Show breadcrumbs in the web

Add some introduction tutorials for Nix
Revert "Update slurm to 23.02.05.1"
2023-09-15 16:32:26 +02:00 · 2023-09-15 16:31:58 +02:00 · 2023-09-14 15:46:18 +02:00 · 2023-09-14 15:45:43 +02:00 · 2023-09-13 17:44:24 +02:00 · 2023-09-13 15:57:13 +02:00
208 changed files with 28701 additions and 366 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,2 @@
 *.swp
 /result
--- a/doc/Intel_Server_Board_S2600WF_TPS_2_6.pdf
+++ b/doc/Intel_Server_Board_S2600WF_TPS_2_6.pdf
--- a/doc/SEL_TroubleshootingGuide.pdf
+++ b/doc/SEL_TroubleshootingGuide.pdf
--- a/doc/bsc-ssf.pdf
+++ b/doc/bsc-ssf.pdf
--- a/doc/install.md
+++ b/doc/install.md
@ -0,0 +1,152 @@
 # Installing NixOS in a new node
 This article shows the steps to install NixOS in a node following the
 configuration of the repo.
 ## Enable the serial console
 By default, the nodes have the serial console disabled in the GRUB and also boot
 without the serial enabled.
 To enable the serial console in the GRUB, set in /etc/default/grub the following
 lines:
 ```
 GRUB_TERMINAL="console serial"
 GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1"
 ```
 To boot Linux with the serial enabled, so you can see the boot log and login via
 serial set:
 ```
 GRUB_CMDLINE_LINUX="console=ttyS0,115200n8 console=tty0"
 ```
 Then update the grub config:
 ```
 # grub2-mkconfig -o /boot/grub2/grub.cfg
 ```
 And reboot.
 ## Prepare the disk
 Create a main partition and label it `nixos` following [the manual][1].
 [1]: https://nixos.org/manual/nixos/stable/index.html#sec-installation-manual-partitioning.
 ```
 # disk=/dev/sdX
 # parted $disk -- mklabel msdos
 # parted $disk -- mkpart primary 1MB -8GB
 # parted $disk -- mkpart primary linux-swap -8GB 100%
 # parted $disk -- set 1 boot on
 ```
 Then create an etx4 filesystem, labeled `nixos` where the system will be
 installed. **Ensure that no other partition has the same label.**
 ```
 # mkfs.ext4 -L nixos "${disk}1"
 # mkswap -L swap "${disk}2"
 # mount ${disk}1 /mnt
 # lsblk -f $disk
 NAME   FSTYPE LABEL UUID                                 MOUNTPOINT
 sdX
 `-sdX1 ext4   nixos 10d73b75-809c-4fa3-b99d-4fab2f0d0d8e /mnt
 ```
 ## Prepare nix and nixos-install
 Mount the nix store from the hut node in read-only /nix.
 ```
 # mkdir /nix
 # mount -o ro hut:/nix /nix
 ```
 Get the nix binary and nixos-install tool from hut:
 ```
 # ssh hut 'readlink -f $(which nix)'
 /nix/store/0sxbaj71c4c4n43qhdxm31f56gjalksw-nix-2.13.3/bin/nix
 # ssh hut 'readlink -f $(which nixos-install)'
 /nix/store/9yq8ps06ysr2pfiwiij39ny56yk3pdcs-nixos-install/bin/nixos-install
 ```
 And add them to the PATH:
 ```
 # export PATH=$PATH:/nix/store/0sxbaj71c4c4n43qhdxm31f56gjalksw-nix-2.13.3/bin
 # export PATH=$PATH:/nix/store/9yq8ps06ysr2pfiwiij39ny56yk3pdcs-nixos-install/bin/
 # nix --version
 nix (Nix) 2.13.3
 ```
 ## Adapt owl configuration
 Clone owl repo:
 ```
 $ git clone git@bscpm03.bsc.es:rarias/owl.git
 $ cd owl
 ```
 Edit the configuration to your needs.
 ## Install from another Linux OS
 Install nixOS into the storage drive.
 ```
 # nixos-install --flake --root /mnt .#xeon0X
 ```
 At this point, the nixOS grub has been installed into the nixos device, which
 is not the default boot device. To keep both the old Linux and NixOS grubs, add
 an entry into the old Linux grub to jump into the new grub.
 ```
 # echo "
 menuentry 'NixOS' {
    insmod chain
    search --no-floppy --label nixos --set root
    configfile /boot/grub/grub.cfg
 } " >> /etc/grub.d/40_custom
 ```
 Rebuild grub config.
 ```
 # grub2-mkconfig -o /boot/grub/grub.cfg
 ```
 To boot into NixOS manually, reboot and select NixOS in the grub menu to boot
 into NixOS.
 To temporarily boot into NixOS only on the next reboot run:
 ```
 # grub2-reboot 'NixOS'
 ```
 To permanently boot into NixOS as the default boot OS, edit `/etc/default/grub/`:
 ```
 GRUB_DEFAULT='NixOS'
 ```
 And update grub.
 ```
 # grub2-mkconfig -o /boot/grub/grub.cfg
 ```
 ## Build the nixos kexec image
 ```
 # nix build .#nixosConfigurations.xeon02.config.system.build.kexecTree -v
 ```
--- a/flake.lock
+++ b/flake.lock
@ -0,0 +1,114 @@
 {
  "nodes": {
    "agenix": {
      "inputs": {
        "darwin": "darwin",
        "home-manager": "home-manager",
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1690228878,
        "narHash": "sha256-9Xe7JV0krp4RJC9W9W9WutZVlw6BlHTFMiUP/k48LQY=",
        "owner": "ryantm",
        "repo": "agenix",
        "rev": "d8c973fd228949736dedf61b7f8cc1ece3236792",
        "type": "github"
      },
      "original": {
        "owner": "ryantm",
        "repo": "agenix",
        "type": "github"
      }
    },
    "bscpkgs": {
      "inputs": {
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1694077645,
        "narHash": "sha256-72bvRBhq8Q8V6ibsR9lyBE92V2EC6C6Ek3J5cOM79So=",
        "ref": "refs/heads/master",
        "rev": "6122fef92701701e1a0622550ac0fc5c2beb5906",
        "revCount": 860,
        "type": "git",
        "url": "https://pm.bsc.es/gitlab/rarias/bscpkgs.git"
      },
      "original": {
        "type": "git",
        "url": "https://pm.bsc.es/gitlab/rarias/bscpkgs.git"
      }
    },
    "darwin": {
      "inputs": {
        "nixpkgs": [
          "agenix",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1673295039,
        "narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=",
        "owner": "lnl7",
        "repo": "nix-darwin",
        "rev": "87b9d090ad39b25b2400029c64825fc2a8868943",
        "type": "github"
      },
      "original": {
        "owner": "lnl7",
        "ref": "master",
        "repo": "nix-darwin",
        "type": "github"
      }
    },
    "home-manager": {
      "inputs": {
        "nixpkgs": [
          "agenix",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1682203081,
        "narHash": "sha256-kRL4ejWDhi0zph/FpebFYhzqlOBrk0Pl3dzGEKSAlEw=",
        "owner": "nix-community",
        "repo": "home-manager",
        "rev": "32d3e39c491e2f91152c84f8ad8b003420eab0a1",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "home-manager",
        "type": "github"
      }
    },
    "nixpkgs": {
      "locked": {
        "lastModified": 1693663421,
        "narHash": "sha256-ImMIlWE/idjcZAfxKK8sQA7A1Gi/O58u5/CJA+mxvl8=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "e56990880811a451abd32515698c712788be5720",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixos-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "root": {
      "inputs": {
        "agenix": "agenix",
        "bscpkgs": "bscpkgs",
        "nixpkgs": "nixpkgs"
      }
    }
  },
  "root": "root",
  "version": 7
 }
--- a/flake.nix
+++ b/flake.nix
@ -0,0 +1,31 @@
 {
  inputs = {
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
    agenix.url = "github:ryantm/agenix";
    agenix.inputs.nixpkgs.follows = "nixpkgs";
    bscpkgs.url = "git+https://pm.bsc.es/gitlab/rarias/bscpkgs.git";
    bscpkgs.inputs.nixpkgs.follows = "nixpkgs";
  };
  outputs = { self, nixpkgs, agenix, bscpkgs, ... }:
 let
  mkConf = name: nixpkgs.lib.nixosSystem {
    system = "x86_64-linux";
    specialArgs = { inherit nixpkgs bscpkgs agenix; theFlake = self; };
    modules = [ "${self.outPath}/m/${name}/configuration.nix" ];
  };
 in
  {
    nixosConfigurations = {
      hut   = mkConf "hut";
      owl1  = mkConf "owl1";
      owl2  = mkConf "owl2";
      eudy  = mkConf "eudy";
      koro  = mkConf "koro";
      bay   = mkConf "bay";
      lake2 = mkConf "lake2";
    };
    packages.x86_64-linux.hut = self.nixosConfigurations.hut.pkgs;
  };
 }
--- a/keys.nix
+++ b/keys.nix
@ -0,0 +1,29 @@
 # As agenix needs to parse the secrets from a standalone .nix file, we describe
 # here all the public keys
 rec {
  hosts = {
    hut   = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICO7jIp6JRnRWTMDsTB/aiaICJCl4x8qmKMPSs4lCqP1 hut";
    owl1  = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMqMEXO0ApVsBA6yjmb0xP2kWyoPDIWxBB0Q3+QbHVhv owl1";
    owl2  = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHurEYpQzNHqWYF6B9Pd7W8UPgF3BxEg0BvSbsA7BAdK owl2";
    eudy  = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL+WYPRRvZupqLAG0USKmd/juEPmisyyJaP8hAgYwXsG eudy";
    koro  = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIImiTFDbxyUYPumvm8C4mEnHfuvtBY1H8undtd6oDd67 koro";
    bay   = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICvGBzpRQKuQYHdlUQeAk6jmdbkrhmdLwTBqf3el7IgU bay";
    lake2 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINo66//S1yatpQHE/BuYD/Gfq64TY7ZN5XOGXmNchiO0 lake2";
  };
  hostGroup = with hosts; rec {
    compute    = [ owl1 owl2 ];
    playground = [ eudy koro ];
    storage    = [ bay lake2 ];
    monitor    = [ hut ];
    system     = storage ++ monitor;
    safe       = system ++ compute;
    all        = safe ++ playground;
  };
  admins = {
    rarias = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE1oZTPtlEXdGt0Ak+upeCIiBdaDQtcmuWoTUCVuSVIR rarias@hut";
    root   = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIII/1TNArcwA6D47mgW4TArwlxQRpwmIGiZDysah40Gb root@hut";
  };
 }
--- a/m/bay/configuration.nix
+++ b/m/bay/configuration.nix
@ -0,0 +1,97 @@
 { config, pkgs, lib, ... }:
 {
  imports = [
    ../common/main.nix
    ../common/monitoring.nix
  ];
  # Select the this using the ID to avoid mismatches
  boot.loader.grub.device = "/dev/disk/by-id/wwn-0x55cd2e414d53562d";
  environment.systemPackages = with pkgs; [
    ceph
  ];
  services.slurm = {
    client.enable = lib.mkForce false;
  };
  networking = {
    hostName = "bay";
    interfaces.eno1.ipv4.addresses = [ {
      address = "10.0.40.40";
      prefixLength = 24;
    } ];
    interfaces.ibp5s0.ipv4.addresses = [ {
      address = "10.0.42.40";
      prefixLength = 24;
    } ];
  };
  services.ceph = {
    enable = true;
    global = {
      fsid = "9c8d06e0-485f-4aaf-b16b-06d6daf1232b";
      monHost = "10.0.40.40";
      monInitialMembers = "bay";
      clusterNetwork = "10.0.40.40/24"; # Use Ethernet only
    };
    extraConfig = {
      # Only log to stderr so it appears in the journal
      "log_file" = "/dev/null";
      "mon_cluster_log_file" = "/dev/null";
      "log_to_stderr" = "true";
      "err_to_stderr" = "true";
      "log_to_file" = "false";
    };
    mds = {
      enable = true;
      daemons = [ "mds0" "mds1" ];
      extraConfig = {
        "host" = "bay";
      };
    };
    mgr = {
      enable = true;
      daemons = [ "bay" ];
    };
    mon = {
      enable = true;
      daemons = [ "bay" ];
    };
    osd = {
      enable = true;
      # One daemon per NVME disk
      daemons = [ "0" "1" "2" "3" ];
      extraConfig = {
        "osd crush chooseleaf type" = "0";
        "osd journal size" = "10000";
        "osd pool default min size" = "2";
        "osd pool default pg num" = "200";
        "osd pool default pgp num" = "200";
        "osd pool default size" = "3";
      };
    };
  };
  # Missing service for volumes, see:
  # https://www.reddit.com/r/ceph/comments/14otjyo/comment/jrd69vt/
  systemd.services.ceph-volume = {
    enable = true;
    description = "Ceph Volume activation";
    unitConfig = {
      Type = "oneshot";
      After = "local-fs.target";
      Wants = "local-fs.target";
    };
    path = [ pkgs.ceph pkgs.util-linux pkgs.lvm2 pkgs.cryptsetup ];
    serviceConfig = {
      KillMode = "none";
      Environment = "CEPH_VOLUME_TIMEOUT=10000";
      ExecStart = "/bin/sh -c 'timeout $CEPH_VOLUME_TIMEOUT ${pkgs.ceph}/bin/ceph-volume lvm activate --all --no-systemd'";
      TimeoutSec = "0";
    };
    wantedBy = [ "multi-user.target" ];
  };
 }
--- a/m/common/agenix.nix
+++ b/m/common/agenix.nix
@ -0,0 +1,9 @@
 { agenix, ... }:
 {
  imports = [ agenix.nixosModules.default ];
  environment.systemPackages = [
    agenix.packages.x86_64-linux.default
  ];
 }
--- a/m/common/boot.nix
+++ b/m/common/boot.nix
@ -0,0 +1,39 @@
 { lib, pkgs, ... }:
 {
  # Use the GRUB 2 boot loader.
  boot.loader.grub.enable = lib.mkForce true;
  # Enable GRUB2 serial console
  boot.loader.grub.extraConfig = ''
    serial --unit=0 --speed=115200 --word=8 --parity=no --stop=1
    terminal_input --append serial
    terminal_output --append serial
  '';
  # Enable serial console
  boot.kernelParams = [
    "console=tty1"
    "console=ttyS0,115200"
  ];
  boot.kernel.sysctl = {
    "kernel.perf_event_paranoid" = lib.mkDefault "-1";
  };
  boot.kernelPackages = pkgs.linuxPackages_latest;
  #boot.kernelPatches = lib.singleton {
  #  name = "osnoise-tracer";
  #  patch = null;
  #  extraStructuredConfig = with lib.kernel; {
  #    OSNOISE_TRACER = yes;
  #    HWLAT_TRACER = yes;
  #  };
  #};
  boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "ehci_pci" "nvme" "usbhid" "sd_mod" ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModulePackages = [ ];
 }
--- a/m/common/fs.nix
+++ b/m/common/fs.nix
@ -1,6 +1,18 @@
 { ... }:
 {
  fileSystems."/" =
    { device = "/dev/disk/by-label/nixos";
      fsType = "ext4";
    };
  # Trim unused blocks weekly
  services.fstrim.enable = true;
  swapDevices =
    [ { device = "/dev/disk/by-label/swap"; }
    ];
  # Mount the home via NFS
  fileSystems."/home" = {
    device = "10.0.40.30:/home";
--- a/m/common/hw.nix
+++ b/m/common/hw.nix
@ -0,0 +1,14 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
 {
  imports =
    [ (modulesPath + "/installer/scan/not-detected.nix")
    ];
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/xeon07/configuration.nix
+++ b/xeon07/configuration.nix
@ -1,21 +1,47 @@
-{ config, pkgs, ... }:
+{ config, pkgs, nixpkgs, bscpkgs, agenix, theFlake, ... }:
 {
  imports = [
-    ./hardware-configuration.nix
+    ./agenix.nix
    ./boot.nix
    ./fs.nix
-    ./gitlab-runner.nix
+    ./hw.nix
    ./monitoring.nix
    ./net.nix
-    ./nfs.nix
+    ./ntp.nix
    ./overlays.nix
    ./slurm.nix
    ./ssh.nix
    ./users.nix
    ./watchdog.nix
    ./rev.nix
    ./zsh.nix
  ];
-    <agenix/modules/age.nix>
+  nixpkgs.overlays = [
    bscpkgs.bscOverlay
    (import ../../pkgs/overlay.nix)
  ];
  system.configurationRevision =
    if theFlake ? rev
    then theFlake.rev
    else throw ("Refusing to build from a dirty Git tree!");
  nix.nixPath = [
    "nixpkgs=${nixpkgs}"
    "bscpkgs=${bscpkgs}"
    "jungle=${theFlake.outPath}"
  ];
  nix.registry.nixpkgs.flake = nixpkgs;
  nix.registry.bscpkgs.flake = bscpkgs;
  nix.registry.jungle.flake = theFlake;
  environment.systemPackages = with pkgs; [
    vim wget git htop tmux pciutils tcpdump ripgrep nix-index nixos-option
    nix-diff ipmitool freeipmi ethtool lm_sensors ix cmake gnumake file tree
    ncdu config.boot.kernelPackages.perf ldns
    # From bsckgs overlay
    bsc.osumb
  ];
  systemd.services."serial-getty@ttyS0" = {
@ -24,15 +50,19 @@
    serviceConfig.Restart = "always";
  };
  # Increase limits
  security.pam.loginLimits = [
    {
      domain = "*";
      type = "-";
      item = "memlock";
      value = "1048576"; # 1 GiB of mem locked
    }
  ];
  time.timeZone = "Europe/Madrid";
  i18n.defaultLocale = "en_DK.UTF-8";
  environment.systemPackages = with pkgs; [
    vim wget git htop tmux pciutils tcpdump ripgrep nix-index nixos-option
    nix-diff ipmitool freeipmi ethtool lm_sensors
    (pkgs.callPackage <agenix/pkgs/agenix.nix> {})
  ];
  environment.variables = {
    EDITOR = "vim";
    VISUAL = "vim";
@ -43,14 +73,16 @@
  nix.settings.trusted-users = [ "@wheel" ];
  nix.gc.automatic = true;
  nix.gc.dates = "weekly";
  nix.gc.options = "--delete-older-than 30d";
-  programs.zsh.enable = true;
+  programs.bash.promptInit = ''
-  programs.zsh.histSize = 100000;
+    PS1="\h\\$ "
  '';
