Disable flake LFS

Reviewed-by: Aleix Roca Nonell <aleix.rocanonell@bsc.es>

.gitattributes

@@ -0,0 +1 @@
+*.pdf filter=lfs diff=lfs merge=lfs -text

.gitea/workflows/ci.yaml

@@ -1,20 +0,0 @@
-name: CI
-on:
-  push:
-    branches:
-      - master
-  pull_request:
-    branches:
-      - master
-
-jobs:
-  build:all:
-    runs-on: native
-    steps:
-      - uses: https://gitea.com/ScMi1/checkout@v1.4
-      - run: nix build -L --no-link --print-out-paths .#bsc.ci.all
-  build:cross:
-    runs-on: native
-    steps:
-      - uses: https://gitea.com/ScMi1/checkout@v1.4
-      - run: nix build -L --no-link --print-out-paths .#bsc.ci.cross

.gitignore

@@ -1,3 +1,3 @@
-**.swp
+*.swp
 /result
 /misc

.gitlab-ci.yml

@@ -1,6 +0,0 @@
-build:bsc-ci.all:
-  stage: build
-  tags:
-    - nix
-  script:
-    - nix build -L --no-link --print-out-paths .#bsc-ci.all

COPYING

@@ -1,21 +0,0 @@
-Copyright (c) 2020-2025 Barcelona Supercomputing Center
-Copyright (c) 2003-2020 Eelco Dolstra and the Nixpkgs/NixOS contributors
-
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-"Software"), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

README.md

@@ -1,9 +0,0 @@
-# Jungle
-
-This repository provides two components that can be used independently:
-
-- A Nix overlay with packages used at BSC (formerly known as bscpkgs). Access
-  them directly with `nix shell .#<pkgname>`.
-
-- NixOS configurations for jungle machines. Use `nixos-rebuild switch --flake .`
-  to upgrade the current machine.

default.nix

@@ -1,19 +0,0 @@
-let
-  bscOverlay = import ./overlay.nix;
-
-  # read flake.lock and determine revision from there
-  lock = builtins.fromJSON (builtins.readFile ./flake.lock);
-  inherit (lock.nodes.nixpkgs.locked) rev narHash;
-  fetchedNixpkgs = builtins.fetchTarball {
-    url = "https://github.com/NixOS/nixpkgs/archive/${rev}.tar.gz";
-    sha256 = narHash;
-  };
-in
-{ overlays ? [ ]
-, nixpkgs ? fetchedNixpkgs
-, ...
-}@attrs:
-import nixpkgs (
-  (builtins.removeAttrs attrs [ "overlays" "nixpkgs" ]) //
-  { overlays = [ bscOverlay ] ++ overlays; }
-)

doc/maintainers.md

@@ -1,30 +0,0 @@
-# Maintainers
-
-## Role of a maintainer
-The responsibilities of maintainers are quite lax, and similar in spirit to
-[nixpkgs' maintainers][1]:
-
-    The main responsibility of a maintainer is to keep the packages they
-    maintain in a functioning state, and keep up with updates. In order to do
-    that, they are empowered to make decisions over the packages they maintain.
-
-    That being said, the maintainer is not alone in proposing changes to the
-    packages. Anybody (both bots and humans) can send PRs to bump or tweak the
-    package.
-
-In practice, this means that when updating or proposing changes to a package,
-we will notify maintainers by mentioning them in Gitea so they can test changes
-and give feedback.
-
-Since we do bi-yearly release cycles, there is no expectation from maintainers
-to update packages at each upstream release. Nevertheless, on each release cycle
-we may request help from maintainers when updating or testing their packages.
-
-## Becoming a maintainer
-
-
-You'll have to add yourself in the `maintainers.nix` list; your username should
-match your `bsc.es` email. Then you can add yourself to the `meta.maintainers`
-of any package you are interested in maintaining.
-
-[1]: [https://github.com/NixOS/nixpkgs/tree/nixos-25.05/maintainers]

