flake.lock: Update

Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/8bb5646e0bed5dbd3ab08c7a7cc15b75ab4e1d0f?narHash=sha256-SqUuBFjhl/kpDiVaKLQBoD8TLD%2B/cTUzzgVFoaHrkqY%3D' (2025-11-30) → 'github:NixOS/nixpkgs/3c9db02515ef1d9b6b709fc60ba9a540957f661c?narHash=sha256-2GffSfQxe3sedHzK%2BsTKlYo/NTIAGzbFCIsNMUPAAnk%3D' (2026-01-05)
Remove conflicting definitions in amd-uprof-driver
2026-01-07 13:41:40 +01:00 · 2026-01-07 13:29:45 +01:00 · 2026-01-07 13:29:45 +01:00 · 2026-01-07 13:29:45 +01:00 · 2026-01-07 13:29:45 +01:00 · 2026-01-07 13:29:44 +01:00
3 changed files with 16 additions and 3 deletions
--- a/flake.lock
+++ b/flake.lock
@@ -2,11 +2,11 @@
  "nodes": {
    "nixpkgs": {
      "locked": {
-        "lastModified": 1764522689,
-        "narHash": "sha256-SqUuBFjhl/kpDiVaKLQBoD8TLD+/cTUzzgVFoaHrkqY=",
+        "lastModified": 1767634882,
+        "narHash": "sha256-2GffSfQxe3sedHzK+sTKlYo/NTIAGzbFCIsNMUPAAnk=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "8bb5646e0bed5dbd3ab08c7a7cc15b75ab4e1d0f",
+        "rev": "3c9db02515ef1d9b6b709fc60ba9a540957f661c",
        "type": "github"
      },
      "original": {
--- a/m/apex/configuration.nix
+++ b/m/apex/configuration.nix
@@ -57,6 +57,18 @@
    };
  };

+  services.fail2ban = {
+    enable = true;
+    maxretry = 5;
+    bantime-increment = {
+      enable = true; # Double ban time on each attack
+      maxtime = "7d"; # Ban up to a week
+    };
+  };
+
+  # Disable SSH login with password, allow only keypair
+  services.openssh.settings.PasswordAuthentication = false;
+
  networking.firewall = {
    extraCommands = ''
      # Blackhole BSC vulnerability scanner (OpenVAS) as it is spamming our
--- a/m/common/base/users.nix
+++ b/m/common/base/users.nix
@@ -139,6 +139,7 @@
        openssh.authorizedKeys.keys = [
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKGt0ESYxekBiHJQowmKpfdouw0hVm3N7tUMtAaeLejK vincent@varch"
        ];
+        shell = pkgs.zsh;
      };

      pmartin1 = {
Author	SHA1	Message	Date
Rodrigo Arias Mallo	14fe50fc2a	flake.lock: Update Some checks failed CI / build:all (pull_request) Failing after 1m45s Details CI / build:cross (pull_request) Failing after 1m43s Details Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/8bb5646e0bed5dbd3ab08c7a7cc15b75ab4e1d0f?narHash=sha256-SqUuBFjhl/kpDiVaKLQBoD8TLD%2B/cTUzzgVFoaHrkqY%3D' (2025-11-30) → 'github:NixOS/nixpkgs/3c9db02515ef1d9b6b709fc60ba9a540957f661c?narHash=sha256-2GffSfQxe3sedHzK%2BsTKlYo/NTIAGzbFCIsNMUPAAnk%3D' (2026-01-05)	2026-01-07 13:41:40 +01:00
Aleix Boné	178afc667e	Remove conflicting definitions in amd-uprof-driver See: https://lkml.org/lkml/2025/4/9/1709	2026-01-07 13:29:45 +01:00
Aleix Boné	596bf121a6	Mark mcxx as broken and remove from package list	2026-01-07 13:29:45 +01:00
Aleix Boné	1a8549064b	Fix moved package linuxPackages.perf is now perf	2026-01-07 13:29:45 +01:00
Aleix Boné	54e9f0a561	Fix replaced nixseparatedebuginfod nixseparatedebuginfod has been replaced by nixseparatedebuginfod2	2026-01-07 13:29:45 +01:00
Aleix Boné	e8702f49c3	Use standard gcc for intel packages This reverts `26f52aa27d`	2026-01-07 13:29:44 +01:00
Aleix Boné	c81813b0f8	Fix renamed option watchdog.runtimeTime The option 'systemd.watchdog.runtimeTime' has been renamed to 'systemd.settings.Manager.RuntimeWatchdogSec'.	2026-01-07 13:29:44 +01:00
Aleix Boné	81114d55b8	Replace wrapGAppsHook with wrapGAppsHook3	2026-01-07 13:29:44 +01:00
Aleix Boné	f4bb3e7c17	Fix changed cudaPackages.cuda_cudart output See: https://github.com/NixOS/nixpkgs/pull/437723	2026-01-07 13:29:44 +01:00
Aleix Boné	c80a855627	Set pyproject=true in buildPythonApplication The buildPythonPackage and buildPythonApplication functions now require an explicit format attribute. Previously the default format used setuptools and called setup.py from the source tree, which is deprecated. The modern alternative is to configure pyproject = true with build-system = [ setuptools ].	2026-01-07 13:29:44 +01:00
Aleix Boné	e9a3a5ecc7	Fix renamed llvm bintools Moved from llvmPackages_latest.tools.bintools to llvmPackages_latest.bintools	2026-01-07 13:29:44 +01:00
Aleix Boné	272185d9b7	Upgrade nixpkgs to 25.11	2026-01-07 13:29:44 +01:00
Vincent A. Arcila	859eebda98	Change varcila shell to zsh All checks were successful CI / build:all (push) Successful in 59m37s Details CI / build:cross (push) Successful in 1h27m33s Details CI / build:cross (pull_request) Successful in 1h29m20s Details CI / build:all (pull_request) Successful in 1h29m22s Details Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>	2026-01-07 13:22:17 +01:00
Rodrigo Arias Mallo	c2a201b085	Increase fail2ban ban time on each attempt Some checks failed CI / build:all (push) Has been cancelled Details CI / build:cross (push) Has been cancelled Details CI / build:all (pull_request) Successful in 1h38m5s Details CI / build:cross (pull_request) Successful in 1h38m3s Details Reviewed-by: Aleix Boné <abonerib@bsc.es>	2026-01-07 13:14:34 +01:00
Rodrigo Arias Mallo	f921f0a4bd	Disable password login via SSH in apex Reviewed-by: Aleix Boné <abonerib@bsc.es>	2026-01-07 13:14:30 +01:00
Rodrigo Arias Mallo	aa16bfc0bc	Enable fail2ban in apex login node We are seeing a lot of failed attempts from the same IPs: apex% sudo journalctl -u sshd -b0 \| grep 'Failed password' \| wc -l 2441 Reviewed-by: Aleix Boné <abonerib@bsc.es>	2026-01-07 13:14:22 +01:00