  # Copy the NixOS configuration file and link it from the resulting system
  # (/run/current-system/configuration.nix). This is useful in case you
  # accidentally delete configuration.nix.
-  system.copySystemConfiguration = true;
+  #system.copySystemConfiguration = true;
  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
--- a/m/common/monitoring.nix
+++ b/m/common/monitoring.nix
@ -0,0 +1,25 @@
 { config, lib, ... }:
 {
  # We need access to the devices to monitor the disk space
  systemd.services.prometheus-node-exporter.serviceConfig.PrivateDevices = lib.mkForce false;
  systemd.services.prometheus-node-exporter.serviceConfig.ProtectHome = lib.mkForce "read-only";
  # Required to allow the smartctl exporter to read the nvme0 character device,
  # see the commit message on:
  # https://github.com/NixOS/nixpkgs/commit/12c26aca1fd55ab99f831bedc865a626eee39f80
  services.udev.extraRules = ''
    SUBSYSTEM=="nvme", KERNEL=="nvme[0-9]*", GROUP="disk"
  '';
  services.prometheus = {
    exporters = {
      node = {
        enable = true;
        enabledCollectors = [ "systemd" ];
        port = 9002;
      };
      smartctl.enable = true;
    };
  };
 }
--- a/m/common/net.nix
+++ b/m/common/net.nix
@ -0,0 +1,94 @@
 { pkgs, ... }:
 {
  # Infiniband (IPoIB)
  environment.systemPackages = [ pkgs.rdma-core ];
  boot.kernelModules = [ "ib_umad" "ib_ipoib" ];
  networking = {
    enableIPv6 = false;
    useDHCP = false;
    defaultGateway = "10.0.40.30";
    nameservers = ["8.8.8.8"];
    proxy = {
      default = "http://localhost:23080/";
      noProxy = "127.0.0.1,localhost,internal.domain,10.0.40.40";
      # Don't set all_proxy as go complains and breaks the gitlab runner, see:
      # https://github.com/golang/go/issues/16715
      allProxy = null;
    };
    firewall = {
      enable = true;
      allowedTCPPorts = [ 22 ];
      extraCommands = ''
        # Prevent ssfhead from contacting our slurmd daemon
        iptables -A nixos-fw -p tcp -s ssfhead --dport 6817:6819 -j nixos-fw-log-refuse
        # But accept traffic to slurm ports from any other node in the subnet
        iptables -A nixos-fw -p tcp -s 10.0.40.0/24 --dport 6817:6819 -j nixos-fw-accept
        # We also need to open the srun port range
        iptables -A nixos-fw -p tcp -s 10.0.40.0/24 --dport 60000:61000 -j nixos-fw-accept
      '';
    };
    extraHosts = ''
      10.0.40.30      ssfhead
      84.88.53.236    ssfhead.bsc.es ssfhead
      # Node Entry for node: mds01 (ID=72)
      10.0.40.40              bay mds01 mds01-eth0
      10.0.42.40              bay-ib mds01-ib0
      10.0.40.141             bay-ipmi mds01-ipmi0
      # Node Entry for node: oss01 (ID=73)
      10.0.40.41              oss01 oss01-eth0
      10.0.42.41              oss01-ib0
      10.0.40.142             oss01-ipmi0
      # Node Entry for node: oss02 (ID=74)
      10.0.40.42              lake2 oss02 oss02-eth0
      10.0.42.42              lake2-ib oss02-ib0
      10.0.40.143             lake2-ipmi oss02-ipmi0
      # Node Entry for node: xeon01 (ID=15)
      10.0.40.1               owl1 xeon01 xeon01-eth0
      10.0.42.1               owl1-ib xeon01-ib0
      10.0.40.101             owl1-ipmi xeon01-ipmi0
      # Node Entry for node: xeon02 (ID=16)
      10.0.40.2               owl2 xeon02 xeon02-eth0
      10.0.42.2               owl2-ib xeon02-ib0
      10.0.40.102             owl2-ipmi xeon02-ipmi0
      # Node Entry for node: xeon03 (ID=17)
      10.0.40.3               xeon03 xeon03-eth0
      10.0.42.3               xeon03-ib0
      10.0.40.103             xeon03-ipmi0
      # Node Entry for node: xeon04 (ID=18)
      10.0.40.4               xeon04 xeon04-eth0
      10.0.42.4               xeon04-ib0
      10.0.40.104             xeon04-ipmi0
      # Node Entry for node: xeon05 (ID=19)
      10.0.40.5               koro xeon05 xeon05-eth0
      10.0.42.5               koro-ib xeon05-ib0
      10.0.40.105             koro-ipmi xeon05-ipmi0
      # Node Entry for node: xeon06 (ID=20)
      10.0.40.6               xeon06 xeon06-eth0
      10.0.42.6               xeon06-ib0
      10.0.40.106             xeon06-ipmi0
      # Node Entry for node: xeon07 (ID=21)
      10.0.40.7               hut xeon07 xeon07-eth0
      10.0.42.7               hut-ib xeon07-ib0
      10.0.40.107             hut-ipmi xeon07-ipmi0
      # Node Entry for node: xeon08 (ID=22)
      10.0.40.8               eudy xeon08 xeon08-eth0
      10.0.42.8               eudy-ib xeon08-ib0
      10.0.40.108             eudy-ipmi xeon08-ipmi0
    '';
  };
 }
--- a/m/common/ntp.nix
+++ b/m/common/ntp.nix
@ -0,0 +1,9 @@
 { pkgs, ... }:
 {
  services.ntp.enable = true;
  # Use the NTP server at BSC, as we don't have direct access
  # to the outside world
  networking.timeServers = [ "84.88.52.36" ];
 }
--- a/m/common/rev.nix
+++ b/m/common/rev.nix
@ -0,0 +1,18 @@
 { theFlake, ... }:
 let
  rev = if theFlake ? rev then theFlake.rev
    else throw ("Refusing to build from a dirty Git tree!");
 in {
  # Save the commit of the config in /etc/configrev
  environment.etc.configrev.text = rev + "\n";
  # Keep a log with the config over time
  system.activationScripts.configRevLog.text = ''
    BOOTED=$(cat /run/booted-system/etc/configrev 2>/dev/null || echo unknown)
    CURRENT=$(cat /run/current-system/etc/configrev 2>/dev/null || echo unknown)
    NEXT=${rev}
    DATENOW=$(date --iso-8601=seconds)
    echo "$DATENOW booted=$BOOTED current=$CURRENT next=$NEXT" >> /var/configrev.log
  '';
 }
--- a/m/common/slurm.nix
+++ b/m/common/slurm.nix
@ -0,0 +1,99 @@
 { config, pkgs, lib, ... }:
 let
  suspendProgram = pkgs.writeScript "suspend.sh" ''
    #!/usr/bin/env bash
    exec 1>>/var/log/power_save.log 2>>/var/log/power_save.log
    set -x
    export "PATH=/run/current-system/sw/bin:$PATH"
    echo "$(date) Suspend invoked $0 $*" >> /var/log/power_save.log
    hosts=$(scontrol show hostnames $1)
    for host in $hosts; do
      echo Shutting down host: $host
      ipmitool -I lanplus -H ''${host}-ipmi -P "" -U "" chassis power off
    done
  '';
  resumeProgram = pkgs.writeScript "resume.sh" ''
    #!/usr/bin/env bash
    exec 1>>/var/log/power_save.log 2>>/var/log/power_save.log
    set -x
    export "PATH=/run/current-system/sw/bin:$PATH"
    echo "$(date) Suspend invoked $0 $*" >> /var/log/power_save.log
    hosts=$(scontrol show hostnames $1)
    for host in $hosts; do
      echo Starting host: $host
      ipmitool -I lanplus -H ''${host}-ipmi -P "" -U "" chassis power on
    done
  '';
 in {
  systemd.services.slurmd.serviceConfig = {
    # Kill all processes in the control group on stop/restart. This will kill
    # all the jobs running, so ensure that we only upgrade when the nodes are
    # not in use. See:
    # https://github.com/NixOS/nixpkgs/commit/ae93ed0f0d4e7be0a286d1fca86446318c0c6ffb
    # https://bugs.schedmd.com/show_bug.cgi?id=2095#c24
    KillMode = lib.mkForce "control-group";
  };
  services.slurm = {
    client.enable = true;
    controlMachine = "hut";
    clusterName = "jungle";
    nodeName = [
      "owl[1,2]  Sockets=2 CoresPerSocket=14 ThreadsPerCore=2 Feature=owl"
      "hut       Sockets=2 CoresPerSocket=14 ThreadsPerCore=2"
    ];
    partitionName = [
      "owl Nodes=owl[1-2] Default=YES MaxTime=INFINITE State=UP"
      "all Nodes=owl[1-2],hut Default=NO MaxTime=INFINITE State=UP"
    ];
    # See slurm.conf(5) for more details about these options.
    extraConfig = ''
      # Use PMIx for MPI by default. It works okay with MPICH and OpenMPI, but
      # not with Intel MPI. For that use the compatibility shim libpmi.so
      # setting I_MPI_PMI_LIBRARY=$pmix/lib/libpmi.so while maintaining the PMIx
      # library in SLURM (--mpi=pmix). See more details here:
      # https://pm.bsc.es/gitlab/rarias/jungle/-/issues/16
      MpiDefault=pmix
      # When a node reboots return that node to the slurm queue as soon as it
      # becomes operative again.
      ReturnToService=2
      # Track all processes by using a cgroup
      ProctrackType=proctrack/cgroup
      # Enable task/affinity to allow the jobs to run in a specified subset of
      # the resources. Use the task/cgroup plugin to enable process containment.
      TaskPlugin=task/affinity,task/cgroup
      # Power off unused nodes until they are requested
      SuspendProgram=${suspendProgram}
      SuspendTimeout=60
      ResumeProgram=${resumeProgram}
      ResumeTimeout=300
      SuspendExcNodes=hut
      # Turn the nodes off after 1 hour of inactivity
      SuspendTime=3600
      # Reduce port range so we can allow only this range in the firewall
      SrunPortRange=60000-61000
    '';
  };
  age.secrets.mungeKey = {
    file = ../../secrets/munge-key.age;
    owner = "munge";
    group = "munge";
  };
  services.munge = {
    enable = true;
    password = config.age.secrets.mungeKey.path;
  };
 }
--- a/m/common/ssh.nix
+++ b/m/common/ssh.nix
@ -0,0 +1,22 @@
 { lib, ... }:
 let
  keys = import ../../keys.nix;
  hostsKeys = lib.mapAttrs (name: value: { publicKey = value; }) keys.hosts;
 in
 {
  # Enable the OpenSSH daemon.
  services.openssh.enable = true;
  # Connect to intranet git hosts via proxy
  programs.ssh.extraConfig = ''
    Host bscpm02.bsc.es bscpm03.bsc.es gitlab-internal.bsc.es alya.gitlab.bsc.es
      User git
      ProxyCommand nc -X connect -x localhost:23080 %h %p
  '';
  programs.ssh.knownHosts = hostsKeys // {
    "gitlab-internal.bsc.es".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF9arsAOSRB06hdy71oTvJHG2Mg8zfebADxpvc37lZo3";
    "bscpm03.bsc.es".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM2NuSUPsEhqz1j5b4Gqd+MWFnRqyqY57+xMvBUqHYUS";
  };
 }
--- a/m/common/users.nix
+++ b/m/common/users.nix
@ -0,0 +1,75 @@
 { pkgs, ... }:
 {
  users = {
    mutableUsers = false;
    users = {
      # Generate hashedPassword with `mkpasswd -m sha-512`
      root.openssh.authorizedKeys.keys = [
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKBOf4r4lzQfyO0bx5BaREePREw8Zw5+xYgZhXwOZoBO ram@hop"
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINa0tvnNgwkc5xOwd6xTtaIdFi5jv0j2FrE7jl5MTLoE ram@mio"
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF3zeB5KSimMBAjvzsp1GCkepVaquVZGPYwRIzyzaCba aleix@bsc"
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIII/1TNArcwA6D47mgW4TArwlxQRpwmIGiZDysah40Gb root@hut"
      ];
      rarias = {
        uid = 1880;
        isNormalUser = true;
        home = "/home/Computational/rarias";
        description = "Rodrigo Arias";
        group = "Computational";
        extraGroups = [ "wheel" ];
        hashedPassword = "$6$u06tkCy13enReBsb$xiI.twRvvTfH4jdS3s68NZ7U9PSbGKs5.LXU/UgoawSwNWhZo2hRAjNL5qG0/lAckzcho2LjD0r3NfVPvthY6/";
        openssh.authorizedKeys.keys = [
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKBOf4r4lzQfyO0bx5BaREePREw8Zw5+xYgZhXwOZoBO ram@hop"
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINa0tvnNgwkc5xOwd6xTtaIdFi5jv0j2FrE7jl5MTLoE ram@mio"
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGYcXIxe0poOEGLpk8NjiRozls7fMRX0N3j3Ar94U+Gl rarias@hal"
        ];
        shell = pkgs.zsh;
      };
      arocanon = {
        uid = 1042;
        isNormalUser = true;
        home = "/home/Computational/arocanon";
        description = "Aleix Roca";
        group = "Computational";
        extraGroups = [ "wheel" ];
        hashedPassword = "$6$hliZiW4tULC/tH7p$pqZarwJkNZ7vS0G5llWQKx08UFG9DxDYgad7jplMD8WkZh5k58i4dfPoWtnEShfjTO6JHiIin05ny5lmSXzGM/";
        openssh.authorizedKeys.keys = [
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF3zeB5KSimMBAjvzsp1GCkepVaquVZGPYwRIzyzaCba aleix@bsc"
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGdphWxLAEekicZ/WBrvP7phMyxKSSuLAZBovNX+hZXQ aleix@kerneland"
        ];
      };
      rpenacob = {
        uid = 2761;
        isNormalUser = true;
        home = "/home/Computational/rpenacob";
        description = "Raúl Peñacoba";
        group = "Computational";
        hashedPassword = "$6$TZm3bDIFyPrMhj1E$uEDXoYYd1z2Wd5mMPfh3DZAjP7ztVjJ4ezIcn82C0ImqafPA.AnTmcVftHEzLB3tbe2O4SxDyPSDEQgJ4GOtj/";
        openssh.authorizedKeys.keys = [
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFYfXg37mauGeurqsLpedgA2XQ9d4Nm0ZGo/hI1f7wwH rpenacob@bsc"
        ];
      };
      anavarro = {
        uid = 1037;
        isNormalUser = true;
        home = "/home/Computational/anavarro";
        description = "Antoni Navarro";
        group = "Computational";
        hashedPassword = "$6$QdNDsuLehoZTYZlb$CDhCouYDPrhoiB7/seu7RF.Gqg4zMQz0n5sA4U1KDgHaZOxy2as9pbIGeF8tOHJKRoZajk5GiaZv0rZMn7Oq31";
        openssh.authorizedKeys.keys = [
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILWjRSlKgzBPZQhIeEtk6Lvws2XNcYwHcwPv4osSgst5 anavarro@ssfhead"
        ];
      };
    };
    groups = {
      Computational = { gid = 564; };
    };
  };
 }
--- a/m/common/watchdog.nix
+++ b/m/common/watchdog.nix
@ -0,0 +1,9 @@
 { ... }:
 {
  # The boards have a BMC watchdog controlled by IPMI
  boot.kernelModules = [ "ipmi_watchdog" ];
  # Enable systemd watchdog with 30 s interval
  systemd.watchdog.runtimeTime = "30s";
 }
--- a/m/common/zsh.nix
+++ b/m/common/zsh.nix
@ -0,0 +1,92 @@
 { pkgs, ... }:
 {
  environment.systemPackages = with pkgs; [
    direnv
    zsh-completions
    nix-zsh-completions
  ];
  programs.zsh = {
    enable = true;
    histSize = 1000000;
    shellInit = ''
      # Disable new user prompt
      if [ ! -e ~/.zshrc ]; then
        touch ~/.zshrc
      fi
    '';
    promptInit = ''
      # Note that to manually override this in ~/.zshrc you should run `prompt off`
      # before setting your PS1 and etc. Otherwise this will likely to interact with
      # your ~/.zshrc configuration in unexpected ways as the default prompt sets
      # a lot of different prompt variables.
      autoload -U promptinit && promptinit && prompt default && setopt prompt_sp
    '';
    # Taken from Ulli Kehrle config:
    # https://git.hrnz.li/Ulli/nixos/src/commit/2e203b8d8d671f4e3ced0f1744a51d5c6ee19846/profiles/shell.nix#L199-L205
    interactiveShellInit = ''
      source "${pkgs.zsh-history-substring-search}/share/zsh-history-substring-search/zsh-history-substring-search.zsh"
      # Save history immediately, but only load it when the shell starts
      setopt inc_append_history
      # dircolors doesn't support alacritty:
      # https://lists.gnu.org/archive/html/bug-coreutils/2019-05/msg00029.html
      export LS_COLORS='rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=00:su=37;41:sg=30;43:ca=00:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arc=01;31:*.arj=01;31:*.taz=01;31:*.lha=01;31:*.lz4=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.tzo=01;31:*.t7z=01;31:*.zip=01;31:*.z=01;31:*.dz=01;31:*.gz=01;31:*.lrz=01;31:*.lz=01;31:*.lzo=01;31:*.xz=01;31:*.zst=01;31:*.tzst=01;31:*.bz2=01;31:*.bz=01;31:*.tbz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.alz=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.cab=01;31:*.wim=01;31:*.swm=01;31:*.dwm=01;31:*.esd=01;31:*.avif=01;35:*.jpg=01;35:*.jpeg=01;35:*.mjpg=01;35:*.mjpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.webm=01;35:*.webp=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=00;36:*.au=00;36:*.flac=00;36:*.m4a=00;36:*.mid=00;36:*.midi=00;36:*.mka=00;36:*.mp3=00;36:*.mpc=00;36:*.ogg=00;36:*.ra=00;36:*.wav=00;36:*.oga=00;36:*.opus=00;36:*.spx=00;36:*.xspf=00;36:*~=00;90:*#=00;90:*.bak=00;90:*.old=00;90:*.orig=00;90:*.part=00;90:*.rej=00;90:*.swp=00;90:*.tmp=00;90:*.dpkg-dist=00;90:*.dpkg-old=00;90:*.ucf-dist=00;90:*.ucf-new=00;90:*.ucf-old=00;90:*.rpmnew=00;90:*.rpmorig=00;90:*.rpmsave=00;90:';
      # From Arch Linux and GRML
      bindkey "^R" history-incremental-pattern-search-backward
      bindkey "^S" history-incremental-pattern-search-forward
      # Auto rehash for new binaries
      zstyle ':completion:*' rehash true
      # show a nice menu with the matches
      zstyle ':completion:*' menu yes select
      bindkey '^[OA' history-substring-search-up   # Up
      bindkey '^[[A' history-substring-search-up   # Up
      bindkey '^[OB' history-substring-search-down # Down
      bindkey '^[[B' history-substring-search-down # Down
      bindkey '\e[1~' beginning-of-line            # Home
      bindkey '\e[7~' beginning-of-line            # Home
      bindkey '\e[H'  beginning-of-line            # Home
      bindkey '\eOH'  beginning-of-line            # Home
      bindkey '\e[4~' end-of-line                  # End
      bindkey '\e[8~' end-of-line                  # End
      bindkey '\e[F ' end-of-line                  # End
      bindkey '\eOF'  end-of-line                  # End
      bindkey '^?'    backward-delete-char         # Backspace
      bindkey '\e[3~' delete-char                  # Del
      # bindkey '\e[3;5~' delete-char                # sometimes Del, sometimes C-Del
      bindkey '\e[2~' overwrite-mode               # Ins
      bindkey '^H'      backward-kill-word         # C-Backspace
      bindkey '5~'      kill-word                  # C-Del
      bindkey '^[[3;5~' kill-word                  # C-Del
      bindkey '^[[3^'   kill-word                  # C-Del
      bindkey "^[[1;5H" backward-kill-line         # C-Home
      bindkey "^[[7^"   backward-kill-line         # C-Home
      bindkey "^[[1;5F" kill-line                  # C-End
      bindkey "^[[8^"   kill-line                  # C-End
      bindkey '^[[1;5C' forward-word               # C-Right
      bindkey '^[0c'    forward-word               # C-Right
      bindkey '^[[5C'   forward-word               # C-Right
      bindkey '^[[1;5D' backward-word              # C-Left
      bindkey '^[0d'    backward-word              # C-Left
      bindkey '^[[5D'   backward-word              # C-Left
    '';
  };
 }
--- a/m/eudy/configuration.nix
+++ b/m/eudy/configuration.nix
@ -0,0 +1,37 @@
 { config, pkgs, lib, modulesPath, ... }:
 {
  imports = [
    ../common/main.nix
    #(modulesPath + "/installer/netboot/netboot-minimal.nix")
    ./kernel/kernel.nix
    ./cpufreq.nix
    ./fs.nix
    ./users.nix
    ./slurm.nix
  ];
  # Select this using the ID to avoid mismatches
  boot.loader.grub.device = "/dev/disk/by-id/wwn-0x55cd2e414d53564b";
  # disable automatic garbage collector
  nix.gc.automatic = lib.mkForce false;
  # members of the tracing group can use the lttng-provided kernel events
  # without root permissions
  users.groups.tracing.members = [ "arocanon" ];
  # set up both ethernet and infiniband ips
  networking = {
    hostName = "eudy";
    interfaces.eno1.ipv4.addresses = [ {
      address = "10.0.40.8";
      prefixLength = 24;
    } ];
    interfaces.ibp5s0.ipv4.addresses = [ {
      address = "10.0.42.8";
      prefixLength = 24;
    } ];
  };
 }
--- a/m/eudy/cpufreq.nix
+++ b/m/eudy/cpufreq.nix
@ -0,0 +1,40 @@
 { lib, ... }:
 {
  # Disable frequency boost by default. Use the intel_pstate driver instead of
  # acpi_cpufreq driver because the acpi_cpufreq driver does not read the
  # complete range of P-States [1]. Use the intel_pstate passive mode [2] to
  # disable HWP, which allows a core to "select P-states by itself". Also, this
  # disables intel governors, which confusingly, have the same names as the
  # generic ones but behave differently [3].
  # Essentially, we use the generic governors, but use the intel driver to read
  # the P-state list.
  # [1] - https://www.kernel.org/doc/html/latest/admin-guide/pm/intel_pstate.html#intel-pstate-vs-acpi-cpufreq
  # [2] - https://www.kernel.org/doc/html/latest/admin-guide/pm/intel_pstate.html#passive-mode
  # [3] - https://www.kernel.org/doc/html/latest/admin-guide/pm/intel_pstate.html#active-mode
  # https://www.kernel.org/doc/html/latest/admin-guide/pm/cpufreq.html
  # set intel_pstate to passive mode
  boot.kernelParams = [
    "intel_pstate=passive"
  ];
  # Disable frequency boost
  system.activationScripts = {
    disableFrequencyBoost.text = ''
      echo 1 > /sys/devices/system/cpu/intel_pstate/no_turbo
    '';
  };
  ## disable intel_pstate
  #boot.kernelParams = [
  #  "intel_pstate=disable"
  #];
  ## Disable frequency boost
  #system.activationScripts = {
  #  disableFrequencyBoost.text = ''
  #    echo 0 > /sys/devices/system/cpu/cpufreq/boost
  #  '';
  #};
 }
--- a/m/eudy/fs.nix
+++ b/m/eudy/fs.nix
@ -0,0 +1,13 @@
 { ... }:
 {
  fileSystems."/nix" = {
    device = "/dev/disk/by-label/optane";
    fsType = "ext4";
    neededForBoot = true;
  };
  fileSystems."/mnt/data" = {
    device = "/dev/disk/by-label/data";
    fsType = "ext4";
  };
 }
--- a/m/eudy/kernel/configs/defconfig
+++ b/m/eudy/kernel/configs/defconfig
--- a/m/eudy/kernel/configs/lockdep
+++ b/m/eudy/kernel/configs/lockdep
--- a/m/eudy/kernel/kernel.nix
+++ b/m/eudy/kernel/kernel.nix
@ -0,0 +1,92 @@
 { pkgs, lib, ... }:
 let
  #fcs-devel = pkgs.linuxPackages_custom {
  #   version = "6.2.8";
  #   src = /mnt/data/kernel/fcs/kernel/src;
  #   configfile = /mnt/data/kernel/fcs/kernel/configs/defconfig;
  #};
  #fcsv1 = fcs-kernel "bc11660676d3d68ce2459b9fb5d5e654e3f413be" false;
  #fcsv2 = fcs-kernel "db0f2eca0cd57a58bf456d7d2c7d5d8fdb25dfb1" false;
  #fcsv1-lockdep = fcs-kernel "bc11660676d3d68ce2459b9fb5d5e654e3f413be" true;
  #fcsv2-lockdep = fcs-kernel "db0f2eca0cd57a58bf456d7d2c7d5d8fdb25dfb1" true;
  #fcs-kernel = gitCommit: lockdep: pkgs.linuxPackages_custom {
  #   version = "6.2.8";
  #   src = builtins.fetchGit {
  #     url = "git@bscpm03.bsc.es:ompss-kernel/linux.git";
  #     rev = gitCommit;
  #     ref = "fcs";
  #   };
  #   configfile = if lockdep then ./configs/lockdep else ./configs/defconfig;
  #};
  kernel = nixos-fcsv3;
  nixos-fcs-kernel = {gitCommit, lockStat ? false, preempt ? false, branch ? "fcs"}: pkgs.linuxPackagesFor (pkgs.buildLinux rec {
    version = "6.2.8";
    src = builtins.fetchGit {
      url = "git@bscpm03.bsc.es:ompss-kernel/linux.git";
      rev = gitCommit;
      ref = branch;
    };
    structuredExtraConfig = with lib.kernel; {
      # add general custom kernel options here
    } // lib.optionalAttrs lockStat {
      LOCK_STAT = yes;
    } // lib.optionalAttrs preempt {
      PREEMPT = lib.mkForce yes;
      PREEMPT_VOLUNTARY = lib.mkForce no;
    };
    kernelPatches = [];
    extraMeta.branch = lib.versions.majorMinor version;
  });
  nixos-fcsv1 = nixos-fcs-kernel {gitCommit = "bc11660676d3d68ce2459b9fb5d5e654e3f413be";};
  nixos-fcsv2 = nixos-fcs-kernel {gitCommit = "db0f2eca0cd57a58bf456d7d2c7d5d8fdb25dfb1";};
  nixos-fcsv3 = nixos-fcs-kernel {gitCommit = "6c17394890704c3345ac1a521bb547164b36b154";};
  # always use fcs_sched_setaffinity
  #nixos-debug = nixos-fcs-kernel {gitCommit = "7d0bf285fca92badc8df3c9907a9ab30db4418aa";};
  # remove need_check_cgroup
  #nixos-debug = nixos-fcs-kernel {gitCommit = "4cc4efaab5e4a0bfa3089e935215b981c1922919";};
  # merge again fcs_wake and fcs_wait
  #nixos-debug = nixos-fcs-kernel {gitCommit = "40c6f72f4ae54b0b636b193ac0648fb5730c810d";};
  # start from scratch, this is the working version with split fcs_wake and fcs_wait
  nixos-debug = nixos-fcs-kernel {gitCommit = "c9a39d6a4ca83845b4e71fcc268fb0a76aff1bdf"; branch = "fcs-test"; };
  nixos-fcsv1-lockstat = nixos-fcs-kernel {
    gitCommit = "bc11660676d3d68ce2459b9fb5d5e654e3f413be";
    lockStat = true;
  };
  nixos-fcsv2-lockstat = nixos-fcs-kernel {
    gitCommit = "db0f2eca0cd57a58bf456d7d2c7d5d8fdb25dfb1";
    lockStat = true;
  };
  nixos-fcsv3-lockstat = nixos-fcs-kernel {
    gitCommit = "6c17394890704c3345ac1a521bb547164b36b154";
    lockStat = true;
  };
  nixos-fcsv3-lockstat-preempt = nixos-fcs-kernel {
    gitCommit = "6c17394890704c3345ac1a521bb547164b36b154";
    lockStat = true;
    preempt = true;
  };
  latest = pkgs.linuxPackages_latest;
 in {
  imports = [
    ./lttng.nix
    ./perf.nix
  ];
  boot.kernelPackages = lib.mkForce kernel;
  # disable all cpu mitigations
  boot.kernelParams = [
    "mitigations=off"
  ];
  # enable memory overcommit, needed to build a taglibc system using nix after
  # increasing the openblas memory footprint
  boot.kernel.sysctl."vm.overcommit_memory" = 1;
 }
--- a/m/eudy/kernel/lttng.nix
+++ b/m/eudy/kernel/lttng.nix
@ -0,0 +1,43 @@
 { config, pkgs, lib, ... }:
 let
  # The lttng btrfs probe crashes at compile time because of an undefined
  # function. This disables the btrfs tracepoints to avoid the issue.
  # Also enable lockdep tracepoints, this is disabled by default because it
  # does not work well on architectures other than x86_64 (i think that arm) as
  # I was told on the mailing list.
  lttng-modules-fixed = config.boot.kernelPackages.lttng-modules.overrideAttrs (finalAttrs: previousAttrs: {
    patchPhase = (lib.optionalString (previousAttrs ? patchPhase) previousAttrs.patchPhase) + ''
      # disable btrfs
      substituteInPlace src/probes/Kbuild \
        --replace "  obj-\$(CONFIG_LTTNG) += lttng-probe-btrfs.o" "  #obj-\$(CONFIG_LTTNG) += lttng-probe-btrfs.o"
      # enable lockdep tracepoints
      substituteInPlace src/probes/Kbuild \
        --replace "#ifneq (\$(CONFIG_LOCKDEP),)"                  "ifneq (\$(CONFIG_LOCKDEP),)" \
        --replace "#  obj-\$(CONFIG_LTTNG) += lttng-probe-lock.o" "  obj-\$(CONFIG_LTTNG) += lttng-probe-lock.o" \
        --replace "#endif # CONFIG_LOCKDEP"                       "endif # CONFIG_LOCKDEP"
    '';
  });
 in {
  # add the lttng tools and modules to the system environment
  boot.extraModulePackages = [ lttng-modules-fixed ];
  environment.systemPackages = with pkgs; [
    lttng-tools lttng-ust babeltrace
  ];
  # start the lttng root daemon to manage kernel events
  systemd.services.lttng-sessiond = {
    wantedBy = [ "multi-user.target" ];
    description = "LTTng session daemon for the root user";
    serviceConfig = {
      User = "root";
      ExecStart = ''
        ${pkgs.lttng-tools}/bin/lttng-sessiond
      '';
    };
  };
 }
--- a/m/eudy/kernel/perf.nix
+++ b/m/eudy/kernel/perf.nix
@ -0,0 +1,22 @@
 { config, pkgs, lib, ... }:
 {
  # add the perf tool
  environment.systemPackages = with pkgs; [
    config.boot.kernelPackages.perf
  ];
  # allow non-root users to read tracing data from the kernel
  boot.kernel.sysctl."kernel.perf_event_paranoid" = -2;
  boot.kernel.sysctl."kernel.kptr_restrict" = 0;
  # specify additionl options to the tracefs directory to allow members of the
  # tracing group to access tracefs.
  fileSystems."/sys/kernel/tracing" = {
    options = [
      "mode=755"
      "gid=tracing"
    ];
  };
 }
--- a/m/eudy/slurm.nix
+++ b/m/eudy/slurm.nix
@ -0,0 +1,7 @@
 { lib, ... }:
 {
  services.slurm = {
    client.enable = lib.mkForce false;
  };
 }
--- a/m/eudy/users.nix
+++ b/m/eudy/users.nix
@ -0,0 +1,11 @@
 { ... }:
 {
  security.sudo.extraRules= [{
    users = [ "arocanon" ];
    commands = [{
      command = "ALL" ;
      options= [ "NOPASSWD" ]; # "SETENV" # Adding the following could be a good idea
    }];
  }];
 }
--- a/m/hut/configuration.nix
+++ b/m/hut/configuration.nix
@ -0,0 +1,32 @@
 { config, pkgs, ... }:
 {
  imports = [
    ../common/main.nix
    ../module/ceph.nix
    ./gitlab-runner.nix
    ./monitoring.nix
    ./nfs.nix
    ./slurm-daemon.nix
    ./nix-serve.nix
    #./pxe.nix
  ];
  boot.binfmt.emulatedSystems = [ "aarch64-linux" "powerpc64le-linux" "riscv64-linux" ];
  # Select the this using the ID to avoid mismatches
  boot.loader.grub.device = "/dev/disk/by-id/ata-INTEL_SSDSC2BB240G7_PHDV6462004Y240AGN";
  networking = {
    hostName = "hut";
    interfaces.eno1.ipv4.addresses = [ {
      address = "10.0.40.7";
      prefixLength = 24;
    } ];
    interfaces.ibp5s0.ipv4.addresses = [ {
      address = "10.0.42.7";
      prefixLength = 24;
    } ];
  };
 }
--- a/xeon07/gitlab-runner.nix
+++ b/xeon07/gitlab-runner.nix
@ -1,35 +1,46 @@
 { pkgs, lib, config, ... }:
 {
-  age.secrets."secrets/ovni-token".file = ./secrets/ovni-token.age;
+  age.secrets.ovniToken.file = ../../secrets/ovni-token.age;
-  age.secrets."secrets/nosv-token".file = ./secrets/nosv-token.age;
+  age.secrets.nosvToken.file = ../../secrets/nosv-token.age;
  services.gitlab-runner = {
    enable = true;
    settings.concurrent = 5;
    services = {
      ovni-shell = {
-        registrationConfigFile = config.age.secrets."secrets/ovni-token".path;
+        registrationConfigFile = config.age.secrets.ovniToken.path;
        executor = "shell";
        tagList = [ "nix" "xeon" ];
        registrationFlags = [
          # Using space doesn't work, and causes it to misread the next flag
          "--locked='false'"
        ];
        environmentVariables = {
          SHELL = "${pkgs.bash}/bin/bash";
        };
      };
      ovni-docker = {
-        registrationConfigFile = config.age.secrets."secrets/ovni-token".path;
+        registrationConfigFile = config.age.secrets.ovniToken.path;
        dockerImage = "debian:stable";
        tagList = [ "docker" "xeon" ];
-        registrationFlags = [ "--docker-network-mode host" ];
+        registrationFlags = [
          "--locked='false'"
          "--docker-network-mode host"
        ];
        environmentVariables = {
          https_proxy = "http://localhost:23080";
          http_proxy = "http://localhost:23080";
        };
      };
      nosv-docker = {
-        registrationConfigFile = config.age.secrets."secrets/nosv-token".path;
+        registrationConfigFile = config.age.secrets.nosvToken.path;
        dockerImage = "debian:stable";
        tagList = [ "docker" "xeon" ];
-        registrationFlags = [ "--docker-network-mode host" ];
+        registrationFlags = [
          "--docker-network-mode host"
          "--docker-cpus 56"
        ];
        environmentVariables = {
          https_proxy = "http://localhost:23080";
          http_proxy = "http://localhost:23080";
--- a/m/hut/ipmi.yml
+++ b/m/hut/ipmi.yml
@ -0,0 +1,13 @@
 modules:
        default:
                collectors:
                - bmc
                - ipmi
                - chassis
        lan:
                collectors:
                - ipmi
                - chassis
                user: ""
                pass: ""
--- a/m/hut/monitoring.nix
+++ b/m/hut/monitoring.nix
@ -0,0 +1,143 @@
 { config, lib, ... }:
 {
  services.grafana = {
    enable = true;
    settings = {
      server = {
        domain = "jungle.bsc.es";
        root_url = "%(protocol)s://%(domain)s/grafana";
        serve_from_sub_path = true;
        http_port = 2342;
        http_addr = "127.0.0.1";
      };
      feature_toggles.publicDashboards = true;
    };
  };
  services.prometheus = {
    enable = true;
    port = 9001;
    retentionTime = "1y";
    listenAddress = "127.0.0.1";
  };
  systemd.services.prometheus-ipmi-exporter.serviceConfig.DynamicUser = lib.mkForce false;
  systemd.services.prometheus-ipmi-exporter.serviceConfig.PrivateDevices = lib.mkForce false;
  # We need access to the devices to monitor the disk space
  systemd.services.prometheus-node-exporter.serviceConfig.PrivateDevices = lib.mkForce false;
  systemd.services.prometheus-node-exporter.serviceConfig.ProtectHome = lib.mkForce "read-only";
  virtualisation.docker.daemon.settings = {
    metrics-addr = "127.0.0.1:9323";
  };
  # Required to allow the smartctl exporter to read the nvme0 character device,
  # see the commit message on:
  # https://github.com/NixOS/nixpkgs/commit/12c26aca1fd55ab99f831bedc865a626eee39f80
  services.udev.extraRules = ''
    SUBSYSTEM=="nvme", KERNEL=="nvme[0-9]*", GROUP="disk"
  '';
  services.prometheus = {
    exporters = {
      ipmi = {
        enable = true;
        group = "root";
        user = "root";
        configFile = ./ipmi.yml;
        #extraFlags = [ "--log.level=debug" ];
        listenAddress = "127.0.0.1";
      };
      node = {
        enable = true;
        enabledCollectors = [ "systemd" ];
        port = 9002;
        listenAddress = "127.0.0.1";
      };
      smartctl = {
        enable = true;
        listenAddress = "127.0.0.1";
      };
    };
    scrapeConfigs = [
      {
        job_name = "xeon07";
        static_configs = [{
          targets = [
            "127.0.0.1:${toString config.services.prometheus.exporters.node.port}"
            "127.0.0.1:${toString config.services.prometheus.exporters.ipmi.port}"
            "127.0.0.1:9323"
            "127.0.0.1:9252"
            "127.0.0.1:${toString config.services.prometheus.exporters.smartctl.port}"
          ];
        }];
      }
      {
        job_name = "ceph";
        static_configs = [{
          targets = [
            "10.0.40.40:9283" # Ceph statistics
            "10.0.40.40:9002" # Node exporter
            "10.0.40.42:9002" # Node exporter
          ];
        }];
      }
      {
        # Scrape the IPMI info of the hosts remotely via LAN
        job_name = "ipmi-lan";
        scrape_interval = "1m";
        scrape_timeout = "30s";
        metrics_path = "/ipmi";
        scheme = "http";
        relabel_configs = [
          {
            # Takes the address and sets it in the "target=<xyz>" URL parameter
            source_labels = [ "__address__" ];
            separator = ";";
            regex = "(.*)(:80)?";
            target_label = "__param_target";
            replacement = "\${1}";
            action = "replace";
          }
          {
            # Sets the "instance" label with the remote host we are querying
            source_labels = [ "__param_target" ];
            separator = ";";
            regex = "(.*)";
            target_label = "instance";
            replacement = "\${1}";
            action = "replace";
          }
          {
            # Sets the fixed "module=lan" URL param
            separator = ";";
            regex = "(.*)";
            target_label = "__param_module";
            replacement = "lan";
            action = "replace";
          }
          {
            # Sets the target to query as the localhost IPMI exporter
            separator = ";";
            regex = ".*";
            target_label = "__address__";
            replacement = "127.0.0.1:9290";
            action = "replace";
          }
        ];
        # Load the list of targets from another file
        file_sd_configs = [
          {
            files = [ "${./targets.yml}" ];
            refresh_interval = "30s";
          }
        ];
      }
    ];
  };
 }
--- a/xeon07/nfs.nix
+++ b/xeon07/nfs.nix
--- a/m/hut/nix-serve.nix
+++ b/m/hut/nix-serve.nix
@ -0,0 +1,16 @@
 { config, ... }:
 {
  age.secrets.nixServe.file = ../../secrets/nix-serve.age;
  services.nix-serve = {
    enable = true;
    # Only listen locally, as we serve it via ssh
    bindAddress = "127.0.0.1";
    port = 5000;
    secretKeyFile = config.age.secrets.nixServe.path;
    # Public key:
    # jungle.bsc.es:pEc7MlAT0HEwLQYPtpkPLwRsGf80ZI26aj29zMw/HH0=
  };
 }
--- a/m/hut/pxe.nix
+++ b/m/hut/pxe.nix
@ -0,0 +1,35 @@
 { theFlake, pkgs, ... }:
 # This module describes a script that can launch the pixiecore daemon to serve a
 # NixOS image via PXE to a node to directly boot from there, without requiring a
 # working disk.
 let
  # The host config must have the netboot-minimal.nix module too
  host = theFlake.nixosConfigurations.lake2;
  sys = host.config.system;
  build = sys.build;
  kernel = "${build.kernel}/bzImage";
  initrd = "${build.netbootRamdisk}/initrd";
  init = "${build.toplevel}/init";
  script = pkgs.writeShellScriptBin "pixiecore-helper" ''
    #!/usr/bin/env bash -x
    ${pkgs.pixiecore}/bin/pixiecore \
      boot ${kernel} ${initrd} --cmdline "init=${init} loglevel=4" \
      --debug --dhcp-no-bind --port 64172 --status-port 64172 "$@"
  '';
 in
 {
  ## We need a DHCP server to provide the IP
  #services.dnsmasq = {
  #  enable = true;
  #  settings = {
  #    domain-needed = true;
  #    dhcp-range = [ "192.168.0.2,192.168.0.254" ];
  #  };
  #};
  environment.systemPackages = [ script ];
 }
--- a/m/hut/slurm-daemon.nix
+++ b/m/hut/slurm-daemon.nix
@ -0,0 +1,7 @@
 { ... }:
 {
  services.slurm = {
    server.enable = true;
  };
 }
--- a/m/hut/targets.yml
+++ b/m/hut/targets.yml
@ -0,0 +1,15 @@
 - targets:
  - 10.0.40.101
  - 10.0.40.102
  - 10.0.40.103
  - 10.0.40.104
  - 10.0.40.105
  - 10.0.40.106
  - 10.0.40.107
  - 10.0.40.108
  # Storage
  - 10.0.40.141
  - 10.0.40.142
  - 10.0.40.143
  labels:
    job: ipmi-lan
--- a/m/koro/configuration.nix
+++ b/m/koro/configuration.nix
@ -0,0 +1,37 @@
 { config, pkgs, lib, modulesPath, ... }:
 {
  imports = [
    ../common/main.nix
    #(modulesPath + "/installer/netboot/netboot-minimal.nix")
    ../eudy/cpufreq.nix
    ../eudy/users.nix
    ../eudy/slurm.nix
    ./users.nix
    ./kernel.nix
  ];
  # Select this using the ID to avoid mismatches
  boot.loader.grub.device = "/dev/disk/by-id/wwn-0x55cd2e414d5376d2";
  # disable automatic garbage collector
  nix.gc.automatic = lib.mkForce false;
  # members of the tracing group can use the lttng-provided kernel events
  # without root permissions
  users.groups.tracing.members = [ "arocanon" "vlopez" ];
  # set up both ethernet and infiniband ips
  networking = {
    hostName = "koro";
    interfaces.eno1.ipv4.addresses = [ {
      address = "10.0.40.5";
      prefixLength = 24;
    } ];
    interfaces.ibp5s0.ipv4.addresses = [ {
      address = "10.0.42.5";
      prefixLength = 24;
    } ];
  };
 }
--- a/m/koro/kernel.nix
+++ b/m/koro/kernel.nix
@ -0,0 +1,64 @@
 { pkgs, lib, ... }:
 let
  kernel = nixos-fcsv4;
  nixos-fcs-kernel = {gitCommit, lockStat ? false, preempt ? false, branch ? "fcs"}: pkgs.linuxPackagesFor (pkgs.buildLinux rec {
    version = "6.2.8";
    src = builtins.fetchGit {
      url = "git@bscpm03.bsc.es:ompss-kernel/linux.git";
      rev = gitCommit;
      ref = branch;
    };
    structuredExtraConfig = with lib.kernel; {
      # add general custom kernel options here
    } // lib.optionalAttrs lockStat {
      LOCK_STAT = yes;
    } // lib.optionalAttrs preempt {
      PREEMPT = lib.mkForce yes;
      PREEMPT_VOLUNTARY = lib.mkForce no;
    };
    kernelPatches = [];
    extraMeta.branch = lib.versions.majorMinor version;
  });
  nixos-fcsv1 = nixos-fcs-kernel {gitCommit = "bc11660676d3d68ce2459b9fb5d5e654e3f413be";};
  nixos-fcsv2 = nixos-fcs-kernel {gitCommit = "db0f2eca0cd57a58bf456d7d2c7d5d8fdb25dfb1";};
  nixos-fcsv3 = nixos-fcs-kernel {gitCommit = "6c17394890704c3345ac1a521bb547164b36b154";};
  nixos-fcsv4 = nixos-fcs-kernel {gitCommit = "c94c3d946f33ac3e5782a02ee002cc1164c0cb4f";};
  nixos-fcsv1-lockstat = nixos-fcs-kernel {
    gitCommit = "bc11660676d3d68ce2459b9fb5d5e654e3f413be";
    lockStat = true;
  };
  nixos-fcsv2-lockstat = nixos-fcs-kernel {
    gitCommit = "db0f2eca0cd57a58bf456d7d2c7d5d8fdb25dfb1";
    lockStat = true;
  };
  nixos-fcsv3-lockstat = nixos-fcs-kernel {
    gitCommit = "6c17394890704c3345ac1a521bb547164b36b154";
    lockStat = true;
  };
  nixos-fcsv3-lockstat-preempt = nixos-fcs-kernel {
    gitCommit = "6c17394890704c3345ac1a521bb547164b36b154";
    lockStat = true;
    preempt = true;
  };
  latest = pkgs.linuxPackages_latest;
 in {
  imports = [
    ../eudy/kernel/lttng.nix
    ../eudy/kernel/perf.nix
  ];
  boot.kernelPackages = lib.mkForce kernel;
  # disable all cpu mitigations
  boot.kernelParams = [
    "mitigations=off"
  ];
  # enable memory overcommit, needed to build a taglibc system using nix after
  # increasing the openblas memory footprint
  boot.kernel.sysctl."vm.overcommit_memory" = lib.mkForce 1;
 }
--- a/m/koro/users.nix
+++ b/m/koro/users.nix
@ -0,0 +1,17 @@
 { ... }:
 {
  users.users = {
    vlopez = {
      uid = 4334;
      isNormalUser = true;
      home = "/home/Computational/vlopez";
      description = "Victor López";
      group = "Computational";
      hashedPassword = "$6$0ZBkgIYE/renVqtt$1uWlJsb0FEezRVNoETTzZMx4X2SvWiOsKvi0ppWCRqI66S6TqMBXBdP4fcQyvRRBt0e4Z7opZIvvITBsEtO0f0";
      openssh.authorizedKeys.keys = [
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGMwlUZRf9jfG666Qa5Sb+KtEhXqkiMlBV2su3x/dXHq victor@arch"
      ];
    };
  };
 }
--- a/m/lake2/configuration.nix
+++ b/m/lake2/configuration.nix
@ -0,0 +1,73 @@
 { config, pkgs, lib, modulesPath, ... }:
 {
  imports = [
    ../common/main.nix
    ../common/monitoring.nix
  ];
  boot.loader.grub.device = "/dev/disk/by-id/wwn-0x55cd2e414d53563a";
  environment.systemPackages = with pkgs; [
    ceph
  ];
  services.slurm = {
    client.enable = lib.mkForce false;
  };
  services.ceph = {
    enable = true;
    global = {
      fsid = "9c8d06e0-485f-4aaf-b16b-06d6daf1232b";
      monHost = "10.0.40.40";
      monInitialMembers = "bay";
      clusterNetwork = "10.0.40.40/24"; # Use Ethernet only
    };
    osd = {
      enable = true;
      # One daemon per NVME disk
      daemons = [ "4" "5" "6" "7" ];
      extraConfig = {
        "osd crush chooseleaf type" = "0";
        "osd journal size" = "10000";
        "osd pool default min size" = "2";
        "osd pool default pg num" = "200";
        "osd pool default pgp num" = "200";
        "osd pool default size" = "3";
      };
    };
  };
  networking = {
    hostName = "lake2";
    interfaces.eno1.ipv4.addresses = [ {
      address = "10.0.40.42";
      prefixLength = 24;
    } ];
    interfaces.ibp5s0.ipv4.addresses = [ {
      address = "10.0.42.42";
      prefixLength = 24;
    } ];
  };
  # Missing service for volumes, see:
  # https://www.reddit.com/r/ceph/comments/14otjyo/comment/jrd69vt/
  systemd.services.ceph-volume = {
    enable = true;
    description = "Ceph Volume activation";
    unitConfig = {
      Type = "oneshot";
      After = "local-fs.target";
      Wants = "local-fs.target";
    };
    path = [ pkgs.ceph pkgs.util-linux pkgs.lvm2 pkgs.cryptsetup ];
    serviceConfig = {
      KillMode = "none";
      Environment = "CEPH_VOLUME_TIMEOUT=10000";
      ExecStart = "/bin/sh -c 'timeout $CEPH_VOLUME_TIMEOUT ${pkgs.ceph}/bin/ceph-volume lvm activate --all --no-systemd'";
      TimeoutSec = "0";
    };
    wantedBy = [ "multi-user.target" ];
  };
 }
--- a/m/module/ceph.nix
+++ b/m/module/ceph.nix
@ -0,0 +1,25 @@
 { config, pkgs, ... }:
 # Mounts the /ceph filesystem at boot
 {
  environment.systemPackages = with pkgs; [
    ceph
    ceph-client
    fio # For benchmarks
  ];
  # We need the ceph module loaded as the mount.ceph binary fails to run the
  # modprobe command.
  boot.kernelModules = [ "ceph" ];
  age.secrets.cephUser.file = ../../secrets/ceph-user.age;
  fileSystems."/ceph" = {
    fsType = "ceph";
    device = "user@9c8d06e0-485f-4aaf-b16b-06d6daf1232b.cephfs=/";
    options = [
      "mon_addr=10.0.40.40"
      "secretfile=${config.age.secrets.cephUser.path}"
    ];
  };
 }
--- a/m/module/slurm-firewall.nix
+++ b/m/module/slurm-firewall.nix
@ -0,0 +1,8 @@
 { ... }:
 {
  networking.firewall = {
    # Required for PMIx in SLURM, we should find a better way
    allowedTCPPortRanges = [ { from=1024; to=65535; } ];
  };
 }
--- a/m/owl1/configuration.nix
+++ b/m/owl1/configuration.nix
@ -0,0 +1,24 @@
 { config, pkgs, ... }:
 {
  imports = [
    ../common/main.nix
    ../module/ceph.nix
    ../module/slurm-firewall.nix
  ];
  # Select the this using the ID to avoid mismatches
  boot.loader.grub.device = "/dev/disk/by-id/wwn-0x55cd2e414d53566c";
  networking = {
    hostName = "owl1";
    interfaces.eno1.ipv4.addresses = [ {
      address = "10.0.40.1";
      prefixLength = 24;
    } ];
    interfaces.ibp5s0.ipv4.addresses = [ {
      address = "10.0.42.1";
      prefixLength = 24;
    } ];
  };
 }
--- a/m/owl2/configuration.nix
+++ b/m/owl2/configuration.nix
@ -0,0 +1,25 @@
 { config, pkgs, ... }:
 {
  imports = [
    ../common/main.nix
    ../module/ceph.nix
    ../module/slurm-firewall.nix
  ];
  # Select the this using the ID to avoid mismatches
  boot.loader.grub.device = "/dev/disk/by-id/wwn-0x55cd2e414d535629";
  networking = {
    hostName = "owl2";
    interfaces.eno1.ipv4.addresses = [ {
      address = "10.0.40.2";
      prefixLength = 24;
    } ];
    # Watch out! The OmniPath device is not in the same place here:
    interfaces.ibp129s0.ipv4.addresses = [ {
      address = "10.0.42.2";
      prefixLength = 24;
    } ];
  };
 }
--- a/nixos-config.nix
+++ b/nixos-config.nix
@ -0,0 +1 @@
 (builtins.getFlake (toString ./.)).nixosConfigurations
--- a/overlays-compat/overlays.nix
+++ b/overlays-compat/overlays.nix
@ -1,8 +0,0 @@
 self: super:
 with super.lib;
 let
  # Load the system config and get the `nixpkgs.overlays` option
  overlays = (import <nixpkgs/nixos> { }).config.nixpkgs.overlays;
 in
  # Apply all overlays to the input of the current "main" overlay
  foldl' (flip extends) (_: super) overlays self
--- a/pkgs/ceph.nix
+++ b/pkgs/ceph.nix
@ -0,0 +1,405 @@
 { lib
 , stdenv
 , runCommand
 , fetchurl
 , fetchFromGitHub
 , fetchPypi
 # Build time
 , cmake
 , ensureNewerSourcesHook
 , fmt
 , git
 , makeWrapper
 , nasm
 , pkg-config
 , which
 # Tests
 , nixosTests
 # Runtime dependencies
 , arrow-cpp
 , babeltrace
 , boost179
 , bzip2
 , cryptsetup
 , cunit
 , doxygen
 , gperf
 , graphviz
 , gtest
 , icu
 , libcap
 , libcap_ng
 , libnl
 , libxml2
 , lttng-ust
 , lua
 , lz4
 , oath-toolkit
 , openldap
 , python310
 , rdkafka
 , rocksdb
 , snappy
 , sqlite
 , utf8proc
 , zlib
 , zstd
 # Optional Dependencies
 , curl ? null
 , expat ? null
 , fuse ? null
 , libatomic_ops ? null
 , libedit ? null
 , libs3 ? null
 , yasm ? null
 # Mallocs
 , gperftools ? null
 , jemalloc ? null
 # Crypto Dependencies
 , cryptopp ? null
 , nspr ? null
 , nss ? null
 # Linux Only Dependencies
 , linuxHeaders
 , util-linux
 , libuuid
 , udev
 , keyutils
 , rdma-core
 , rabbitmq-c
 , libaio ? null
 , libxfs ? null
 , liburing ? null
 , zfs ? null
 , ...
 }:
 # We must have one crypto library
 assert cryptopp != null || (nss != null && nspr != null);
 let
  shouldUsePkg = pkg: if pkg != null && pkg.meta.available then pkg else null;
  optYasm = shouldUsePkg yasm;
  optExpat = shouldUsePkg expat;
  optCurl = shouldUsePkg curl;
  optFuse = shouldUsePkg fuse;
  optLibedit = shouldUsePkg libedit;
  optLibatomic_ops = shouldUsePkg libatomic_ops;
  optLibs3 = shouldUsePkg libs3;
  optJemalloc = shouldUsePkg jemalloc;
  optGperftools = shouldUsePkg gperftools;
  optCryptopp = shouldUsePkg cryptopp;
  optNss = shouldUsePkg nss;
  optNspr = shouldUsePkg nspr;
  optLibaio = shouldUsePkg libaio;
  optLibxfs = shouldUsePkg libxfs;
  optZfs = shouldUsePkg zfs;
  # Downgrade rocksdb, 7.10 breaks ceph
  rocksdb' = rocksdb.overrideAttrs {
    version = "7.9.2";
    src = fetchFromGitHub {
      owner = "facebook";
      repo = "rocksdb";
      rev = "refs/tags/v7.9.2";
      hash = "sha256-5P7IqJ14EZzDkbjaBvbix04ceGGdlWBuVFH/5dpD5VM=";
    };
  };
  hasRadosgw = optExpat != null && optCurl != null && optLibedit != null;
  # Malloc implementation (can be jemalloc, tcmalloc or null)
  malloc = if optJemalloc != null then optJemalloc else optGperftools;
  # We prefer nss over cryptopp
  cryptoStr = if optNss != null && optNspr != null then "nss" else
    if optCryptopp != null then "cryptopp" else "none";
  cryptoLibsMap = {
    nss = [ optNss optNspr ];
    cryptopp = [ optCryptopp ];
    none = [ ];
  };
  getMeta = description: with lib; {
     homepage = "https://ceph.io/en/";
     inherit description;
     license = with licenses; [ lgpl21 gpl2 bsd3 mit publicDomain ];
     maintainers = with maintainers; [ adev ak johanot krav ];
     platforms = [ "x86_64-linux" "aarch64-linux" ];
   };
  ceph-common = with python.pkgs; buildPythonPackage {
    pname = "ceph-common";
    inherit src version;
    sourceRoot = "ceph-${version}/src/python-common";
    propagatedBuildInputs = [
      pyyaml
    ];
    nativeCheckInputs = [
      pytestCheckHook
    ];
    disabledTests = [
      # requires network access
      "test_valid_addr"
    ];
    meta = getMeta "Ceph common module for code shared by manager modules";
  };
  # Watch out for python <> boost compatibility
  python = python310.override {
    packageOverrides = self: super: {
      sqlalchemy = super.sqlalchemy.overridePythonAttrs rec {
        version = "1.4.46";
        src = fetchPypi {
          pname = "SQLAlchemy";
          inherit version;
          hash = "sha256-aRO4JH2KKS74MVFipRkx4rQM6RaB8bbxj2lwRSAMSjA=";
        };
        disabledTestPaths = [
          "test/aaa_profiling"
          "test/ext/mypy"
        ];
      };
    };
  };
  boost = boost179.override {
    enablePython = true;
    inherit python;
  };
  # TODO: split this off in build and runtime environment
  ceph-python-env = python.withPackages (ps: with ps; [
    ceph-common
    # build time
    cython
    # debian/control
    bcrypt
    cherrypy
    influxdb
    jinja2
    kubernetes
    natsort
    numpy
    pecan
    prettytable
    pyjwt
    pyopenssl
    python-dateutil
    pyyaml
    requests
    routes
    scikit-learn
    scipy
    setuptools
    sphinx
    virtualenv
    werkzeug
    # src/pybind/mgr/requirements-required.txt
    cryptography
    jsonpatch
    # src/tools/cephfs/shell/setup.py
    cmd2
    colorama
  ]);
  inherit (ceph-python-env.python) sitePackages;
  version = "18.2.0";
  src = fetchurl {
    url = "https://download.ceph.com/tarballs/ceph-${version}.tar.gz";
    hash = "sha256:0k9nl6xi5brva51rr14m7ig27mmmd7vrpchcmqc40q3c2khn6ns9";
  };
 in rec {
  ceph = stdenv.mkDerivation {
    pname = "ceph";
    inherit src version;
    nativeBuildInputs = [
      cmake
      fmt
      git
      makeWrapper
      nasm
      pkg-config
      python
      python.pkgs.python # for the toPythonPath function
      python.pkgs.wrapPython
      which
      (ensureNewerSourcesHook { year = "1980"; })
      # for building docs/man-pages presumably
      doxygen
      graphviz
    ];
    enableParallelBuilding = true;
    buildInputs = cryptoLibsMap.${cryptoStr} ++ [
      arrow-cpp
      babeltrace
      boost
      bzip2
      ceph-python-env
      cryptsetup
      cunit
      gperf
      gtest
      icu
      libcap
      libnl
      libxml2
      lttng-ust
      lua
      lz4
      malloc
      oath-toolkit
      openldap
      optLibatomic_ops
      optLibs3
      optYasm
      rdkafka
      rocksdb'
      snappy
      sqlite
      utf8proc
      zlib
      zstd
    ] ++ lib.optionals stdenv.isLinux [
      keyutils
      libcap_ng
      liburing
      libuuid
      linuxHeaders
      optLibaio
      optLibxfs
      optZfs
      rabbitmq-c
      rdma-core
      udev
      util-linux
    ] ++ lib.optionals hasRadosgw [
      optCurl
      optExpat
      optFuse
      optLibedit
    ];
    pythonPath = [ ceph-python-env "${placeholder "out"}/${ceph-python-env.sitePackages}" ];
    preConfigure =''
      substituteInPlace src/common/module.c --replace "/sbin/modinfo"  "modinfo"
      substituteInPlace src/common/module.c --replace "/sbin/modprobe" "modprobe"
      substituteInPlace src/common/module.c --replace "/bin/grep" "grep"
      # install target needs to be in PYTHONPATH for "*.pth support" check to succeed
      # set PYTHONPATH, so the build system doesn't silently skip installing ceph-volume and others
      export PYTHONPATH=${ceph-python-env}/${sitePackages}:$lib/${sitePackages}:$out/${sitePackages}
      patchShebangs src/
    '';
    cmakeFlags = [
      "-DCMAKE_INSTALL_DATADIR=${placeholder "lib"}/lib"
      "-DWITH_CEPHFS_SHELL:BOOL=ON"
      "-DWITH_SYSTEMD:BOOL=OFF"
      # `WITH_JAEGER` requires `thrift` as a depenedncy (fine), but the build fails with:
      #     CMake Error at src/opentelemetry-cpp-stamp/opentelemetry-cpp-build-Release.cmake:49 (message):
      #     Command failed: 2
      #
      #        'make' 'opentelemetry_trace' 'opentelemetry_exporter_jaeger_trace'
      #
      #     See also
      #
      #        /build/ceph-18.2.0/build/src/opentelemetry-cpp/src/opentelemetry-cpp-stamp/opentelemetry-cpp-build-*.log
      # and that file contains:
      #     /build/ceph-18.2.0/src/jaegertracing/opentelemetry-cpp/exporters/jaeger/src/TUDPTransport.cc: In member function 'virtual void opentelemetry::v1::exporter::jaeger::TUDPTransport::close()':
      #     /build/ceph-18.2.0/src/jaegertracing/opentelemetry-cpp/exporters/jaeger/src/TUDPTransport.cc:71:7: error: '::close' has not been declared; did you mean 'pclose'?