doc/trim.sh

@@ -1,46 +0,0 @@
-#!/bin/sh
-
-# Trims the jungle repository by moving the website to its own repository and
-# removing it from jungle. It also removes big pdf files and kernel
-# configurations so the jungle repository is small.
-
-set -e
-
-if [ -e oldjungle -o -e newjungle -o -e website ]; then
-  echo "remove oldjungle/, newjungle/ and website/ first"
-  exit 1
-fi
-
-# Clone the old jungle repo
-git clone gitea@tent:rarias/jungle.git oldjungle
-
-# First split the website into a new repository
-mkdir website && git -C website init -b master
-git-filter-repo \
-  --path web \
-  --subdirectory-filter web \
-  --source oldjungle \
-  --target website
-
-# Then remove the website, pdf files and big kernel configs
-mkdir newjungle && git -C newjungle init -b master
-git-filter-repo \
-  --invert-paths \
-  --path web \
-  --path-glob 'doc*.pdf' \
-  --path-glob '**/kernel/configs/lockdep' \
-  --path-glob '**/kernel/configs/defconfig' \
-  --source oldjungle \
-  --target newjungle
-
-set -x
-
-du -sh oldjungle newjungle website
-#  57M  oldjungle
-# 2,3M  newjungle
-# 6,4M  website
-
-du -sh --exclude=.git oldjungle newjungle website
-#  30M  oldjungle
-# 700K  newjungle
-# 3,5M  website

flake.lock

@@ -1,5 +1,91 @@
 {
   "nodes": {
+    "agenix": {
+      "inputs": {
+        "darwin": "darwin",
+        "home-manager": "home-manager",
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1750173260,
+        "narHash": "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=",
+        "owner": "ryantm",
+        "repo": "agenix",
+        "rev": "531beac616433bac6f9e2a19feb8e99a22a66baf",
+        "type": "github"
+      },
+      "original": {
+        "owner": "ryantm",
+        "repo": "agenix",
+        "type": "github"
+      }
+    },
+    "bscpkgs": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1749650500,
+        "narHash": "sha256-2MHfVPV6RA7qPSCtXh4+KK0F0UjN+J4z8//+n6NK7Xs=",
+        "ref": "refs/heads/master",
+        "rev": "9d1944c658929b6f98b3f3803fead4d1b91c4405",
+        "revCount": 961,
+        "type": "git",
+        "url": "https://git.sr.ht/~rodarima/bscpkgs"
+      },
+      "original": {
+        "type": "git",
+        "url": "https://git.sr.ht/~rodarima/bscpkgs"
+      }
+    },
+    "darwin": {
+      "inputs": {
+        "nixpkgs": [
+          "agenix",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1744478979,
+        "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=",
+        "owner": "lnl7",
+        "repo": "nix-darwin",
+        "rev": "43975d782b418ebf4969e9ccba82466728c2851b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "lnl7",
+        "ref": "master",
+        "repo": "nix-darwin",
+        "type": "github"
+      }
+    },
+    "home-manager": {
+      "inputs": {
+        "nixpkgs": [
+          "agenix",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1745494811,
+        "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
     "nixpkgs": {
       "locked": {
         "lastModified": 1752436162,
@@ -18,8 +104,25 @@
     },
     "root": {
       "inputs": {
+        "agenix": "agenix",
+        "bscpkgs": "bscpkgs",
         "nixpkgs": "nixpkgs"
       }
+    },
+    "systems": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
     }
   },
   "root": "root",

flake.nix

@@ -1,22 +1,20 @@
 {
   inputs = {
     nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05";
+    agenix.url = "github:ryantm/agenix";
+    agenix.inputs.nixpkgs.follows = "nixpkgs";
+    bscpkgs.url = "git+https://git.sr.ht/~rodarima/bscpkgs";
+    bscpkgs.inputs.nixpkgs.follows = "nixpkgs";
+    self.lfs = false;
   };
 
