Limit slurm partition users with AllowGroups

Fixes: #245

m/common/base/users.nix

@@ -224,6 +224,8 @@
 
     groups = {
       Computational = { gid = 564; };
+      fox = { gid = 565; };
+      owl = { gid = 566; };
       tracing = { };
     };
   };

m/module/jungle-users.nix

@@ -17,8 +17,13 @@ with lib;
     allowedUser = host: userConf: builtins.elem host userConf.hosts;
     filterUsers = host: users: filterAttrs (n: v: allowedUser host v) users;
     removeHosts = users: mapAttrs (n: v: builtins.removeAttrs v [ "hosts" ]) users;
+    addExtraGroups = mapAttrs (_: user: user // {
+        extraGroups = (user.extraGroups or [ ])
+          ++ (lib.optionals (allowedUser "fox" user) [ "fox" ])
+          ++ (lib.optionals (allowedUser "owl1" user || allowedUser "owl2" user) [ "owl" ]);
+      });
     currentHost = config.networking.hostName;
   in {
-    users.users = removeHosts (filterUsers currentHost config.users.jungleUsers);
+    users.users = removeHosts (addExtraGroups (filterUsers currentHost config.users.jungleUsers));
   };
 }

m/module/slurm-common.nix

@@ -10,8 +10,8 @@
     ];
 
     partitionName = [
-      "owl Nodes=owl[1-2]     Default=YES DefaultTime=01:00:00 MaxTime=INFINITE State=UP"
+      "owl Nodes=owl[1-2]     Default=YES DefaultTime=01:00:00 MaxTime=INFINITE State=UP AllowGroups=wheel,owl"
-      "fox Nodes=fox          Default=NO  DefaultTime=01:00:00 MaxTime=INFINITE State=UP"
+      "fox Nodes=fox          Default=NO  DefaultTime=01:00:00 MaxTime=INFINITE State=UP AllowGroups=wheel,fox"
     ];
 
     # See slurm.conf(5) for more details about these options.