      #       71 |     ::THRIFT_CLOSESOCKET(socket_);
      #          |       ^~~~~~~~~~~~~~~~~~
      # Looks like `close()` is somehow not included.
      # But the relevant code is already removed in `open-telemetry` 1.10: https://github.com/open-telemetry/opentelemetry-cpp/pull/2031
      # So it's proably not worth trying to fix that for this Ceph version,
      # and instead just disable Ceph's Jaeger support.
      "-DWITH_JAEGER:BOOL=OFF"
      "-DWITH_TESTS:BOOL=OFF"
      # Use our own libraries, where possible
      "-DWITH_SYSTEM_ARROW:BOOL=ON" # Only used if other options enable Arrow support.
      "-DWITH_SYSTEM_BOOST:BOOL=ON"
      "-DWITH_SYSTEM_GTEST:BOOL=ON"
      "-DWITH_SYSTEM_ROCKSDB:BOOL=ON"
      "-DWITH_SYSTEM_UTF8PROC:BOOL=ON"
      "-DWITH_SYSTEM_ZSTD:BOOL=ON"
      # TODO breaks with sandbox, tries to download stuff with npm
      "-DWITH_MGR_DASHBOARD_FRONTEND:BOOL=OFF"
      # WITH_XFS has been set default ON from Ceph 16, keeping it optional in nixpkgs for now
      ''-DWITH_XFS=${if optLibxfs != null then "ON" else "OFF"}''
    ] ++ lib.optional stdenv.isLinux "-DWITH_SYSTEM_LIBURING=ON";
    postFixup = ''
      wrapPythonPrograms
      wrapProgram $out/bin/ceph-mgr --prefix PYTHONPATH ":" "$(toPythonPath ${placeholder "out"}):$(toPythonPath ${ceph-python-env})"
      # Test that ceph-volume exists since the build system has a tendency to
      # silently drop it with misconfigurations.
      test -f $out/bin/ceph-volume
    '';
    outputs = [ "out" "lib" "dev" "doc" "man" ];
    doCheck = false; # uses pip to install things from the internet
    # Takes 7+h to build with 2 cores.
    requiredSystemFeatures = [ "big-parallel" ];
    meta = getMeta "Distributed storage system";
    passthru = {
      inherit version;
      tests = {
        inherit (nixosTests)
          ceph-multi-node
          ceph-single-node
          ceph-single-node-bluestore;
      };
    };
  };
  ceph-client = runCommand "ceph-client-${version}" {
      meta = getMeta "Tools needed to mount Ceph's RADOS Block Devices/Cephfs";
    } ''
      mkdir -p $out/{bin,etc,${sitePackages},share/bash-completion/completions}
      cp -r ${ceph}/bin/{ceph,.ceph-wrapped,rados,rbd,rbdmap} $out/bin
      cp -r ${ceph}/bin/ceph-{authtool,conf,dencoder,rbdnamer,syn} $out/bin
      cp -r ${ceph}/bin/rbd-replay* $out/bin
      cp -r ${ceph}/sbin/mount.ceph $out/bin
      cp -r ${ceph}/sbin/mount.fuse.ceph $out/bin
      ln -s bin $out/sbin
      cp -r ${ceph}/${sitePackages}/* $out/${sitePackages}
      cp -r ${ceph}/etc/bash_completion.d $out/share/bash-completion/completions
      # wrapPythonPrograms modifies .ceph-wrapped, so lets just update its paths
      substituteInPlace $out/bin/ceph          --replace ${ceph} $out
      substituteInPlace $out/bin/.ceph-wrapped --replace ${ceph} $out
   '';
 }
--- a/pkgs/overlay.nix
+++ b/pkgs/overlay.nix
@ -0,0 +1,35 @@
 final: prev:
 {
  bsc = prev.bsc.extend (bscFinal: bscPrev: {
    # Set MPICH as default
    mpi = bscFinal.mpich;
    # Configure the network for MPICH
    mpich = with final; prev.mpich.overrideAttrs (old: {
      buildInput = old.buildInputs ++ [
        libfabric
        pmix
      ];
      configureFlags = [
        "--enable-shared"
        "--enable-sharedlib"
        "--with-pm=no"
        "--with-device=ch4:ofi"
        "--with-pmi=pmix"
        "--with-pmix=${final.pmix}"
        "--with-libfabric=${final.libfabric}"
        "--enable-g=log"
      ] ++ lib.optionals (lib.versionAtLeast gfortran.version "10") [
        "FFLAGS=-fallow-argument-mismatch" # https://github.com/pmodels/mpich/issues/4300
        "FCFLAGS=-fallow-argument-mismatch"
      ];
    });
  });
  # Update ceph to 18.2.0 until it lands in nixpkgs, see:
  # https://github.com/NixOS/nixpkgs/pull/247849
  inherit (prev.callPackage ./ceph.nix {
    lua = prev.lua5_4;
    fmt = prev.fmt_8;
  }) ceph ceph-client;
 }
--- a/rebuild.sh
+++ b/rebuild.sh
@ -0,0 +1,16 @@
 #!/bin/sh -ex
 if [ "$(id -u)" != 0 ]; then
 echo "Needs root permissions"
 exit 1
 fi
 if [ "$(hostname)" != "hut" ]; then
  >&2 echo "must run from machine hut, not $(hostname)"
  exit 1
 fi
 # Update all nodes
 nixos-rebuild switch --flake .
 nixos-rebuild switch --flake .#owl1 --target-host owl1
 nixos-rebuild switch --flake .#owl2 --target-host owl2
--- a/secrets/ceph-user.age
+++ b/secrets/ceph-user.age
@ -0,0 +1,21 @@
 age-encryption.org/v1
 -> ssh-ed25519 AY8zKw J00a6ZOhkupkhLU5WQ0kD05HEF4KKsSs2hwjHKbnnHU
 J14VoNOCqLpScVO7OLXbqTcLI4tcVUHt5cqY/XQmbGs
 -> ssh-ed25519 sgAamA k8R/bSUdvVmlBI6yHPi5NBQPBGM36lPJwsir8DFGgxE
 4ZKC3gYvic6AVrNGgNjwztbUzhxP8ViX5O3wFo9wlrk
 -> ssh-ed25519 HY2yRg 966xf2fTnA6Wq0uYXbXZQOManqITJcCbQS9LZCGEOh4
 Qg5echQSrzqeDqvaMx+5fqi8XyTjAeCsY/UFJX6YnDs
 -> ssh-ed25519 tcumPQ e0U2okrGIoUpLfPYjIRx1V92rE3hZW13nJef+l3kBQg
 LejAUKBl+tPhwocCF00ZHTzFISnwX8og8GvemiMIcyo
 -> ssh-ed25519 JJ1LWg QkzTsPq9Gdh+FNz/a4bDb9LQOreFyxeTC51UNd1fsj0
 ayrlKenETfQzH1Z9drVEWqszQebicGVJve0/pCnxAE8
 -> ssh-ed25519 CAWG4Q lJLW9+dxvyoD4hYzeXeE/4rzJ6HIeEQOB1+fbhV3xw0
 T2RrVCtTuQvya9HiJB7txk3QGrntpsMX9Tt1cyXoW5E
 -> ssh-ed25519 MSF3dg JOZkFb2CfqWKvZIz7lYxXWgv8iEVDkQF8hInDMZvknc
 MHDWxjUw4dNiC1h4MrU9uKKcI3rwkxABm0+5FYMZkok
 -> ~8m;7f-grease
 lDIullfC98RhpTZ4Mk87Td+VtPmwPdgz+iIilpKugUkmV5r4Uqd7yE+5ArA6ekr/
 G/X4EA
 --- Cz4sv9ZunBcVdZCozdTh1zlg1zIASjk2MjYeYfcN9eA
 ÊN	Å$[H˜ÝQËéŠ
 d£š·'±ö7…·Í²)ÖØÀÊx9yüÐëE¡þÓM7^Ø[ÐMŽ+É&éâö½$8tM¨Ð²
--- a/secrets/munge-key.age
+++ b/secrets/munge-key.age
--- a/secrets/nix-serve.age
+++ b/secrets/nix-serve.age
@ -0,0 +1,12 @@
 age-encryption.org/v1
 -> ssh-ed25519 HY2yRg d144D+VvxhYgKtH//uD2qNuVnYX6bh74YqkyM3ZjBwU
 0IeVmFAf4U8Sm0d01O6ZwJ1V2jl/mSMl4wF0MP5LrIg
 -> ssh-ed25519 CAWG4Q H4nKxue/Cj/3KUF5A+/ygHMjjArwgx3SIWwXcqFtyUo
 4k5NJkLUrueLYiPkr2LAwQLWmuaOIsDmV/86ravpleU
 -> ssh-ed25519 MSF3dg HpgUAFHLPs4w0cdJHqTwf8lySkTeV9O9NnBf49ClDHs
 foPIUUgAYe1YSDy6+aMfjN7xv9xud9fDmhRlIztHoEo
 -> vLkF\<-grease
 3GRT+W8gYSpjl/a6Ix9+g9UJnTpl1ZH/oucfR801vfE8y77DV2Jxz/XJwzxYxKG5
 YEhiTGMNbXw/V7E5aVSz6Bdc
 --- GtiHKCZdHByq9j0BSLd544PhbEwTN138E8TFdxipeiA
 ¥¿£‹„ÝG$Sº¼ƒRAæÀ¾Th]nÄ8<C384>,ùHœsÈïÚ=p¼™Ù'»<>ô+ôjõÓõŒ9±)ñ:”)‘¸œYâþÑ8³IØõ8:ol<6F>ë’<1F>åÃZÐæ3–PM”F;ÊrYõ“ÞÛ<1F>$¨y¸LâÙœ¦ÎœàÕUús16Ç¾¡LŒb÷¨²
--- a/secrets/nosv-token.age
+++ b/secrets/nosv-token.age
@ -0,0 +1,11 @@
 age-encryption.org/v1
 -> ssh-ed25519 HY2yRg hrdS7Dl/j+u3XVfM79ZJpZSlre9TcD7DTQ+EEAT6kEE
 avUO96P1h7w2BYWgrQ7GpUgdaCV9AZL7eOTTcF9gfro
 -> ssh-ed25519 CAWG4Q A5raRY1CAgFYZgoQ92GMyNejYNdHx/7Y6uTS+EjLPWA
 FRFqT2Jz7qRcybaxkQTKHGl797LVXoHpYG4RZSrX/70
 -> ssh-ed25519 MSF3dg D+R80Bg7W9AuiOMAqtGFZQl994dRBIegYRLmmTaeZ3o
 BHvZsugRiuZ91b4jk91h30o3eF3hadSnVCwxXge95T8
 -> BT/El`a-grease W{nq|Vm )bld 2Nl}4 N$#JGB4t
 oLG+0S1aGfO/ohCfgGmhDhwwLi4H
 --- 2I5C+FvBG/K1ZHh7C5QD39feTSLoFGwcTeZAmeILNsI
 ¹õW©o÷ ÙÄd;ËÐC¾.¹¡_(“u
G¡€‰#ìvâœgÉ<67>†õõy¹Y‰žl9ŒÈ¡Ïµ.Œé0x<30>Þ½úN. /ü<>tB×b‡ü¼K¼ì:Q×—È\¹ÀÍT_´»Átxïm’——_JñÞž-š
--- a/secrets/ovni-token.age
+++ b/secrets/ovni-token.age
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -0,0 +1,15 @@
 let
  keys = import ../keys.nix;
  adminsKeys = builtins.attrValues keys.admins;
  hut = [ keys.hosts.hut ] ++ adminsKeys;
  # Only expose ceph keys to safe nodes and admins
  safe = keys.hostGroup.safe ++ adminsKeys;
 in
 {
  "ovni-token.age".publicKeys = hut;
  "nosv-token.age".publicKeys = hut;
  "nix-serve.age".publicKeys = hut;
  "ceph-user.age".publicKeys = safe;
  "munge-key.age".publicKeys = safe;
 }
--- a/web/.gitignore
+++ b/web/.gitignore
@ -0,0 +1 @@
 ./public
--- a/web/archetypes/default.md
+++ b/web/archetypes/default.md
@ -0,0 +1,6 @@
 ---
 title: "{{ replace .Name "-" " " | title }}"
 date: {{ .Date }}
 draft: true
 ---
--- a/web/content/_index.md
+++ b/web/content/_index.md
@ -0,0 +1,25 @@
 ![Rainforest](jungle.jpg)
 Welcome to the jungle, a set of machines with no imposed rules that are fully
 controlled and maintained by their users.
 The configuration of all the machines is written in a centralized [git
 repository][config] using the Nix language for NixOS. Changes in the
 configuration of the machines are introduced by merge requests and pass a review
 step before being deployed.
 [config]: https://pm.bsc.es/gitlab/rarias/jungle
 The machines have access to the large list of packages available in
 [Nixpkgs][nixpkgs] and a custom set of packages named [bscpkgs][bscpkgs],
 specifically tailored to our needs for HPC machines. Users can install their own
 packages and made them system-wide available by opening a merge request.
 [nixpkgs]: https://github.com/NixOS/nixpkgs
 [bscpkgs]: https://pm.bsc.es/gitlab/rarias/bscpkgs
 We have put a lot of effort to guarantee very good reproducibility properties in
 the configuration of the machines and the software they use.
 To enter the jungle machines follow the [instructions](access) to submit a
 request.
--- a/web/content/access/cave.jpg
+++ b/web/content/access/cave.jpg
--- a/web/content/access/index.md
+++ b/web/content/access/index.md
@ -0,0 +1,22 @@
 ---
 title: "Enter the jungle"
 description: "Request access to the machines"
 ---
 ![Cave](./cave.jpg)
 Before requesting access to the jungle machines, you must be able to access the
 `ssfhead.bsc.es` node (only available via the intranet or VPN). You can request
 access to the login machine using a resource petition in the BSC intranet.
 Then, to request access to the machines we will need some information about you:
 1. Which machines you want access to (hut, owl1, owl2, eudy, koro...)
 1. Your user name and user id (to match the NFS permissions)
 1. Your real name and surname (for identification purposes)
 1. The salted hash of your login password, generated with `mkpasswd -m sha-512`
 1. An SSH public key of type Ed25519 (can be generated with `ssh-keygen -t ed25519`)
 Send an email to <jungle@bsc.es> with the details, or directly open a
 merge request in the [jungle
 repository](https://pm.bsc.es/gitlab/rarias/jungle/).
--- a/web/content/eudy/_index.md
+++ b/web/content/eudy/_index.md
@ -0,0 +1,10 @@
 ---
 title: "Eudy"
 description: "Linux kernel experiments"
 ---
 [![Eudy](eudy.jpg)](https://commons.wikimedia.org/w/index.php?curid=5817408)
 The *eudy* machine is destined as a playground for Linux kernel experiments. The
 name is a shorthand of the Eudyptula species of little penguins found the New
 Zealand and Australia.
--- a/web/content/eudy/eudy.jpg
+++ b/web/content/eudy/eudy.jpg
--- a/web/content/grafana/_index.md
+++ b/web/content/grafana/_index.md
@ -0,0 +1,6 @@
 ---
 title: "Grafana"
 description: "Monitor metrics"
 ---
 If you are reading this page, the proxy to the Grafana service is not working.
--- a/web/content/hut/_index.md
+++ b/web/content/hut/_index.md
@ -0,0 +1,18 @@
 ---
 title: "Hut"
 description: "Control node"
 date: 2023-06-13T19:36:57+02:00
 ---
 ![Hut](hut.jpg)
 From the hut we monitor and control other nodes. It consist of one node only,
 which is available at `hut` or `xeon07`. It runs the following services:
 - Prometheus: to store the monitoring data.
 - Grafana: to plot the data in the web browser.
 - Slurmctld: to manage the SLURM nodes.
 - Gitlab runner: to run CI jobs from Gitlab.
 This node is prone to interruptions from all the services it runs, so it is not
 a good candidate for low noise executions.
--- a/web/content/hut/hut.jpg
+++ b/web/content/hut/hut.jpg
--- a/web/content/intro-nix/_index.md
+++ b/web/content/intro-nix/_index.md
@ -0,0 +1,7 @@
 ---
 title: "Intro to nix"
 date: 2023-09-15
 ---
 Basic introduction to Nix for users of the jungle machines. You should be able
 to access the jungle machines, otherwise [request access](/access).
--- a/web/content/intro-nix/ch1.md
+++ b/web/content/intro-nix/ch1.md
@ -0,0 +1,100 @@
 ---
 title: "Chapter 1: Packages"
 description: "Here we show where packages come from"
 date: 2023-06-13T19:36:57+02:00
 weight: 1
 ---
 In this chapter we describe where the packages available in the cluster come
 from and how to load them.
 ## Where packages come from
 The packages in the jungle cluster are constructed by *layers*. Each layer
 applies some changes over the previous one:
 1. The first layer is [nixpkgs][1], a large repository of packages maintained by
   the NixOS community. It provides packages like gcc, bash, gcc or the linux
   kernel.
 [1]: https://github.com/NixOS/nixpkgs/
 2. The second layer is [bscpkgs][2], it takes the nixpkgs set of packages and
   expands it by adding custom packages from the BSC such as Nanos6, nOS-V,
   NODES, ovni or wxparaver.
 [2]: https://pm.bsc.es/gitlab/rarias/bscpkgs
 3. The third layer is [jungle][3], it takes the extended packages from bscpkgs
   and configures them for the jungle cluster. For example, we configure MPICH
   to use the OmniPath network and set it as the default implementation.
 [3]: https://pm.bsc.es/gitlab/rarias/jungle
 These layers are called *overlays* in Nix and they are the default mechanism
 used to modify the packages. Generally you will use the packages defined in the
 last layer (jungle) but you can define your own additional layer to specify
 custom changes. For example, instead of choosing MPICH, you may want to use
 Intel MPI instead by default.
 ## Loading packages in an ephemeral shell
 You can manually load packages in a *new* shell with `nix shell jungle#<pkg>`,
 for example:
 ```
 hut% which ovniemu
 ovniemu not found
 hut% nix shell jungle#bsc.ovni
 hut% which ovniemu
 /nix/store/0yzas8007x9djlpbb0pckcr1vhd0mcfy-ovni-1.3.0/bin/ovniemu
 hut% exit
 hut%
 ```
 You can also specify multiple packages by listing them as parameters of `nix
 shell`:
 ```
 hut% nix shell jungle#bsc.ovni jungle#bsc.osumb
 hut% which osu_bw
 /nix/store/lnjirzllhjn2fadlqzrz7a547iawl8jc-osu-micro-benchmarks-7.1-1/bin/osu_bw
 hut% exit
 ```
 Or make the bash (zsh in this case) shell expand them:
 ```
 hut% echo nix shell jungle#bsc.{ovni,osumb}
 nix shell jungle#bsc.ovni jungle#bsc.osumb
 hut% nix shell jungle#bsc.{ovni,osumb}
 hut% which osu_bw
 /nix/store/lnjirzllhjn2fadlqzrz7a547iawl8jc-osu-micro-benchmarks-7.1-1/bin/osu_bw
 hut% exit
 ```
 You can use TAB to see which packages are available:
 ```
 hut% nix shell jungle#bsc.n<TAB>
 jungle\#bsc.nanos6              jungle\#bsc.nixtools
 jungle\#bsc.nanos6Debug         jungle\#bsc.nix-wrap
 jungle\#bsc.nanos6Git           jungle\#bsc.nodes
 jungle\#bsc.nanos6GlibcxxDebug  jungle\#bsc.nodesGit
 jungle\#bsc.nanos6-icc          jungle\#bsc.nodesRelease
 jungle\#bsc.nanos6-icx          jungle\#bsc.nodesWithOvni
 jungle\#bsc.nanos6Release       jungle\#bsc.nosv
 jungle\#bsc.nix-mn4
 ```
 Notice that these packages are evaluated at the moment the command is invoked.
 So if you come back a month later and run the same command, you may find that
 the packages have been updated and that could be problematic.
 In the next section we will create a new flake that defines the packages of the
 shell and also records the exact version of the packages that we used at the
 evaluation time for future use.
 In the [next chapter](../ch2) we will see how to create a permanent shell that
 will retain the same packages even if they are upgraded in the cluster, until we
 decide to upgrade them.