-  outputs = { self, nixpkgs, ... }:
+  outputs = { self, nixpkgs, agenix, bscpkgs, ... }:
 let
   mkConf = name: nixpkgs.lib.nixosSystem {
     system = "x86_64-linux";
-    specialArgs = { inherit nixpkgs; theFlake = self; };
+    specialArgs = { inherit nixpkgs bscpkgs agenix; theFlake = self; };
     modules = [ "${self.outPath}/m/${name}/configuration.nix" ];
   };
-  # For now we only support x86
-  system = "x86_64-linux";
-  pkgs = import nixpkgs {
-    inherit system;
-    overlays = [ self.overlays.default ];
-    config.allowUnfree = true;
-  };
 in
   {
     nixosConfigurations = {
@@ -34,19 +32,9 @@ in
       weasel  = mkConf "weasel";
     };
 
-    bscOverlay = import ./overlay.nix;
-    overlays.default = self.bscOverlay;
-
-    # full nixpkgs with our overlay applied
-    legacyPackages.${system} = pkgs;
-
-    hydraJobs = self.legacyPackages.${system}.bsc.hydraJobs;
-
-    # propagate nixpkgs lib, so we can do bscpkgs.lib
-    lib = nixpkgs.lib // {
-      maintainers = nixpkgs.lib.maintainers // {
-        bsc = import ./pkgs/maintainers.nix;
-      };
+    packages.x86_64-linux = self.nixosConfigurations.hut.pkgs // {
+      bscpkgs = bscpkgs.packages.x86_64-linux;
+      nixpkgs = nixpkgs.legacyPackages.x86_64-linux;
     };
   };
 }

keys.nix

@@ -2,22 +2,21 @@
 # here all the public keys
 rec {
   hosts = {
-    hut     = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICO7jIp6JRnRWTMDsTB/aiaICJCl4x8qmKMPSs4lCqP1 hut";
-    owl1    = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMqMEXO0ApVsBA6yjmb0xP2kWyoPDIWxBB0Q3+QbHVhv owl1";
-    owl2    = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHurEYpQzNHqWYF6B9Pd7W8UPgF3BxEg0BvSbsA7BAdK owl2";
-    eudy    = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL+WYPRRvZupqLAG0USKmd/juEPmisyyJaP8hAgYwXsG eudy";
-    koro    = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIImiTFDbxyUYPumvm8C4mEnHfuvtBY1H8undtd6oDd67 koro";
-    bay     = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICvGBzpRQKuQYHdlUQeAk6jmdbkrhmdLwTBqf3el7IgU bay";
-    lake2   = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINo66//S1yatpQHE/BuYD/Gfq64TY7ZN5XOGXmNchiO0 lake2";
-    fox     = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDwItIk5uOJcQEVPoy/CVGRzfmE1ojrdDcI06FrU4NFT fox";
-    tent    = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFAtTpHtdYoelbknD/IcfBlThwLKJv/dSmylOgpg3FRM tent";
-    apex    = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBvUFjSfoxXnKwXhEFXx5ckRKJ0oewJ82mRitSMNMKjh apex";
-    weasel  = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFLJrQ8BF6KcweQV8pLkSbFT+tbDxSG9qxrdQE65zJZp weasel";
-    raccoon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGNQttFvL0dNEyy7klIhLoK4xXOeM2/K9R7lPMTG3qvK raccoon";
+    hut    = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICO7jIp6JRnRWTMDsTB/aiaICJCl4x8qmKMPSs4lCqP1 hut";
+    owl1   = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMqMEXO0ApVsBA6yjmb0xP2kWyoPDIWxBB0Q3+QbHVhv owl1";
+    owl2   = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHurEYpQzNHqWYF6B9Pd7W8UPgF3BxEg0BvSbsA7BAdK owl2";
+    eudy   = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL+WYPRRvZupqLAG0USKmd/juEPmisyyJaP8hAgYwXsG eudy";
+    koro   = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIImiTFDbxyUYPumvm8C4mEnHfuvtBY1H8undtd6oDd67 koro";
+    bay    = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICvGBzpRQKuQYHdlUQeAk6jmdbkrhmdLwTBqf3el7IgU bay";
+    lake2  = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINo66//S1yatpQHE/BuYD/Gfq64TY7ZN5XOGXmNchiO0 lake2";
+    fox    = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDwItIk5uOJcQEVPoy/CVGRzfmE1ojrdDcI06FrU4NFT fox";
+    tent   = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFAtTpHtdYoelbknD/IcfBlThwLKJv/dSmylOgpg3FRM tent";
+    apex   = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBvUFjSfoxXnKwXhEFXx5ckRKJ0oewJ82mRitSMNMKjh apex";
+    weasel = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFLJrQ8BF6KcweQV8pLkSbFT+tbDxSG9qxrdQE65zJZp weasel";
   };
 
