFBFBD><EFBFBD>3<EFBFBD><EFBFBD>.<2E>-<2D>Ӯ<EFBFBD>ƿD<C6BF><44><EFBFBD>{\<5C><><EFBFBD>%<25><>R0<>߷<EFBFBD><DFB7><EFBFBD><EFBFBD><EFBFBD><EFBFBD>|<7C>P<EFBFBD>F<EFBFBD><46>x<EFBFBD>s<1E>_P<5F><50>x`4<>,<2C>z35<33>L<EFBFBD><4C><01>drj<72>2<EFBFBD><02>^<5E>
<EFBFBD><EFBFBD>]<5D>h<>4~AP<41>‹<EFBFBD>e3fT<66>E<EFBFBD>l*<2A>8z.<2E><><EFBFBD>x2<78>0<>7

12
xeon07/slurm.nix Normal file
View File

@@ -0,0 +1,12 @@
{ ... }:
{
services.slurm = {
client.enable = true;
controlMachine = "ssfhead";
clusterName = "owl";
nodeName = [
"xeon[01-08] Sockets=2 CoresPerSocket=14 ThreadsPerCore=2 Feature=xeon"
];
};
}

30
xeon07/ssh.nix Normal file
View File

@@ -0,0 +1,30 @@
{ ... }:
{
# Enable the OpenSSH daemon.
services.openssh.enable = true;
# Connect to intranet git hosts via proxy
programs.ssh.extraConfig = ''
Host bscpm02.bsc.es bscpm03.bsc.es gitlab-internal.bsc.es alya.gitlab.bsc.es
User git
ProxyCommand nc -X connect -x localhost:23080 %h %p
'';
# Authorize keys
users.users = {
root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKBOf4r4lzQfyO0bx5BaREePREw8Zw5+xYgZhXwOZoBO ram@hop"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINa0tvnNgwkc5xOwd6xTtaIdFi5jv0j2FrE7jl5MTLoE ram@mio"
];
rarias.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKBOf4r4lzQfyO0bx5BaREePREw8Zw5+xYgZhXwOZoBO ram@hop"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINa0tvnNgwkc5xOwd6xTtaIdFi5jv0j2FrE7jl5MTLoE ram@mio"
];
};
programs.ssh.knownHosts = {
"gitlab-internal.bsc.es".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF9arsAOSRB06hdy71oTvJHG2Mg8zfebADxpvc37lZo3";
"bscpm03.bsc.es".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM2NuSUPsEhqz1j5b4Gqd+MWFnRqyqY57+xMvBUqHYUS";
};
}

20
xeon07/users.nix Normal file
View File

@@ -0,0 +1,20 @@
{ ... }:
{
users = {
mutableUsers = false;
users.rarias = {
uid = 1880;
isNormalUser = true;
home = "/home/Computational/rarias";
description = "Rodrigo Arias";
group = "Computational";
extraGroups = [ "wheel" ];
hashedPassword = "$6$u06tkCy13enReBsb$xiI.twRvvTfH4jdS3s68NZ7U9PSbGKs5.LXU/UgoawSwNWhZo2hRAjNL5qG0/lAckzcho2LjD0r3NfVPvthY6/";
};
groups = {
Computational = { gid = 564; };
};
};
}