--- a/web/content/intro-nix/ch2.md
+++ b/web/content/intro-nix/ch2.md
@ -0,0 +1,155 @@
 ---
 title: "Chapter 2: Your first shell"
 date: 2023-09-15
 weight: 2
 ---
 ## Creating a shell with flake.nix
 First, create an empty git repository where your shells will live:
 ```txt
 hut% mkdir jungle-examples
 hut% cd jungle-examples
 hut% git init
 Initialized empty Git repository in /home/Computational/rarias/jungle-examples/.git/
 ```
 And then, place a file named `flake.nix` on the repo with this content:
 ```nix
 {
  inputs.jungle.url = "jungle";
  nixConfig.bash-prompt = "\[nix-develop\]$ ";
  outputs = { self, jungle }:  
  let
    pkgs = jungle.outputs.packages.x86_64-linux;
  in {
    devShells.x86_64-linux.default = pkgs.mkShell rec {
      pname = "my-shell";
      buildInputs = with pkgs.bsc; [
        ovni osumb # other packages here...
      ];
    };
  };
 }
 ```
 This file defines a how to create a shell in the Nix language with the
 `pkgs.mkShell` function using the packages listed in `buildInputs`. It also
 requests the packages to be taken from the *jungle* input, which corresponds to
 the set of packages that [we defined earlier](../ch1#where-packages-come-from),
 tuned for the cluster. We will describe it in more detail later.
 The tool `nix develop` tries to find a flake.nix in the current directory and
 enter the shell described by `devShells.x86_64-linux.default` (or the
 corresponding architecture).
 Now, **it is important that all the files of the repository are committed in
 git**, as nix will only read what is in the index of git. If we try to enter the
 shell with the `nix develop` command, it will complain and fail:
 ```txt
 hut% nix develop
 warning: Git tree '/home/Computational/rarias/jungle-examples' is dirty
 error: getting status of '/nix/store/0ccnxa25whszw7mgbgyzdm4nqc0zwnm8-source/flake.nix': No such file or directory
 ```
 The first warning states that the git directory has modified files not added to
 the index. Then the error occurs because the flake.nix is not in the index of
 git, so `nix develop` doesn't see it. So let's add it to a commit and try again:
 ```txt
 hut% git add flake.nix
 hut% git commit flake.nix -m 'First shell'
 [master (root-commit) eb8a4ac] First shell
 1 file changed, 13 insertions(+)
 create mode 100644 flake.nix
 hut% nix develop
 warning: creating lock file '/home/Computational/rarias/jungle-examples/flake.lock'
 warning: Git tree '/home/Computational/rarias/jungle-examples' is dirty
 [nix-develop]$
 ```
 In the `flake.nix` we have set the shell prompt to `[nix-develop]` so we can
 easily spot that we are inside a `nix develop` shell. To exit:
 ```txt
 [nix-develop]$ exit
 hut%
 ```
 ## Using the flake.lock file
 Now we see the `creating lock file` message and the git tree becomes dirty
 again (however, we enter the shell successfully).
 This `flake.lock` file that has been created collects the current state of the
 jungle packages in a file, so future invocations will use the same versions. We
 can see more details with `nix flake metadata`:
 ```txt
 hut% nix flake metadata
 warning: Git tree '/home/Computational/rarias/jungle-examples' is dirty
 Resolved URL:  git+file:///home/Computational/rarias/jungle-examples
 Locked URL:    git+file:///home/Computational/rarias/jungle-examples
 Path:          /nix/store/bckxqjkkv52hy4pzgb96r7fchhmvmql8-source
 Revision:      eb8a4ac544a74e3995d859c751e9ff4339de6509-dirty
 Last modified: 2023-09-15 13:06:12
 Inputs:
 └───jungle: path:/nix/store/3wv6q0f3pkgw840nnkn4jsp9xi650dyj-source?lastModified=1694772033&narHash=sha256-7a09O0Jb8WncxeB32ywmQEMqJdEFLrOG/XVT9bdII6I%3D&rev=653d411b9e46076a7878be9574ed6b3bd627cff1&revCount=195
    ├───agenix: github:ryantm/agenix/d8c973fd228949736dedf61b7f8cc1ece3236792
    │   ├───darwin: github:lnl7/nix-darwin/87b9d090ad39b25b2400029c64825fc2a8868943
    │   │   └───nixpkgs follows input 'jungle/agenix/nixpkgs'
    │   ├───home-manager: github:nix-community/home-manager/32d3e39c491e2f91152c84f8ad8b003420eab0a1
    │   │   └───nixpkgs follows input 'jungle/agenix/nixpkgs'
    │   └───nixpkgs follows input 'jungle/nixpkgs'
    ├───bscpkgs: git+https://pm.bsc.es/gitlab/rarias/bscpkgs.git?ref=refs/heads/master&rev=3a4062ac04be6263c64a481420d8e768c2521b80
    │   └───nixpkgs follows input 'jungle/nixpkgs'
    └───nixpkgs: github:NixOS/nixpkgs/e56990880811a451abd32515698c712788be5720
 ```
 Now, as long as we keep these two files `flake.nix` and `flake.lock`, we can
 reproduce the same shell in the future, so let's add the lock file into git too.
 ```txt
 hut% git commit -m 'Add flake.lock file'
 [master d3725ec] Add flake.lock file
 1 file changed, 135 insertions(+)
 create mode 100644 flake.lock
 hut% git status
 On branch master
 nothing to commit, working tree clean
 ```
 ## Using the shell with nix develop
 Now, the invocations of `nix develop` won't complain that the git tree is dirty
 anymore and will enter the shell:
 ```txt
 hut% nix develop
 [nix-develop]$
 ```
 And the requested packages are now available:
 ```txt
 [nix-develop]$ which ovniemu
 /nix/store/0yzas8007x9djlpbb0pckcr1vhd0mcfy-ovni-1.3.0/bin/ovniemu
 ```
 The packages of the shell are listed in the `$buildInputs` variable, in case you
 need to examine them:
 ```txt
 [nix-develop]$ printf '%s\n' $buildInputs
 /nix/store/0yzas8007x9djlpbb0pckcr1vhd0mcfy-ovni-1.3.0
 /nix/store/lnjirzllhjn2fadlqzrz7a547iawl8jc-osu-micro-benchmarks-7.1-1
 [nix-develop]$ exit
 hut%
 ```
 In the [next chapter](../ch3) we will see how to add more packages and also how to modify
 them.
--- a/web/content/intro-nix/ch3.md
+++ b/web/content/intro-nix/ch3.md
@ -0,0 +1,160 @@
 ---
 title: "Chapter 3: Custom packages"
 date: 2023-09-15
 weight: 3
 ---
 ## Adding more packages
 So far we have define all the packages using:
 ```nix
 pkgs.mkShell rec {
  pname = "my-shell";
  buildInputs = with pkgs.bsc; [
    ovni osumb # other packages here...
  ];
 };
 ```
 This line specifies that all packages come from the `pkgs.bsc` set. We can add
 additional packages adding them to the list:
 ```nix
 pkgs.mkShell rec {
  pname = "my-shell";
  buildInputs = with pkgs.bsc; [
    ovni osumb sonar
  ];
 };
 ```
 And running `nix develop` again:
 ```txt
 hut% nix develop
 warning: Git tree '/home/Computational/rarias/jungle-examples' is dirty
 [nix-develop]$ printf '%s\n' $buildInputs
 /nix/store/0yzas8007x9djlpbb0pckcr1vhd0mcfy-ovni-1.3.0
 /nix/store/lnjirzllhjn2fadlqzrz7a547iawl8jc-osu-micro-benchmarks-7.1-1
 /nix/store/fjxj4xs0wblw3jyhp4vsrsfnlfwawifa-sonar-0.1.0
 ```
 In the jungle cluster, the default MPI implementation is currently set to MPICH,
 as it can be shown with ldd:
 ```txt
 [nix-develop]$ ldd $(which ovnisync) | grep mpi
        libmpi.so.12 => /nix/store/nnnaly6hgylravdrmqkhpx1ndg5p79nc-mpich-4.1.2/lib/libmpi.so.12 (0x00007ffff5200000)
 ```
 Now, what if we want to replace the MPI implementation by another one?
 ## Modifying a package
 You notice that the packages we are using are coming directly from the ones
 specified in jungle. However, what if we need to modify some option at build
 time or change a dependency?
 The Nix language is used to describe how to build each package, and can be
 extended to create derived versions very easily.
 Let's focus on the `ovni` package. First, to load the definition we can use the
 `nix edit` command, which opens the definition file using the editor defined in
 `$EDITOR`:
 ```txt
 hut% nix edit jungle#bsc.ovni
 ...
 ```
 This particular package has several inputs that can be modified directly:
 ```txt
 {
  stdenv
 , lib
 , cmake
 , mpi
 , fetchFromGitHub
 , useGit ? false
 , gitBranch ? "master"
 , gitUrl ? "ssh://git@bscpm03.bsc.es/rarias/ovni.git"
 , gitCommit ? "d0a47783f20f8b177a48418966dae45454193a6a"
 , enableDebug ? false
 }:
 ...
 ```
 For example, the `enableDebug` flag, currently set to false, affects how the
 build is configured:
 ```txt
 cmakeBuildType = if (enableDebug) then "Debug" else "Release";
 ```
 Now, to change this option we could replace `ovni` for our version:
 ```nix
 {
  inputs.jungle.url = "jungle";
  nixConfig.bash-prompt = "\[nix-develop\]$ ";
  outputs = { self, jungle }:  
  let
    pkgs = jungle.outputs.packages.x86_64-linux;
    ovniDebug = pkgs.bsc.ovni.override { enableDebug = true; };
  in {
    devShells.x86_64-linux.default = pkgs.mkShell rec {
      pname = "my-shell";
      buildInputs = with pkgs.bsc; [
        ovniDebug osumb sonar
      ];
    };
  };
 }
 ```
 And then, when we now enter the develop shell we can see that ovni gets build
 with the Debug option:
 ```txt
 hut% nix develop -L
 warning: Git tree '/home/Computational/rarias/jungle-examples' is dirty
 ovni> unpacking sources
 ovni> unpacking source archive /nix/store/cz4si0vsw85r9s6dyiqr5ybngh9aympi-source
 ovni> source root is source
 ovni> patching sources
 ovni> updateAutotoolsGnuConfigScriptsPhase
 ovni> configuring
 ovni> fixing cmake files...
 ovni> cmake flags: ... -DCMAKE_BUILD_TYPE=Debug ...
 ...
 [nix-develop]$ which ovniver
 /nix/store/hg0xs7fpibwjhsp9ajqfcbffsh69mrsm-ovni-1.3.0/bin/ovniver
 [nix-develop]$ file $(which ovniver) | fold
 /nix/store/hg0xs7fpibwjhsp9ajqfcbffsh69mrsm-ovni-1.3.0/bin/ovniver: ELF 64-bit L
 SB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /nix/st
 ore/9la894yvmmksqlapd4v16wvxpaw3rg70-glibc-2.37-8/lib/ld-linux-x86-64.so.2, for
 GNU/Linux 3.10.0, with debug_info, not stripped
 ```
 And we see that the ovniver program is now compiled with debug symbols.
 However, this *only* replaces the ovni package that we specify in the shell. The
 sonar library also depends on ovni, but that package is still using the old one:
 ```txt
 [nix-develop]$ find $buildInputs -name 'libovni.so.1'
 /nix/store/hg0xs7fpibwjhsp9ajqfcbffsh69mrsm-ovni-1.3.0/lib/libovni.so.1
 [nix-develop]$ find $buildInputs -name 'libsonar-mpi.so'
 /nix/store/fjxj4xs0wblw3jyhp4vsrsfnlfwawifa-sonar-0.1.0/lib/libsonar-mpi.so
 [nix-develop]$ ldd /nix/store/fjxj4xs0wblw3jyhp4vsrsfnlfwawifa-sonar-0.1.0/lib/libsonar-mpi.so | grep ovni
        libovni.so.1 => /nix/store/0yzas8007x9djlpbb0pckcr1vhd0mcfy-ovni-1.3.0/lib/libovni.so.1 (0x00007ffff7f8d000)
 ```
 In the [next chapter](../ch4) we will see how to replace packages in such a way
 that all the dependences are automatically updated too.
--- a/web/content/intro-nix/ch4.md
+++ b/web/content/intro-nix/ch4.md
@ -0,0 +1,29 @@
 ---
 title: "Chapter 4: Adding an overlay"
 date: 2023-09-15
 weight: 4
 ---
 NOTE: We shouldn't be instructing users to use an overlay to replace packages in
 `bsc.` until we have determined if we move them to the root attribute set
 first!
 ```nix
 {
  inputs.jungle.url = "jungle";
  nixConfig.bash-prompt = "\[nix-develop\]$ ";
  outputs = { self, jungle }:  
  let
    pkgs = jungle.outputs.packages.x86_64-linux;
    ovniDebug = pkgs.bsc.ovni.override { enableDebug = true; };
  in {
    devShells.x86_64-linux.default = pkgs.mkShell rec {
      pname = "my-shell";
      buildInputs = with pkgs.bsc; [
        ovniDebug osumb sonar
      ];
    };
  };
 }
 ```
--- a/web/content/lake/_index.md
+++ b/web/content/lake/_index.md
@ -0,0 +1,10 @@
 ---
 title: "Lake"
 description: "Data storage"
 date: 2023-06-13T19:36:57+02:00
 draft: true
 ---
 ![Lake](lake.jpg)
 Data storage
--- a/web/content/lake/lake.jpg
+++ b/web/content/lake/lake.jpg
--- a/web/content/owl/_index.md
+++ b/web/content/owl/_index.md
@ -0,0 +1,10 @@
 ---
 title: "Owl"
 description: "Low system noise"
 ---
 ![Owl](owl.jpg)
 Much like the silent flight of an owl at night, these nodes are configured to
 minimize the system noise and let programs run undisturbed. The list of nodes is
 `owl[1-2]` and are available for jobs with SLURM.
--- a/web/content/owl/owl.jpg
+++ b/web/content/owl/owl.jpg
--- a/web/content/posts/2023-09-12/_index.md
+++ b/web/content/posts/2023-09-12/_index.md
@ -0,0 +1,71 @@
 ---
 title: "Update 2023-09-12"
 author: "Rodrigo Arias Mallo"
 date: 2023-09-12
 ---
 This is a summary of notable changes introduced in the jungle cluster in the
 last months.
 ### New Ceph filesystem available
 We have installed the latest [Ceph filesystem][1] (18.2.0) which stores three
 redundant copies of the data so a failure in one disk doesn't cause data loss.
 It is mounted in /ceph and available for use in the owl1, owl2 and hut
 nodes. For now it provides 2.8 TiB of space and it is expected to
 increase when the last storage node is installed.
 [1]: https://en.wikipedia.org/wiki/Ceph_(software)
 The throughput is limited by the 1 Gigabit Ethernet speed, but should be
 reasonably fast for most workloads. Here is a test with dd which reaches the
 network limit:
 ```txt
 hut% dd if=/dev/urandom of=/ceph/rarias/urandom bs=1M count=1024
 1024+0 records in
 1024+0 records out
 1073741824 bytes (1,1 GB, 1,0 GiB) copied, 8,98544 s, 119 MB/s
 ```
 ### SLURM power save
 The SLURM daemon has been configured to power down the nodes after one hour of
 idling. When a new job is allocated to a node that is powered off, it is
 automatically turned on and as soon as it becomes available it will execute the
 job. Here is an example with two nodes that boot and execute a simple job that
 shows the date.
 ```txt
 hut% date; srun -N 2 date
 2023-09-12T17:36:09 CEST
 2023-09-12T17:38:26 CEST
 2023-09-12T17:38:18 CEST
 ```
 You can expect a similar delay (around 2-3 min) while the nodes are starting.
 Notice that while the nodes are kept on, the delay is not noticeable:
 ```txt
 hut% date; srun -N 2 date
 2023-09-12T17:40:04 CEST
 2023-09-12T17:40:04 CEST
 2023-09-12T17:40:04 CEST
 ```
 ### Power and temperature monitoring
 In the cluster, we monitor the temperature and the power draw of all nodes. This
 allows us to understand which machines are not being used and turn them off to
 save energy that otherwise would be wasted. Here is an example where some nodes
 are powered off to save energy:
 ![power](./power.png)
 We also configured the nodes to work at low CPU frequencies, so the temperature
 is kept low to increase the lifespan of the node components. Towards these
 goals, we have configured two alerts that trigger when the CPUs of a node
 exceeds the limit temperature of 80 °C or when the power draw exceeds 350 W.
 By keeping the power consumption and temperatures controlled, we can safely
 incorporate more machines that will only be used on demand.
--- a/web/content/posts/2023-09-12/power.png
+++ b/web/content/posts/2023-09-12/power.png
--- a/web/hugo.toml
+++ b/web/hugo.toml
@ -0,0 +1,8 @@
 baseURL = 'https://jungle.bsc.es/'
 languageCode = 'en-us'
 title = 'The jungle'
 theme = 'PaperMod'
 sectionPagesMenu = "main"
 [params]
 ShowBreadCrumbs = true
--- a/web/static/hut-big.jpg
+++ b/web/static/hut-big.jpg
--- a/web/static/jungle.jpg
+++ b/web/static/jungle.jpg
--- a/web/static/nodes.jpg
+++ b/web/static/nodes.jpg
--- a/web/static/rainforest.jpg
+++ b/web/static/rainforest.jpg
--- a/web/themes/PaperMod/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/web/themes/PaperMod/.github/ISSUE_TEMPLATE/bug_report.md
@ -0,0 +1,50 @@
 ---
 name: Bug report
 about: Create a report to help us improve
 title: "[BUG]"
 labels: bug
 assignees: ''
 ---
 <!--
 ## READ BEFORE OPENING ISSUES
 Please fill the template below
 - **DO NOT** ask for instructions.
 - Use Discussions section if you need help
 - See project wiki https://github.com/adityatelange/hugo-PaperMod/wiki
 - Read FAQs section https://github.com/adityatelange/hugo-PaperMod/wiki/FAQs
 - Search for previous issues/ pull requests
 -->
 **Describe the bug**
 <!-- A clear and concise description of what the bug is. -->
 - Device/Os: [e.g. Android 10]
 - Type: [e.g. Desktop/Mobile]
 - Browser and version [e.g. Chrome 86.0]:
 - Hugo Version [ >=0.97.1 expected]:
 - Theme Version [e.g. v4.0, master, or commit-id ]:
 **Steps to reproduce the behavior:**
 <!--
 1. Go to '...'
 2. Click on '....'
 3. Scroll down to '....'
 4. See error
 -->
 **Expected behavior**:
 <!-- A clear and concise description of what you expected to happen. -->
 **Repo/Source where this issue can be reproduced**:
 <!-- Please link source code of website where the said issue can be reproduced -->
 **Screenshots**
 <!-- If applicable, add screenshots to help explain your problem. -->
 **Additional context**
 <!--Add any other context about the problem here. -->
--- a/web/themes/PaperMod/.github/ISSUE_TEMPLATE/config.yml
+++ b/web/themes/PaperMod/.github/ISSUE_TEMPLATE/config.yml
@ -0,0 +1,5 @@
 blank_issues_enabled: false
 contact_links:
  - name: PaperMod Discussions
    url: https://github.com/adityatelange/hugo-PaperMod/discussions
    about: Please ask and answer questions/doubts here, do not open an issue for questions.
--- a/web/themes/PaperMod/.github/ISSUE_TEMPLATE/new-blank-issue.md
+++ b/web/themes/PaperMod/.github/ISSUE_TEMPLATE/new-blank-issue.md
@ -0,0 +1,7 @@
 ---
 name: New Blank Issue
 about: Anything other than bug report
 title: ""
 labels: ""
 assignees: ""
 ---
--- a/web/themes/PaperMod/.github/PULL_REQUEST_TEMPLATE.md
+++ b/web/themes/PaperMod/.github/PULL_REQUEST_TEMPLATE.md
@ -0,0 +1,44 @@
 <!--
 ## READ BEFORE OPENING A PR
 Thank you for contributing to hugo-PaperMod!
 Please fill out the following questions to make it easier for us to review your
 changes. You do not need to check all the boxes below.