   hostGroup = with hosts; rec {
-    compute    = [ owl1 owl2 fox raccoon ];
+    compute    = [ owl1 owl2 fox ];
     playground = [ eudy koro weasel ];
     storage    = [ bay lake2 ];
     monitor    = [ hut ];

m/apex/configuration.nix

@@ -5,7 +5,6 @@
     ../common/xeon.nix
     ../common/ssf/hosts.nix
     ../module/ceph.nix
-    ../module/hut-substituter.nix
     ../module/slurm-server.nix
     ./nfs.nix
     ./wireguard.nix
@@ -57,6 +56,17 @@
     };
   };
 
+  # Use SSH tunnel to reach internal hosts
+  programs.ssh.extraConfig = ''
+    Host bscpm04.bsc.es gitlab-internal.bsc.es knights3.bsc.es
+      ProxyCommand nc -X connect -x localhost:23080 %h %p
+    Host raccoon
+      HostName knights3.bsc.es
+      ProxyCommand nc -X connect -x localhost:23080 %h %p
+    Host tent
+      ProxyJump raccoon
+  '';
+
   networking.firewall = {
     extraCommands = ''
       # Blackhole BSC vulnerability scanner (OpenVAS) as it is spamming our
@@ -66,4 +76,10 @@
       iptables -I nixos-fw 2 -p tcp -s 84.88.52.176 -j nixos-fw-refuse
     '';
   };
+
+  # Use tent for cache
+  nix.settings = {
+    extra-substituters = [ "https://jungle.bsc.es/cache" ];
+    extra-trusted-public-keys = [ "jungle.bsc.es:pEc7MlAT0HEwLQYPtpkPLwRsGf80ZI26aj29zMw/HH0=" ];
+  };
 }

m/apex/wireguard.nix

@@ -18,25 +18,18 @@
       # Public key: VwhcN8vSOzdJEotQTpmPHBC52x3Hbv1lkFIyKubrnUA=
       peers = [
         {
-          name = "fox";
+          name = "Fox";
           publicKey = "VfMPBQLQTKeyXJSwv8wBhc6OV0j2qAxUpX3kLHunK2Y=";
-          allowedIPs = [ "10.106.0.1/32" ];
+          allowedIPs = [ "10.106.0.0/24" ];
           endpoint = "fox.ac.upc.edu:666";
           # Send keepalives every 25 seconds. Important to keep NAT tables alive.
           persistentKeepalive = 25;
         }
-        {
-          name = "raccoon";
-          publicKey = "QUfnGXSMEgu2bviglsaSdCjidB51oEDBFpnSFcKGfDI=";
-          allowedIPs = [ "10.106.0.236/32" "192.168.0.0/16" "10.0.44.0/24" ];
-        }
       ];
     };
   };
 
   networking.hosts = {
     "10.106.0.1" = [ "fox" ];
-    "10.106.0.236" = [ "raccoon" ];
-    "10.0.44.4" = [ "tent" ];
   };
 }

