jungle

Author	SHA1	Message	Date
Rodrigo Arias Mallo	60acbeddcd	Fix hrtimer new interface The hrtimer_init() is now done via hrtimer_setup() with the callback function as argument. See: https://lwn.net/Articles/996598/ Reviewed-by: Aleix Boné <abonerib@bsc.es>	2025-10-01 16:40:18 +02:00
Rodrigo Arias Mallo	29a67a6822	Use CFLAGS_MODULE instead of EXTRA_CFLAGS Fixes the build in Linux 6.15.6, as it was not able to find the include files. Reviewed-by: Aleix Boné <abonerib@bsc.es>	2025-10-01 16:40:18 +02:00
Rodrigo Arias Mallo	bb79a44202	Add AMD uProf module and enable it in fox Reviewed-by: Aleix Boné <abonerib@bsc.es>	2025-10-01 16:40:18 +02:00
Rodrigo Arias Mallo	5ce012ab8c	Add AMD uProf package and driver Reviewed-by: Aleix Boné <abonerib@bsc.es>	2025-10-01 16:40:18 +02:00
Rodrigo Arias Mallo	d5b6199b82	Mount home via NFS from apex in fox Reviewed-by: Aleix Roca Nonell <aleix.rocanonell@bsc.es>	2025-10-01 16:40:18 +02:00
Rodrigo Arias Mallo	e259b6cd2a	Allow access to NFS via wireguard subnet Reviewed-by: Aleix Roca Nonell <aleix.rocanonell@bsc.es>	2025-10-01 16:40:18 +02:00
Rodrigo Arias Mallo	6ad78795d6	Use 10.106.0.0/24 subnet to avoid collisions The 106 byte is the code for 'j' (jungle) in ASCII: % printf j \| od -t d 0000000 106 0000001 Reviewed-by: Aleix Roca Nonell <aleix.rocanonell@bsc.es>	2025-10-01 16:40:18 +02:00
Rodrigo Arias Mallo	333e24d80b	Revert "Remove pam_slurm_adopt from fox" This reverts commit 64a52801ed8d5c4a57650c2c434254a9986c1901. Reviewed-by: Aleix Roca Nonell <aleix.rocanonell@bsc.es>	2025-10-01 16:40:18 +02:00
Rodrigo Arias Mallo	8ebc51b33e	Enable fail2ban in fox Protect fox against ssh bruteforce attacks: fox% sudo lastb \| head root ssh:notty 200.124.28.102 Mon Sep 1 11:25 - 11:25 (00:00) root ssh:notty 200.124.28.102 Mon Sep 1 11:25 - 11:25 (00:00) root ssh:notty 200.124.28.102 Mon Sep 1 11:25 - 11:25 (00:00) root ssh:notty 200.124.28.102 Mon Sep 1 11:25 - 11:25 (00:00) root ssh:notty 200.124.28.102 Mon Sep 1 11:25 - 11:25 (00:00) root ssh:notty 200.124.28.102 Mon Sep 1 11:25 - 11:25 (00:00) root ssh:notty 200.124.28.102 Mon Sep 1 11:25 - 11:25 (00:00) root ssh:notty 200.124.28.102 Mon Sep 1 11:25 - 11:25 (00:00) root ssh:notty 200.124.28.102 Mon Sep 1 11:24 - 11:24 (00:00) root ssh:notty 200.124.28.102 Mon Sep 1 11:24 - 11:24 (00:00) Reviewed-by: Aleix Roca Nonell <aleix.rocanonell@bsc.es>	2025-10-01 16:40:18 +02:00
Rodrigo Arias Mallo	11d389f5c3	Accept connections from apex to fox slurmd Reviewed-by: Aleix Roca Nonell <aleix.rocanonell@bsc.es>	2025-10-01 16:40:18 +02:00
Rodrigo Arias Mallo	064e57d53f	Accept fox connection to slurm controller Reviewed-by: Aleix Roca Nonell <aleix.rocanonell@bsc.es>	2025-10-01 16:40:18 +02:00
Rodrigo Arias Mallo	871abab0eb	Add fox machine to SLURM Reviewed-by: Aleix Roca Nonell <aleix.rocanonell@bsc.es>	2025-10-01 16:40:18 +02:00
Rodrigo Arias Mallo	6f10e0ca89	Rekey secrets with trusted fox key Reviewed-by: Aleix Roca Nonell <aleix.rocanonell@bsc.es>	2025-10-01 16:40:18 +02:00
Rodrigo Arias Mallo	0315616af8	Trust fox for compute node secrets Reviewed-by: Aleix Roca Nonell <aleix.rocanonell@bsc.es>	2025-10-01 16:40:18 +02:00