 **NOTE**: PaperMod does not have any external dependencies fetched from 3rd party
 CDN servers. However we do have custom Head/Footer extender templates which you can use
 to add those to your website.
 https://github.com/adityatelange/hugo-PaperMod/wiki/FAQs#custom-head--footer
 -->
 **What does this PR change? What problem does it solve?**
 <!--
 Describe the changes and their purpose here, as detailed as and if  needed.
 Please do not add 2 unrelated changes in a single PR as it is difficult to track/revert those in future.
 -->
 **Was the change discussed in an issue or in the Discussions before?**
 <!--
 Link issues and relevant Discussions posts here.
 If this PR resolves an issue on GitHub, use "Closes #1234" so that the issue
 is closed automatically when this PR is merged.
 -->
 ## PR Checklist
 - [ ] This change adds/updates translations and I have used the [template present here](https://github.com/adityatelange/hugo-PaperMod/wiki/Translations#want-to-add-your-language-).
 - [ ] I have enabled [maintainer edits for this PR](https://help.github.com/en/github/collaborating-with-issues-and-pull-requests/allowing-changes-to-a-pull-request-branch-created-from-a-fork).
 - [ ] I have verified that the code works as described/as intended.
 - [ ] This change adds a Social Icon which has a permissive license to use it.
 - [ ] This change **does not** include any CDN resources/links.
 - [ ] This change **does not** include any unrelated scripts such as bash and python scripts.
 - [ ] This change updates the overridden internal templates from HUGO's repository.
--- a/web/themes/PaperMod/.github/stale.yml
+++ b/web/themes/PaperMod/.github/stale.yml
@ -0,0 +1,17 @@
 # Number of days of inactivity before an issue becomes stale
 daysUntilStale: 7
 # Number of days of inactivity before a stale issue is closed
 daysUntilClose: 3
 # Issues with these labels will never be considered stale
 exemptLabels:
  - pinned
  - keep
 # Label to use when marking an issue as stale
 staleLabel: stale
 # Comment to post when marking an issue as stale. Set to `false` to disable
 markComment: >
  This issue has been automatically marked as stale because it has not had
  recent activity. It will be closed if no further activity occurs. Thank you
  for your contributions.
 # Comment to post when closing a stale issue. Set to `false` to disable
 closeComment: false
--- a/web/themes/PaperMod/.github/workflows/gh-pages.yml
+++ b/web/themes/PaperMod/.github/workflows/gh-pages.yml
@ -0,0 +1,80 @@
 name: Deploy Hugo PaperMod Demo to Pages
 on:
  push:
    paths-ignore:
      - "images/**"
      - "LICENSE"
      - "README.md"
    branches:
      - master
      - exampleSite
  workflow_dispatch:
    # manual run
    inputs:
      hugoVersion:
        description: "Hugo Version"
        required: false
        default: "0.97.1"
 # Allow one concurrent deployment
 concurrency:
  group: "pages"
  cancel-in-progress: true
 # Default to bash
 defaults:
  run:
    shell: bash
 # Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages
 permissions:
  contents: read
  pages: write
  id-token: write
 jobs:
  # Build job
  build:
    runs-on: ubuntu-latest
    env:
      HUGO_VERSION: "0.97.1"
    steps:
      - name: Check version
        if: ${{ github.event.inputs.hugoVersion }}
        run: export HUGO_VERSION="${{ github.event.inputs.hugoVersion }}"
      - name: Install Hugo CLI
        run: |
          wget -O ${{ runner.temp }}/hugo.deb https://github.com/gohugoio/hugo/releases/download/v${HUGO_VERSION}/hugo_${HUGO_VERSION}_Linux-64bit.deb \
          && sudo dpkg -i ${{ runner.temp }}/hugo.deb
      - name: Checkout
        uses: actions/checkout@v3
        with:
          ref: exampleSite
      - name: Setup Pages
        id: pages
        uses: actions/configure-pages@v1
      - name: Get Theme
        run: git submodule update --init --recursive
      - name: Update theme to Latest commit
        run: git submodule update --remote --merge
      - name: Build with Hugo
        run: |
          hugo \
            --buildDrafts --gc --verbose \
            --baseURL ${{ steps.pages.outputs.base_url }}
      - name: Upload artifact
        uses: actions/upload-pages-artifact@v1
        with:
          path: ./public
  # Deployment job
  deploy:
    environment:
      name: github-pages
      url: ${{ steps.deployment.outputs.page_url }}
    runs-on: ubuntu-latest
    needs: build
    steps:
      - name: Deploy to GitHub Pages
        id: deployment
        uses: actions/deploy-pages@v1
--- a/web/themes/PaperMod/LICENSE
+++ b/web/themes/PaperMod/LICENSE
@ -0,0 +1,22 @@
 MIT License
 Copyright (c) 2020 nanxiaobei and adityatelange
 Copyright (c) 2021-2023 adityatelange
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
 in the Software without restriction, including without limitation the rights
 to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 copies of the Software, and to permit persons to whom the Software is
 furnished to do so, subject to the following conditions:
 The above copyright notice and this permission notice shall be included in all
 copies or substantial portions of the Software.
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 SOFTWARE.
--- a/web/themes/PaperMod/README.md
+++ b/web/themes/PaperMod/README.md
@ -0,0 +1,103 @@
 <h1 align=center>Hugo PaperMod | <a href="https://adityatelange.github.io/hugo-PaperMod/" rel="nofollow">Demo</a></h1>
 <h4 align=center>☄️ Fast | ☁️ Fluent | 🌙 Smooth | 📱 Responsive</h4>
 <br>
 > Hugo PaperMod is a theme based on [hugo-paper](https://github.com/nanxiaobei/hugo-paper).
 > The goal of this project is to add more features and customization to the og theme.
 **Documentation** can be found here: [**📚 Wiki**](https://github.com/adityatelange/hugo-PaperMod/wiki)
 **ExampleSite** can be found here: [**exampleSite**](https://github.com/adityatelange/hugo-PaperMod/tree/exampleSite). Demo is built up with [exampleSite](https://github.com/adityatelange/hugo-PaperMod/tree/exampleSite) as source.
 [![hugo-papermod](https://img.shields.io/badge/Hugo--Themes-@PaperMod-blue)](https://themes.gohugo.io/themes/hugo-papermod/)
 [![Minimum Hugo Version](https://img.shields.io/static/v1?label=HUGO-version&message=>0.97.1&color=blue&logo=hugo)](https://github.com/gohugoio/hugo/releases/tag/v0.97.1)
 [![Discord](https://img.shields.io/discord/971046860317921340?label=Discord&logo=discord)](https://discord.gg/ahpmTvhVmp)
 [![GitHub](https://img.shields.io/github/license/adityatelange/hugo-PaperMod)](https://github.com/adityatelange/hugo-PaperMod/blob/master/LICENSE)
 ![code-size](https://img.shields.io/github/languages/code-size/adityatelange/hugo-PaperMod)
 ---
 <p align="center">
  <kbd><img src="https://user-images.githubusercontent.com/21258296/114303440-bfc0ae80-9aeb-11eb-8cfa-48a4bb385a6d.png" alt="Mockup image" title="Mockup"/></kbd>
 </p>
 ---
 ## Features/Mods 💥
 -   Uses Hugo's asset generator with pipelining, fingerprinting, bundling and minification by default.
 -   3 Modes:
    -   [Regular Mode.](https://github.com/adityatelange/hugo-PaperMod/wiki/Features#regular-mode-default-mode)
    -   [Home-Info Mode.](https://github.com/adityatelange/hugo-PaperMod/wiki/Features#home-info-mode)
    -   [Profile Mode.](https://github.com/adityatelange/hugo-PaperMod/wiki/Features#profile-mode)
 -   Table of Content Generation (newer implementation).
 -   Archive of posts.
 -   Social Icons (home-info and profile-mode)
 -   Social-Media Share buttons on posts.
 -   Menu location indicator.
 -   Multilingual support. (with language selector)
 -   Taxonomies
 -   Cover image for each post (with Responsive image support).
 -   Light/Dark theme (automatic theme switch a/c to browser theme and theme-switch button).
 -   SEO Friendly.
 -   Multiple Author support.
 -   Search Page with Fuse.js
 -   Other Posts suggestion below a post
 -   Breadcrumb Navigation
 -   Code Block Copy buttons
 -   No webpack, nodejs and other dependencies are required to edit the theme.
 Read Wiki For More Details => **[PaperMod - Features](https://github.com/adityatelange/hugo-PaperMod/wiki/Features)**
 ---
 ## Install/Update 📥
 Read Wiki For More Details => **[PaperMod - Installation](https://github.com/adityatelange/hugo-PaperMod/wiki/Installation)**
 ---
 ## FAQs / How To's Guide 🙋
 Read Wiki For More Details => **[PaperMod-FAQs](https://github.com/adityatelange/hugo-PaperMod/wiki/FAQs)**
 ---
 ## Social-Icons/Share-Icons 🖼️
 Read Wiki For More Details => **[PaperMod-Icons](https://github.com/adityatelange/hugo-PaperMod/wiki/Icons)**
 ---
 ## Release Changelog 📃
 Release ChangeLog has info about stuff added: **[Releases](https://github.com/adityatelange/hugo-PaperMod/releases)**
 ---
 ## [Pagespeed Insights (100% ?)](https://pagespeed.web.dev/report?url=https://adityatelange.github.io/hugo-PaperMod/) 👀
 ---
 ## Support 🫶
 -   Star 🌟 this repository.
 -   Help spread the word about PaperMod by sharing it on social media and recommending it to your friends. 🗣️
 -   You can also sponsor 🏅 on [Github Sponsors](https://github.com/sponsors/adityatelange) / [Ko-Fi](https://ko-fi.com/adityatelange).
 ---
 ## Special Thanks 🌟
 -   [**Highlight.js**](https://github.com/highlightjs/highlight.js)
 -   [**Fuse.js**](https://github.com/krisk/fuse)
 -   [**Feather Icons**](https://github.com/feathericons/feather)
 -   [**Simple Icons**](https://github.com/simple-icons/simple-icons)
 -   **All Contributors and Supporters**
 ---
 ## Stargazers over time 📈
 <kbd>[![Stargazers over time](https://starchart.cc/adityatelange/hugo-PaperMod.svg)](https://starchart.cc/adityatelange/hugo-PaperMod)</kbd>
--- a/web/themes/PaperMod/assets/css/common/404.css
+++ b/web/themes/PaperMod/assets/css/common/404.css
@ -0,0 +1,11 @@
 .not-found {
    position: absolute;
    left: 0;
    right: 0;
    display: flex;
    align-items: center;
    justify-content: center;
    height: 80%;
    font-size: 160px;
    font-weight: 700;
 }
--- a/web/themes/PaperMod/assets/css/common/archive.css
+++ b/web/themes/PaperMod/assets/css/common/archive.css
@ -0,0 +1,44 @@
 .archive-posts {
    width: 100%;
    font-size: 16px;
 }
 .archive-year {
    margin-top: 40px;
 }
 .archive-year:not(:last-of-type) {
    border-bottom: 2px solid var(--border);
 }
 .archive-month {
    display: flex;
    align-items: flex-start;
    padding: 10px 0;
 }
 .archive-month-header {
    margin: 25px 0;
    width: 200px;
 }
 .archive-month:not(:last-of-type) {
    border-bottom: 1px solid var(--border);
 }
 .archive-entry {
    position: relative;
    padding: 5px;
    margin: 10px 0;
 }
 .archive-entry-title {
    margin: 5px 0;
    font-weight: 400;
 }
 .archive-count,
 .archive-meta {
    color: var(--secondary);
    font-size: 14px;
 }
--- a/web/themes/PaperMod/assets/css/common/footer.css
+++ b/web/themes/PaperMod/assets/css/common/footer.css
@ -0,0 +1,60 @@
 .footer,
 .top-link {
    font-size: 12px;
    color: var(--secondary);
 }
 .footer {
    max-width: calc(var(--main-width) + var(--gap) * 2);
    margin: auto;
    padding: calc((var(--footer-height) - var(--gap)) / 2) var(--gap);
    text-align: center;
    line-height: 24px;
 }
 .footer span {
    margin-inline-start: 1px;
    margin-inline-end: 1px;
 }
 .footer span:last-child {
    white-space: nowrap;
 }
 .footer a {
    color: inherit;
    border-bottom: 1px solid var(--secondary);
 }
 .footer a:hover {
    border-bottom: 1px solid var(--primary);
 }
 .top-link {
    visibility: hidden;
    position: fixed;
    bottom: 60px;
    right: 30px;
    z-index: 99;
    background: var(--tertiary);
    width: 42px;
    height: 42px;
    padding: 12px;
    border-radius: 64px;
    transition: visibility 0.5s, opacity 0.8s linear;
 }
 .top-link,
 .top-link svg {
    filter: drop-shadow(0px 0px 0px var(--theme));
 }
 .footer a:hover,
 .top-link:hover {
    color: var(--primary);
 }
 .top-link:focus,
 #theme-toggle:focus {
    outline: 0;
 }
--- a/web/themes/PaperMod/assets/css/common/header.css
+++ b/web/themes/PaperMod/assets/css/common/header.css
@ -0,0 +1,93 @@
 .nav {
    display: flex;
    flex-wrap: wrap;
    justify-content: space-between;
    max-width: calc(var(--nav-width) + var(--gap) * 2);
    margin-inline-start: auto;
    margin-inline-end: auto;
    line-height: var(--header-height);
 }
 .nav a {
    display: block;
 }
 .logo,
 #menu {
    display: flex;
    margin: auto var(--gap);
 }
 .logo {
    flex-wrap: inherit;
 }
 .logo a {
    font-size: 24px;
    font-weight: 700;
 }
 .logo a img, .logo a svg {
    display: inline;
    vertical-align: middle;
    pointer-events: none;
    transform: translate(0, -10%);
    border-radius: 6px;
    margin-inline-end: 8px;
 }
 button#theme-toggle {
    font-size: 26px;
    margin: auto 4px;
 }
 body.dark #moon {
    vertical-align: middle;
    display: none;
 }
 body:not(.dark) #sun {
    display: none;
 }
 #menu {
    list-style: none;
    word-break: keep-all;
    overflow-x: auto;
    white-space: nowrap;
 }
 #menu li + li {
    margin-inline-start: var(--gap);
 }
 #menu a {
    font-size: 16px;
 }
 #menu .active {
    font-weight: 500;
    border-bottom: 2px solid currentColor;
 }
 .lang-switch li,
 .lang-switch ul,
 .logo-switches {
    display: inline-flex;
    margin: auto 4px;
 }
 .lang-switch {
    display: flex;
    flex-wrap: inherit;
 }
 .lang-switch a {
    margin: auto 3px;
    font-size: 16px;
    font-weight: 500;
 }
 .logo-switches {
    flex-wrap: inherit;
 }
--- a/web/themes/PaperMod/assets/css/common/main.css
+++ b/web/themes/PaperMod/assets/css/common/main.css
@ -0,0 +1,68 @@
 .main {
    position: relative;
    min-height: calc(100vh - var(--header-height) - var(--footer-height));
    max-width: calc(var(--main-width) + var(--gap) * 2);
    margin: auto;
    padding: var(--gap);
 }
 .page-header h1 {
    font-size: 40px;
 }
 .pagination {
    display: flex;
 }
 .pagination a {
    color: var(--theme);
    font-size: 13px;
    line-height: 36px;
    background: var(--primary);
    border-radius: calc(36px / 2);
    padding: 0 16px;
 }
 .pagination .next {
    margin-inline-start: auto;
 }
 .social-icons {
    padding: 12px 0;
 }
 .social-icons a:not(:last-of-type) {
    margin-inline-end: 12px;
 }
 .social-icons a svg {
    height: 26px;
    width: 26px;
 }
 code {
    direction: ltr;
 }
 div.highlight,
 pre {
    position: relative;
 }
 .copy-code {
    display: none;
    position: absolute;
    top: 4px;
    right: 4px;
    color: rgba(255, 255, 255, 0.8);
    background: rgba(78, 78, 78, 0.8);
    border-radius: var(--radius);
    padding: 0 5px;
    font-size: 14px;
    user-select: none;
 }
 div.highlight:hover .copy-code,
 pre:hover .copy-code {
    display: block;
 }
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Rodrigo Arias Mallo	4da36899f5	Show breadcrumbs in the web	2023-09-15 16:32:26 +02:00
Rodrigo Arias Mallo	3906876a69	Add some introduction tutorials for Nix	2023-09-15 16:31:58 +02:00
Rodrigo Arias Mallo	fdc6445d47	Revert "Update slurm to 23.02.05.1" This reverts commit aaefddc44a9073166ac52b8bd56ac96258d3b053.	2023-09-14 15:46:18 +02:00
Rodrigo Arias Mallo	e88805947e	Open ports in firewall of compute nodes	2023-09-14 15:45:43 +02:00
Rodrigo Arias Mallo	aaefddc44a	Update slurm to 23.02.05.1	2023-09-13 17:44:24 +02:00
Rodrigo Arias Mallo	d9d249411d	Monitor storage nodes via IPMI too	2023-09-13 15:57:13 +02:00
Rodrigo Arias Mallo	c07f75c6bb	Specify the space available in /ceph	2023-09-13 14:19:59 +02:00
Rodrigo Arias Mallo	8d449ba20c	Add update post to website	2023-09-12 18:13:38 +02:00
Rodrigo Arias Mallo	10ca572aec	Enable fstrim service	2023-09-12 16:39:45 +02:00
Rodrigo Arias Mallo	75b0f48715	Serve the nix store from hut	2023-09-12 12:19:43 +02:00
Rodrigo Arias Mallo	19a451db77	Add encrypted munge key with agenix	2023-09-08 19:05:45 +02:00
Rodrigo Arias Mallo	ec9be9bb62	Remove unused large port hole in firewall	2023-09-08 18:22:48 +02:00