m/bay/configuration.nix

@@ -3,7 +3,6 @@
 {
   imports = [
     ../common/ssf.nix
-    ../module/hut-substituter.nix
     ../module/monitoring.nix
   ];
 

m/common/base.nix

@@ -11,7 +11,6 @@
     ./base/hw.nix
     ./base/net.nix
     ./base/nix.nix
-    ./base/sys-devices.nix
     ./base/ntp.nix
     ./base/rev.nix
     ./base/ssh.nix

m/common/base/agenix.nix

@@ -1,8 +1,9 @@
-{ pkgs, ... }:
+{ agenix, ... }:
 
 {
-  imports = [ ../../module/agenix.nix ];
+  imports = [ agenix.nixosModules.default ];
 
-  # Add agenix to system packages
-  environment.systemPackages = [ pkgs.agenix ];
+  environment.systemPackages = [
+    agenix.packages.x86_64-linux.default
+  ];
 }

m/common/base/env.nix

@@ -4,7 +4,7 @@
   environment.systemPackages = with pkgs; [
     vim wget git htop tmux pciutils tcpdump ripgrep nix-index nixos-option
     nix-diff ipmitool freeipmi ethtool lm_sensors cmake gnumake file tree
-    ncdu config.boot.kernelPackages.perf ldns pv
+    ncdu config.boot.kernelPackages.perf ldns pv git-lfs
     # From bsckgs overlay
     osumb
   ];

m/common/base/net.nix

@@ -15,9 +15,8 @@
 
     hosts = {
       "84.88.53.236" = [ "ssfhead.bsc.es" "ssfhead" ];
+      "84.88.51.152" = [ "raccoon" ];
       "84.88.51.142" = [ "raccoon-ipmi" ];
-      "192.168.11.12" = [ "bscpm04.bsc.es" ];
-      "192.168.11.15" = [ "gitlab-internal.bsc.es" ];
     };
   };
 }

m/common/base/nix.nix

@@ -1,8 +1,9 @@
-{ pkgs, nixpkgs, theFlake,  ... }:
+{ pkgs, nixpkgs, bscpkgs, theFlake,  ... }:
 
 {
   nixpkgs.overlays = [
-    (import ../../../overlay.nix)
+    bscpkgs.bscOverlay
+    (import ../../../pkgs/overlay.nix)
   ];
 
   nixpkgs.config.allowUnfree = true;

m/common/base/sys-devices.nix

@@ -1,9 +0,0 @@
-{
-  nix.settings.system-features = [ "sys-devices" ];
-
-  programs.nix-required-mounts.enable = true;
-  programs.nix-required-mounts.allowedPatterns.sys-devices.paths = [
-    "/sys/devices/system/cpu"
-    "/sys/devices/system/node"
-  ];
-}

m/common/base/users.nix

@@ -156,43 +156,18 @@
       };
 