Rodrigo Arias Mallo	b0fb3c7be3	Make apex host specific to each machine Allows direct contact via the VPN when accessing from fox, but use Internet when using the rest of the machines. Reviewed-by: Aleix Roca Nonell <aleix.rocanonell@bsc.es>	2025-10-01 16:40:18 +02:00
Rodrigo Arias Mallo	9912348c74	Add local host fox in apex Reviewed-by: Aleix Roca Nonell <aleix.rocanonell@bsc.es>	2025-10-01 16:40:18 +02:00
Rodrigo Arias Mallo	e19694fae2	Enable wireguard in apex Reviewed-by: Aleix Roca Nonell <aleix.rocanonell@bsc.es>	2025-10-01 16:40:18 +02:00
Rodrigo Arias Mallo	6c0010e100	Add wireguard server in fox Reviewed-by: Aleix Roca Nonell <aleix.rocanonell@bsc.es>	2025-10-01 16:40:18 +02:00
Rodrigo Arias Mallo	1f74cf2482	Use writeShellScript for suspend.sh and resume.sh Reviewed-by: Aleix Boné <abonerib@bsc.es>	2025-10-01 16:40:18 +02:00
Rodrigo Arias Mallo	5a51b28268	Add firewall rules to slurm server Reviewed-by: Aleix Boné <abonerib@bsc.es>	2025-10-01 16:40:18 +02:00
Rodrigo Arias Mallo	46ef8f8aea	Remove hut from slurm Reviewed-by: Aleix Boné <abonerib@bsc.es>	2025-10-01 16:40:18 +02:00
Rodrigo Arias Mallo	f0f5712cd0	Only configure apex as slurm server Reviewed-by: Aleix Boné <abonerib@bsc.es>	2025-10-01 16:40:18 +02:00
Rodrigo Arias Mallo	d5d065772f	Split slurm configuration for client and server Reviewed-by: Aleix Boné <abonerib@bsc.es>	2025-10-01 16:40:18 +02:00
Rodrigo Arias Mallo	076684b97f	Move slurm control server to apex Reviewed-by: Aleix Boné <abonerib@bsc.es>	2025-10-01 16:40:18 +02:00
Aleix Boné	3d99e9282a	Fix typo in csiringo ssh key Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>	2025-10-01 16:40:18 +02:00
Aleix Boné	b043d21161	Enable nix-ld in weasel Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>	2025-10-01 16:40:18 +02:00
Aleix Boné	8c89093e40	Add csiringo user with access to apex and weasel Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>	2025-10-01 16:40:18 +02:00
Rodrigo Arias Mallo	06496a3b06	Access gitlab via raccoon in fox Reviewed-by: Aleix Roca Nonell <aleix.rocanonell@bsc.es>	2025-10-01 16:40:18 +02:00
Rodrigo Arias Mallo	a1fd57b67d	Move StartLimit* options to unit section The StartLimitBurst and StartLimitIntervalSec options belong to the [Unit] section, otherwise they are ignored in [Service]: > Unknown key 'StartLimitIntervalSec' in section [Service], ignoring. When using [Unit], the limits are properly set: apex% systemctl show power-policy.service \| grep StartLimit StartLimitIntervalUSec=10min StartLimitBurst=10 StartLimitAction=none Reviewed-by: Aleix Boné <abonerib@bsc.es>	2025-10-01 16:40:18 +02:00
Rodrigo Arias Mallo	c48e261b41	Set power policy to always turn on In all machines, as soon as we recover the power, turn the machine back on. We cannot rely on the previous state as we will shut them down before the power is cut to prevent damage on the power supply monitoring circuit. Reviewed-by: Aleix Roca Nonell <aleix.rocanonell@bsc.es> Reviewed-by: Aleix Boné <abonerib@bsc.es>	2025-10-01 16:40:18 +02:00