Rodrigo Arias Mallo	7ddd1977f3	Make exporters listen in localhost only	2023-09-08 18:13:04 +02:00
Rodrigo Arias Mallo	7050c505b5	Allow only some ports for srun	2023-09-08 17:51:37 +02:00
Rodrigo Arias Mallo	033a1fe97b	Block ssfhead from reaching our slurm daemon	2023-09-08 17:36:28 +02:00
Rodrigo Arias Mallo	77cb3c494e	Poweroff idle slurm nodes after 1 hour	2023-09-08 16:49:53 +02:00
Rodrigo Arias Mallo	6db5772ac4	Add IB and IPMI node host names	2023-09-08 13:21:37 +02:00
Rodrigo Arias Mallo	3e347e673c	flake.lock: Update Flake lock file updates: • Updated input 'bscpkgs': 'git+https://pm.bsc.es/gitlab/rarias/bscpkgs.git?ref=refs/heads/master&rev=ee24b910a1cb95bd222e253da43238e843816f2f' (2023-09-01) → 'git+https://pm.bsc.es/gitlab/rarias/bscpkgs.git?ref=refs/heads/master&rev=6122fef92701701e1a0622550ac0fc5c2beb5906' (2023-09-07)	2023-09-07 11:13:45 +02:00
Rodrigo Arias Mallo	dca274d020	Unlock ovni gitlab runners	2023-09-05 16:59:45 +02:00
Rodrigo Arias Mallo	c33909f32f	Update email contact to jungle mail list	2023-09-05 16:10:58 +02:00
Rodrigo Arias Mallo	64e856e8b9	flake.lock: Update Flake lock file updates: • Updated input 'bscpkgs': 'git+https://pm.bsc.es/gitlab/rarias/bscpkgs.git?ref=refs/heads/master&rev=18d64c352c10f9ce74aabddeba5a5db02b74ec27' (2023-08-31) → 'git+https://pm.bsc.es/gitlab/rarias/bscpkgs.git?ref=refs/heads/master&rev=ee24b910a1cb95bd222e253da43238e843816f2f' (2023-09-01) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/d680ded26da5cf104dd2735a51e88d2d8f487b4d' (2023-08-19) → 'github:NixOS/nixpkgs/e56990880811a451abd32515698c712788be5720' (2023-09-02)	2023-09-05 15:03:26 +02:00
Rodrigo Arias Mallo	02f40a8217	Add agenix to all nodes	2023-09-04 22:10:43 +02:00
Rodrigo Arias Mallo	77d43b6da9	Add agenix module to ceph	2023-09-04 22:07:07 +02:00
Rodrigo Arias Mallo	ab55aac5ff	Remove old secrets	2023-09-04 22:04:32 +02:00
Rodrigo Arias Mallo	9b5bfbb7a3	Mount /ceph in owl1 and owl2	2023-09-04 22:00:36 +02:00
Rodrigo Arias Mallo	a69a71d1b0	Warn about the owl2 omnipath device	2023-09-04 22:00:17 +02:00
Rodrigo Arias Mallo	98374bd303	Clean owl2 configuration	2023-09-04 21:59:56 +02:00
Rodrigo Arias Mallo	3b6be8a2fc	Move the ceph client config to an external module	2023-09-04 21:59:04 +02:00
Rodrigo Arias Mallo	2bb366b9ac	Reorganize secrets and ssh keys The agenix tools needs to read the secrets from a standalone file, but we also need the same information for the SSH keys.	2023-09-04 21:36:31 +02:00
Rodrigo Arias Mallo	2d16709648	Add anavarro user	2023-09-04 16:00:01 +02:00
Rodrigo Arias Mallo	9344daa31c	Set zsh inc_append_history option	2023-09-03 16:57:53 +02:00
Rodrigo Arias Mallo	80c98041b5	Set zsh shell for rarias	2023-09-03 16:46:27 +02:00
Rodrigo Arias Mallo	3418e57907	Enable zsh and fix key bindings	2023-09-03 16:42:04 +02:00
Rodrigo Arias Mallo	6848b58e39	Keep a log over time with the config commits	2023-09-03 00:02:14 +02:00
Rodrigo Arias Mallo	13a70411aa	Configure bscpkgs.nixpkgs to follow nixpkgs	2023-09-02 23:37:59 +02:00
Rodrigo Arias Mallo	f9c77b433a	Store nixos config in /etc/nixos/config.rev	2023-09-02 23:37:11 +02:00
Rodrigo Arias Mallo	9d487845f6	Enable binary emulation for other architectures	2023-08-31 17:27:08 +02:00
Rodrigo Arias Mallo	3c99c2a662	Enable watchdog	2023-08-30 16:32:17 +02:00
Rodrigo Arias Mallo	7d09108c9f	Enable all osd on boot in lake2	2023-08-30 16:32:17 +02:00
Rodrigo Arias Mallo	0f0a861896	Scrape lake2 too	2023-08-29 12:33:26 +02:00
Rodrigo Arias Mallo	beb0d5940e	Also enable monitoring in lake2	2023-08-29 12:29:41 +02:00
Rodrigo Arias Mallo	70321ce237	Scrape metrics from bay	2023-08-29 11:58:00 +02:00
Rodrigo Arias Mallo	5bd1d67333	Add monitoring in the bay node	2023-08-29 11:53:32 +02:00
Rodrigo Arias Mallo	fad9df61e1	Add fio tool	2023-08-29 11:27:50 +02:00
Rodrigo Arias Mallo	d2a80c8c18	Add ceph tools in hut too	2023-08-28 17:58:21 +02:00
Rodrigo Arias Mallo	599613d139	Switch ceph logs to journal	2023-08-28 17:58:08 +02:00
Rodrigo Arias Mallo	ac4fa9abd4	Update ceph to 18.2.0 in overlay	2023-08-25 18:20:21 +02:00
Rodrigo Arias Mallo	cb3a7b19f7	Move pkgs overlay to overlay.nix	2023-08-25 18:12:00 +02:00
Rodrigo Arias Mallo	f5d6bf627b	Enable ceph osd daemons in lake2	2023-08-25 14:54:51 +02:00
Rodrigo Arias Mallo	f1ce815edd	Add the lake2 hostname to the hosts	2023-08-25 14:44:35 +02:00
Rodrigo Arias Mallo	a2075cfd65	Use the sda for lake2	2023-08-25 13:40:10 +02:00
Rodrigo Arias Mallo	8f1f6f92a8	Remove netboot module	2023-08-25 13:39:01 +02:00
Rodrigo Arias Mallo	3416416864	Disable pixiecore in hut for now	2023-08-25 13:21:00 +02:00
Rodrigo Arias Mallo	815888fb07	Add PXE helper	2023-08-25 12:05:33 +02:00
Rodrigo Arias Mallo	029d9cb1db	Enable netboot again for PXE	2023-08-24 19:08:23 +02:00
Rodrigo Arias Mallo	95fa67ede1	Specify the disk by path	2023-08-24 15:27:37 +02:00
Rodrigo Arias Mallo	a19347161f	Prepare lake2 config after bootstrap The disk ID is different under NixOS.	2023-08-24 13:54:53 +02:00
Rodrigo Arias Mallo	58c1cc1f7c	Add lake2 bootstrap config	2023-08-24 12:30:46 +02:00
Rodrigo Arias Mallo	b06399dc70	Add section to enable serial console	2023-08-24 12:29:44 +02:00
Rodrigo Arias Mallo	077eece6b9	Add agenix to PATH in hut	2023-08-23 17:42:50 +02:00
Rodrigo Arias Mallo	b3ef53de51	Store ceph secret key in age This allows a node to mount the ceph FS without any extra ceph configuration in /etc/ceph.	2023-08-23 17:26:44 +02:00
Rodrigo Arias Mallo	e0852ee89b	Add rarias key for secrets	2023-08-23 17:15:26 +02:00
Rodrigo Arias Mallo	dfffc0bdce	Add ceph metrics to prometheus	2023-08-22 16:33:55 +02:00
Rodrigo Arias Mallo	8257c245b1	Mount the ceph filesystem in hut	2023-08-22 16:15:46 +02:00
Rodrigo Arias Mallo	cd5853cf53	Add ceph config in bay	2023-08-22 15:58:48 +02:00
Rodrigo Arias Mallo	b677b827d4	Add the bay host name	2023-08-22 15:56:09 +02:00
Rodrigo Arias Mallo	b1d5185cca	Remove netboot and fixes	2023-08-22 12:12:15 +02:00
Rodrigo Arias Mallo	a7e66e2246	Add bay node	2023-08-22 12:12:15 +02:00
Rodrigo Arias Mallo	480c97e952	Update flake	2023-08-22 11:28:54 +02:00
Rodrigo Arias Mallo	f8fb5fa4ff	Monitor power from other nodes via LAN	2023-08-22 11:28:54 +02:00
Rodrigo Arias Mallo	acf9b71f04	Increase prometheus retention time to one year	2023-08-22 11:28:54 +02:00
Rodrigo Arias Mallo	bf692e6e4e	Don't set all_proxy	2023-08-22 11:28:54 +02:00
Rodrigo Arias Mallo	c242b65e47	Update nixpkgs to fix docker problem	2023-07-28 14:24:51 +02:00
Rodrigo Arias Mallo	55d6c17776	Allow access to devices for node_exporter	2023-07-28 13:55:35 +02:00
Rodrigo Arias Mallo	14b173f67e	GRUB version no longer needed	2023-07-27 17:22:20 +02:00
Rodrigo Arias Mallo	b9001cdf7d	Upgrade flake: nixpkgs, bscpkgs and agenix	2023-07-27 17:19:17 +02:00
Rodrigo Arias Mallo	f892d43b47	Kill slurmd remaining processes on upgrade	2023-07-27 14:49:20 +02:00
Rodrigo Arias Mallo	d9e9ee6e3a	Add details to request access in the web	2023-07-25 16:07:22 +02:00
Aleix Roca Nonell	79adbe76a8	koro: Add vlopez user	2023-07-21 13:00:43 +02:00
Aleix Roca Nonell	66fb848ba8	Add koro node	2023-07-21 13:00:08 +02:00
Aleix Roca Nonell	40b1a8f0df	eudy: Add fcsv3 and intermediate versions for testing	2023-07-21 11:27:51 +02:00
Aleix Roca Nonell	a0b9d10b14	eudy: Enable memory overcommit	2023-07-21 11:27:51 +02:00
Aleix Roca Nonell	4c309dea2f	eudy: disable all cpu mitigations	2023-07-21 11:27:51 +02:00
Rodrigo Arias Mallo	b3a397eee4	Add jungle.bsc.es hugo website	2023-07-21 10:52:23 +02:00
Rodrigo Arias Mallo	7c1fe1455b	Enable NTP using the BSC time server	2023-06-30 14:02:15 +02:00
Rodrigo Arias Mallo	2d4b178895	Add the ssfhead node as gateway	2023-06-30 14:01:35 +02:00
Rodrigo Arias Mallo	4dd25f2f89	Use our host names first by default	2023-06-23 16:22:18 +02:00
Rodrigo Arias Mallo	6dcd9d8144	Add DNS tools to resolve hosts	2023-06-23 16:15:45 +02:00
Rodrigo Arias Mallo	31be81d2b1	Lower perf_event_paranoid to -1	2023-06-23 16:01:27 +02:00
Rodrigo Arias Mallo	826cfdf43f	Set perf paranoid to 0 by default	2023-06-21 16:24:19 +02:00
Rodrigo Arias Mallo	a1f258c5ce	Add perf to packages	2023-06-21 15:41:06 +02:00
Rodrigo Arias Mallo	1c1d3f3231	Allow srun to specify the cpu binding The task/affinity plugin needs to be selected.	2023-06-21 13:16:23 +02:00
Rodrigo Arias Mallo	623d46c03f	Move authorized keys to users.nix	2023-06-20 14:08:34 +02:00
Rodrigo Arias Mallo	518a4d6af3	Add rpenacob user	2023-06-20 12:54:26 +02:00
Rodrigo Arias Mallo	60077948d6	Add osumb to the system packages	2023-06-16 19:22:41 +02:00
Rodrigo Arias Mallo	c76bfa7f86	flake.lock: Update Flake lock file updates: • Updated input 'bscpkgs': 'git+https://pm.bsc.es/gitlab/rarias/bscpkgs.git?ref=refs%2fheads%2fmaster&rev=c775ee4d6f76aded05b08ae13924c302f18f9b2c' (2023-04-26) → 'git+https://pm.bsc.es/gitlab/rarias/bscpkgs.git?ref=refs%2fheads%2fmaster&rev=cbe9af5d042e9d5585fe2acef65a1347c68b2fbd' (2023-06-16)	2023-06-16 18:33:54 +02:00
Rodrigo Arias Mallo	6c10933e80	Set mpi to mpich by default in bscpkgs	2023-06-16 18:26:51 +02:00
Rodrigo Arias Mallo	6402605b1f	Add missing parameter to extend	2023-06-16 18:26:51 +02:00
Rodrigo Arias Mallo	1724535495	Use explicit order in overlays	2023-06-16 18:26:51 +02:00
Rodrigo Arias Mallo	5b41670f36	Replace mpi inside bsc attribute	2023-06-16 18:26:51 +02:00
Rodrigo Arias Mallo	ab04855382	Add mpich overlay	2023-06-16 18:26:51 +02:00
Rodrigo Arias Mallo	684d5e41c5	Add coments in slurm config	2023-06-16 18:26:50 +02:00
Rodrigo Arias Mallo	316ea18e24	Add eudy host key to known hosts	2023-06-16 17:29:48 +02:00
Rodrigo Arias Mallo	c916157fcc	Rename xeon08 to eudy From Eudyptula, a little penguin.	2023-06-16 17:16:05 +02:00
Rodrigo Arias Mallo	4e9409db10	Update rebuild script for all nodes	2023-06-16 12:13:07 +02:00
Rodrigo Arias Mallo	94320d9256	Add ssh host keys	2023-06-16 12:01:12 +02:00
Rodrigo Arias Mallo	9f5941c2be	Set the name of the slurm cluster to jungle	2023-06-16 12:00:54 +02:00
Rodrigo Arias Mallo	fba0f7b739	Change owl hostnames	2023-06-16 11:42:39 +02:00
Rodrigo Arias Mallo	2e95281af5	Add owl and all partition	2023-06-16 11:34:00 +02:00
Rodrigo Arias Mallo	f4ac9f3186	Simplify flake and expose host pkgs The configuration of the machines is now moved to m/	2023-06-16 11:31:31 +02:00
Rodrigo Arias Mallo	f787343f29	Rename xeon07 to hut	2023-06-14 17:28:40 +02:00
Rodrigo Arias Mallo	70304d26ff	Remove profiles older than 30 days with gc	2023-06-14 17:28:39 +02:00
Rodrigo Arias Mallo	76c10ec22e	Add ncdu to system packages	2023-06-14 17:28:39 +02:00
Aleix Roca Nonell	011e8c2bf8	Move arocanon user from xeon08 to common	2023-06-14 16:22:43 +02:00
Aleix Roca Nonell	c1f138a9c1	xeon08: Add config for kernel non-voluntary preemption	2023-06-14 16:17:33 +02:00
Aleix Roca Nonell	1552eeca12	xeon08: Add perf	2023-06-14 15:42:20 +02:00
Aleix Roca Nonell	8769f3d418	xeon08: Enable lttng lockdep tracepoints	2023-06-14 15:42:20 +02:00
Aleix Roca Nonell	a4c254fcd6	xeon08: Add lttng module and tools	2023-06-14 15:42:20 +02:00
Rodrigo Arias Mallo	24fb1846d2	Serve grafana in https://jungle.bsc.es/grafana	2023-05-31 18:12:14 +02:00
Rodrigo Arias Mallo	5e77d0b86c	Add tree command	2023-05-31 18:11:34 +02:00
Rodrigo Arias Mallo	494fda126c	Add file to system packages	2023-05-31 18:11:34 +02:00
Rodrigo Arias Mallo	5cfa2f9611	Add gnumake to system packages	2023-05-31 18:11:34 +02:00
Rodrigo Arias Mallo	9539a24bdb	Add cmake to system packages	2023-05-31 18:11:34 +02:00
Rodrigo Arias Mallo	98c4d924dd	Add ix to common packages	2023-05-31 18:11:34 +02:00
Aleix Roca Nonell	7aae967c65	Improve documentation	2023-05-26 11:38:27 +02:00
Aleix Roca Nonell	49f7edddac	Add gitignore	2023-05-26 11:38:27 +02:00
Aleix Roca Nonell	2f055d9fc5	Set intel_pstate=passive and disable frequency boost	2023-05-26 11:38:26 +02:00
Aleix Roca Nonell	108abffd2a	Add xeon08 basic config	2023-05-26 11:38:26 +02:00
Aleix Roca Nonell	4c19ad66e3	Add nixos-config.nix to easily enable nix repl	2023-05-26 11:29:59 +02:00
Rodrigo Arias Mallo	19c01aeb1d	Automatically resume restarted nodes in SLURM	2023-05-18 12:48:04 +02:00
Rodrigo Arias Mallo	fc90b40310	Allow public dashboards in grafana	2023-05-09 18:53:31 +02:00
Rodrigo Arias Mallo	81de0effb1	Add hal ssh key	2023-05-09 18:37:38 +02:00
Rodrigo Arias Mallo	5ce93ff85a	Increase the number of CPUs to 56 for nOS-V docker	2023-05-02 17:47:57 +02:00
Rodrigo Arias Mallo	c020b9f5d6	Allow 5 concurrent buils in the gitlab-runner	2023-05-02 17:38:10 +02:00
Rodrigo Arias Mallo	f47734b524	Simplify bash prompt	2023-04-28 18:15:04 +02:00
Rodrigo Arias Mallo	ca3a7d98f5	Roolback to bash as default shell Zsh doesn't behave properly, it needs further configuration.	2023-04-28 17:59:19 +02:00
Rodrigo Arias Mallo	0d5609ecc2	Use pmix by default in slurm	2023-04-28 17:07:48 +02:00
Rodrigo Arias Mallo	818edccb34	Increase locked memory to 1 GiB	2023-04-28 12:34:51 +02:00
Rodrigo Arias Mallo	2815f5bcfd	Use the latest kernel	2023-04-28 11:51:38 +02:00
Rodrigo Arias Mallo	c1bbbd7793	Disable osnoise and hwlat tracer for now Reuse nix cache to avoid rebuilding the kernel.	2023-04-28 11:19:47 +02:00
Rodrigo Arias Mallo	aa1dd14b62	Update nixpkgs to nixos-unstable	2023-04-28 11:18:37 +02:00
Rodrigo Arias Mallo	399103a9b4	Update nixpkgs	2023-04-28 11:13:46 +02:00
Rodrigo Arias Mallo	74639d3ece	Update ib interface name in xeon02 It seems to be plugged in another PCI port	2023-04-27 18:29:32 +02:00
Rodrigo Arias Mallo	613a76ac29	Add steps in install documentation	2023-04-27 17:30:53 +02:00
Rodrigo Arias Mallo	c3ea8864bb	Add minimal netboot module to build kexec image	2023-04-27 16:36:15 +02:00
Rodrigo Arias Mallo	919f211536	Add xeon02 configuration	2023-04-27 16:28:12 +02:00
Rodrigo Arias Mallo	141d77e2b6	Refacto slurm configuration into compute/control	2023-04-27 16:27:04 +02:00
Rodrigo Arias Mallo	44fcb97ec7	Lock flakes and add inputs	2023-04-27 13:52:59 +02:00
Rodrigo Arias Mallo	543983e9f3	Test flakes	2023-04-26 14:27:02 +02:00
Rodrigo Arias	95bbeeb646	Enable slurm in xeon01	2023-04-26 14:10:36 +02:00
Rodrigo Arias	de2af79810	Use xeon07 as control machine	2023-04-26 14:10:36 +02:00
Rodrigo Arias	b9aff1dba5	Remove xeon07 overlay to load upstream slurm	2023-04-26 14:10:36 +02:00
Rodrigo Arias Mallo	7da979bed2	Add script to rebuild configuration	2023-04-26 14:09:23 +02:00
Rodrigo Arias	cfe37640ea	Add configuration for xeon01	2023-04-26 11:44:00 +00:00
Rodrigo Arias	096e407571	Load overlays from /config	2023-04-26 11:44:00 +00:00
Rodrigo Arias	ae31b546e7	Move net.nix to common	2023-04-26 11:44:00 +00:00
Rodrigo Arias	c3a2766bb7	Remove host specific network options from net.nix	2023-04-26 11:44:00 +00:00
Rodrigo Arias	b568bb36d4	Move ssh.nix to common	2023-04-26 11:44:00 +00:00
Rodrigo Arias	55f784e6b7	Move overlays.nix to common	2023-04-26 11:44:00 +00:00
Rodrigo Arias	dfab84b0ba	Move users.nix to common	2023-04-26 11:44:00 +00:00
Rodrigo Arias	8f66ba824a	Move common options from configuration.nix	2023-04-26 11:44:00 +00:00
Rodrigo Arias	79bd4398f3	Move the remaining hw config to common	2023-04-26 11:44:00 +00:00
Rodrigo Arias	b44afdaaa1	Move boot config to common/boot.nix	2023-04-26 11:44:00 +00:00
Rodrigo Arias	9528fab3ef	Move filesystems config to common/fs.nix	2023-04-26 11:44:00 +00:00
Rodrigo Arias	7e82885d84	Use partition labels for / and swap	2023-04-26 11:44:00 +00:00
Rodrigo Arias	57ed0cf319	Move fs.nix to common	2023-04-26 11:44:00 +00:00
Rodrigo Arias	b043ee3b1d	Move boot.nix to common	2023-04-26 11:44:00 +00:00
Rodrigo Arias	9e3bdaabb6	Move disk selection to configuration.nix	2023-04-26 11:44:00 +00:00
Rodrigo Arias	77f72ac939	Add common directory	2023-04-26 11:44:00 +00:00
Rodrigo Arias	fa25a68571	Add server board documentation	2023-04-24 10:10:08 +02:00
Rodrigo Arias	ea0f406849	Add BSC SSF slides	2023-04-24 09:47:11 +02:00
Rodrigo Arias	9df6be1b6b	Add SEL troubleshooting guide	2023-04-21 13:31:11 +02:00
		`@ -0,0 +1 @@`
							`(builtins.getFlake (toString ./.)).nixosConfigurations`