       csiringo = {
+        # Arbitrary UID but large so it doesn't collide with other users on ssfhead.
         uid = 9653;
         isNormalUser = true;
         home = "/home/Computational/csiringo";
         description = "Cesare Siringo";
         group = "Computational";
-        hosts = [ ];
+        hosts = [ "apex" "weasel" ];
         hashedPassword = "$6$0IsZlju8jFukLlAw$VKm0FUXbS.mVmPm3rcJeizTNU4IM5Nmmy21BvzFL.cQwvlGwFI1YWRQm6gsbd4nbg47mPDvYkr/ar0SlgF6GO1";
         openssh.authorizedKeys.keys = [
           "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHA65zvvG50iuFEMf+guRwZB65jlGXfGLF4HO+THFaed csiringo@bsc.es"
         ];
       };
-
-      acinca = {
-        uid = 9654;
-        isNormalUser = true;
-        home = "/home/Computational/acinca";
-        description = "Arnau Cinca";
-        group = "Computational";
-        hosts = [ "apex" "hut" "fox" "owl1" "owl2" ];
-        hashedPassword = "$6$S6PUeRpdzYlidxzI$szyvWejQ4hEN76yBYhp1diVO5ew1FFg.cz4lKiXt2Idy4XdpifwrFTCIzLTs5dvYlR62m7ekA5MrhcVxR5F/q/";
-        openssh.authorizedKeys.keys = [
-          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFmMqKqPg4uocNOr3O41kLbZMOMJn3m2ZdN1JvTR96z3 bsccns@arnau-bsc"
-        ];
-      };
-
-      aaguirre = {
-        uid = 9655;
-        isNormalUser = true;
-        home = "/home/Computational/aaguirre";
-        description = "Alejandro Aguirre";
-        group = "Computational";
-        hosts = [ "apex" "hut" ];
-        hashedPassword = "$6$TXRXQT6jjBvxkxU6$E.sh5KspAm1qeG5Ct7OPHpo8REmbGDwjFGvqeGgTVz3GASGOAnPL7UMZsMAsAKBoahOw.v8LNno6XGrTEPzZH1";
-        openssh.authorizedKeys.keys = [
-          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOlRX7ZCnqtUJYCxKgWmgSrFCYuA2LHY96rVwqxXPl86 aaguirre@BSC-8488184117"
-        ];
-      };
     };
 
     groups = {

m/common/ssf.nix

@@ -4,7 +4,7 @@
     ./xeon.nix
     ./ssf/fs.nix
     ./ssf/hosts.nix
-    ./ssf/hosts-remote.nix
     ./ssf/net.nix
+    ./ssf/ssh.nix
   ];
 }

m/common/ssf/hosts-remote.nix

@@ -1,9 +0,0 @@
-{ pkgs, ... }:
-
-{
-  networking.hosts = {
-    # Remote hosts visible from compute nodes
-    "10.106.0.236" = [ "raccoon" ];
-    "10.0.44.4" = [ "tent" ];
-  };
-}

m/common/ssf/ssh.nix

@@ -0,0 +1,16 @@
+{
+  # Use SSH tunnel to apex to reach internal hosts
+  programs.ssh.extraConfig = ''
+    Host tent
+      ProxyJump raccoon
+
+    # Access raccoon via the HTTP proxy
+    Host raccoon knights3.bsc.es
+      HostName knights3.bsc.es
+      ProxyCommand=ssh apex 'nc -X connect -x localhost:23080 %h %p'
+
+    # Make sure we can reach gitlab even if we don't have SSH access to raccoon
+    Host bscpm04.bsc.es gitlab-internal.bsc.es
+      ProxyCommand=ssh apex 'nc -X connect -x localhost:23080 %h %p'
+  '';
+}

m/eudy/configuration.nix

@@ -9,7 +9,6 @@
     ./cpufreq.nix
     ./fs.nix
     ./users.nix
-    ../module/hut-substituter.nix
     ../module/debuginfod.nix
   ];
 

m/fox/configuration.nix

@@ -4,11 +4,9 @@
   imports = [
     ../common/base.nix
     ../common/xeon/console.nix
-    ../module/amd-uprof.nix
     ../module/emulation.nix
     ../module/nvidia.nix
     ../module/slurm-client.nix
-    ../module/hut-substituter.nix
     ./wireguard.nix
   ];
 
@@ -23,7 +21,7 @@
   swapDevices = lib.mkForce [];
 
   boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
-  boot.kernelModules = [ "kvm-amd" "amd_uncore" "amd_hsmp" ];
+  boot.kernelModules = [ "kvm-amd" "amd_uncore" ];
 
   hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
   hardware.cpu.intel.updateMicrocode = lib.mkForce false;
@@ -31,21 +29,26 @@
   # Use performance for benchmarks
   powerManagement.cpuFreqGovernor = "performance";
 