Rodrigo Arias Mallo	3e0156d7a0	Add NixOS module to control power policy Reviewed-by: Aleix Roca Nonell <aleix.rocanonell@bsc.es> Reviewed-by: Aleix Boné <abonerib@bsc.es>	2025-10-01 16:40:18 +02:00
Rodrigo Arias Mallo	ef28582bd8	Move August shutdown to 3rd at 22h Reviewed-by: Aleix Roca Nonell <aleix.rocanonell@bsc.es> Reviewed-by: Aleix Boné <abonerib@bsc.es>	2025-10-01 16:40:18 +02:00
Rodrigo Arias Mallo	91fd1756e8	Disable automatic August shutdown for Fox The UPC has different dates for the yearly power cut, and Fox can recover properly from a power loss, so we don't need to have it turned off before the power cut. Simply disabling the timer is enough. Reviewed-by: Aleix Roca Nonell <aleix.rocanonell@bsc.es> Reviewed-by: Aleix Boné <abonerib@bsc.es>	2025-10-01 16:40:17 +02:00
Rodrigo Arias Mallo	f7bf8e632d	Add cudainfo program to test CUDA The cudainfo program checks that we can initialize the CUDA RT library and communicate with the driver. It can be used as standalone program or built with cudainfo.gpuCheck so it is executed inside the build sandbox to see if it also works fine. It uses the autoAddDriverRunpath hook to inject in the runpath the location of the library directory for CUDA libraries. Reviewed-by: Aleix Boné <abonerib@bsc.es>	2025-10-01 16:40:17 +02:00
Rodrigo Arias Mallo	c57aaef2ce	Add missing symlink in cuda sandbox Reviewed-by: Aleix Boné <abonerib@bsc.es>	2025-10-01 16:40:17 +02:00
Aleix Boné	df9cec496a	Enable cuda systemFeature in raccoon and fox This allows running derivations which depend on cuda runtime without breaking the sandbox. We only need to add `requiredSystemFeatures = [ "cuda" ];` to the derivation. Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>	2025-10-01 16:40:17 +02:00
Aleix Boné	348ebb5053	Move shared nvidia settings to a separate module Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>	2025-10-01 16:40:17 +02:00
Aleix Boné	af0f87ccd2	Replace xeon07 by hut in ssh config The xeon07 machine has been renamed to hut. Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>	2025-10-01 16:40:17 +02:00
Rodrigo Arias Mallo	1145dc28a4	Enable automatic Nix GC in raccoon Reviewed-by: Aleix Boné <abonerib@bsc.es>	2025-10-01 16:40:17 +02:00
Rodrigo Arias Mallo	31c4fab9a0	Select proprietary NVIDIA driver in raccoon The NVIDIA GTX 960 from 2016 has the Maxwell architecture, and NixOS suggests using the proprietary driver for older than Turing: > It is suggested to use the open source kernel modules on Turing or > later GPUs (RTX series, GTX 16xx), and the closed source modules > otherwise. Reviewed-by: Aleix Boné <abonerib@bsc.es>	2025-10-01 16:40:17 +02:00
Rodrigo Arias Mallo	4c9e197a27	Enable open source NVidia driver in fox It is recommended for newer versions. Reviewed-by: Aleix Boné <abonerib@bsc.es>	2025-10-01 16:40:17 +02:00
Rodrigo Arias Mallo	b77fc54e8a	Remove option allowUnfree from fox and raccoon It is already set to true for all machines. Reviewed-by: Aleix Boné <abonerib@bsc.es>	2025-10-01 16:40:17 +02:00
Rodrigo Arias Mallo	16f1a65d33	Ban another scanner trying to connect via SSH It is constantly spamming out logs: apex# journalctl \| grep 'Connection closed by 84.88.52.176' \| wc -l 2255 Reviewed-by: Aleix Boné <abonerib@bsc.es>	2025-10-01 16:40:17 +02:00
Rodrigo Arias Mallo	4fd103a489	Update weasel IPMI hostname for monitoring Reviewed-by: Aleix Boné <abonerib@bsc.es>	2025-10-01 16:40:17 +02:00
Rodrigo Arias Mallo	1a4411d529	Remove merged MPICH patch Reviewed-by: Aleix Roca Nonell <aleix.rocanonell@bsc.es>	2025-10-01 16:40:17 +02:00
Rodrigo Arias Mallo	00a2da0ede	Remove package ix as it is gone Fails with: "error: ix has been removed from Nixpkgs, as the ix.io pastebin has been offline since Dec. 2023". Reviewed-by: Aleix Roca Nonell <aleix.rocanonell@bsc.es>	2025-10-01 16:40:17 +02:00
Rodrigo Arias Mallo	1285a47b68	flake.lock: Update Flake lock file updates: • Updated input 'agenix': 'github:ryantm/agenix/f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41?narHash=sha256-b%2Buqzj%2BWa6xgMS9aNbX4I%2BsXeb5biPDi39VgvSFqFvU%3D' (2024-08-10) → 'github:ryantm/agenix/531beac616433bac6f9e2a19feb8e99a22a66baf?narHash=sha256-9P1FziAwl5%2B3edkfFcr5HeGtQUtrSdk/MksX39GieoA%3D' (2025-06-17) • Updated input 'agenix/darwin': 'github:lnl7/nix-darwin/4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d?narHash=sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0%3D' (2023-11-24) → 'github:lnl7/nix-darwin/43975d782b418ebf4969e9ccba82466728c2851b?narHash=sha256-dyN%2BteG9G82G%2Bm%2BPX/aSAagkC%2BvUv0SgUw3XkPhQodQ%3D' (2025-04-12) • Updated input 'agenix/home-manager': 'github:nix-community/home-manager/3bfaacf46133c037bb356193bd2f1765d9dc82c1?narHash=sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE%3D' (2023-12-20) → 'github:nix-community/home-manager/abfad3d2958c9e6300a883bd443512c55dfeb1be?narHash=sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs%3D' (2025-04-24) • Updated input 'bscpkgs': 'git+https://git.sr.ht/~rodarima/bscpkgs?ref=refs/heads/master&rev=6782fc6c5b5a29e84a7f2c2d1064f4bcb1288c0f' (2024-11-29) → 'git+https://git.sr.ht/~rodarima/bscpkgs?ref=refs/heads/master&rev=9d1944c658929b6f98b3f3803fead4d1b91c4405' (2025-06-11) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/9c6b49aeac36e2ed73a8c472f1546f6d9cf1addc?narHash=sha256-i/UJ5I7HoqmFMwZEH6vAvBxOrjjOJNU739lnZnhUln8%3D' (2025-01-14) → 'github:NixOS/nixpkgs/dfcd5b901dbab46c9c6e80b265648481aafb01f8?narHash=sha256-Kt1UIPi7kZqkSc5HVj6UY5YLHHEzPBkgpNUByuyxtlw%3D' (2025-07-13) Reviewed-by: Aleix Roca Nonell <aleix.rocanonell@bsc.es>	2025-10-01 16:40:17 +02:00
Rodrigo Arias Mallo	6479c667ba	Upgrade nixpkgs to nixos 25.05 Reviewed-by: Aleix Roca Nonell <aleix.rocanonell@bsc.es>	2025-10-01 16:40:17 +02:00
Rodrigo Arias Mallo	77a9e5f4be	Silently ban OpenVAS BSC scanner from apex It is spamming our logs with refused connection lines: apex% sudo journalctl -b0 \| grep 'refused connection.*SRC=192.168.8.16' \| wc -l 13945 Reviewed-by: Aleix Boné <abonerib@bsc.es>	2025-10-01 16:40:17 +02:00
Rodrigo Arias Mallo	4a951d14ef	Rotate anavarro password and SSH key Reviewed-by: Aleix Boné <abonerib@bsc.es>	2025-10-01 16:40:17 +02:00

1 2 3 4 5 ...

442 Commits