-  services.amd-uprof.enable = true;
-
   # Disable NUMA balancing
   boot.kernel.sysctl."kernel.numa_balancing" = 0;
 
   # Expose kernel addresses
   boot.kernel.sysctl."kernel.kptr_restrict" = 0;
 
-  # Disable NMI watchdog to save one hw counter (for AMD uProf)
-  boot.kernel.sysctl."kernel.nmi_watchdog" = 0;
-
   services.openssh.settings.X11Forwarding = true;
 
   services.fail2ban.enable = true;
 
+  # Use SSH tunnel to reach internal hosts
+  programs.ssh.extraConfig = ''
+    Host bscpm04.bsc.es gitlab-internal.bsc.es tent
+      ProxyJump raccoon
+    Host raccoon
+      ProxyJump apex
+      HostName 127.0.0.1
+      Port 22022
+  '';
+
   networking = {
     timeServers = [ "ntp1.upc.edu" "ntp2.upc.edu" ];
     hostName = "fox";
@@ -63,6 +66,12 @@
     interfaces.enp1s0f0np0.useDHCP = true;
   };
 
+  # Use hut for cache
+  nix.settings = {
+    extra-substituters = [ "https://jungle.bsc.es/cache" ];
+    extra-trusted-public-keys = [ "jungle.bsc.es:pEc7MlAT0HEwLQYPtpkPLwRsGf80ZI26aj29zMw/HH0=" ];
+  };
+
   # Recommended for new graphics cards
   hardware.nvidia.open = true;
 

m/fox/wireguard.nix

@@ -23,16 +23,11 @@
 
       peers = [
         # List of allowed peers.
-        {
-          name = "apex";
+        { 
+          name = "Apex";
           publicKey = "VwhcN8vSOzdJEotQTpmPHBC52x3Hbv1lkFIyKubrnUA=";
           # List of IPs assigned to this peer within the tunnel subnet. Used to configure routing.
-          allowedIPs = [ "10.106.0.30/32" "10.0.40.7/32" ];
-        }
-        {
-          name = "raccoon";
-          publicKey = "QUfnGXSMEgu2bviglsaSdCjidB51oEDBFpnSFcKGfDI=";
-          allowedIPs = [ "10.106.0.236/32" "192.168.0.0/16" "10.0.44.0/24" ];
+          allowedIPs = [ "10.106.0.30/32" ];
         }
       ];
     };
@@ -40,9 +35,6 @@
 
   networking.hosts = {
     "10.106.0.30" = [ "apex" ];
-    "10.0.40.7" = [ "hut" ];
-    "10.106.0.236" = [ "raccoon" ];
-    "10.0.44.4" = [ "tent" ];
   };
 
   networking.firewall = {

m/hut/nginx.nix

@@ -2,13 +2,10 @@
 let
   website = pkgs.stdenv.mkDerivation {
     name = "jungle-web";
-    src = pkgs.fetchgit {
-      url = "https://jungle.bsc.es/git/rarias/jungle-website.git";
-      rev = "52abaf4d71652a9ef77a0b098db14ca33bffff4c";
-      hash = "sha256-/ul9GazbOrOkmlvSgDz/+2W+V+ir5725Y7mVLc3rb0M=";
-    };
+    src = theFlake;
     buildInputs = [ pkgs.hugo ];
     buildPhase = ''
+      cd web
       rm -rf public/
       hugo
     '';

m/lake2/configuration.nix

@@ -4,7 +4,6 @@
   imports = [
     ../common/ssf.nix
     ../module/monitoring.nix
-    ../module/hut-substituter.nix
   ];
 
   boot.loader.grub.device = "/dev/disk/by-id/wwn-0x55cd2e414d53563a";

m/module/agenix.nix

@@ -1,357 +0,0 @@
-{
-  config,
-  options,
-  lib,
-  pkgs,
-  ...
-}:
-with lib;
-let
-  cfg = config.age;
-
-  isDarwin = lib.attrsets.hasAttrByPath [ "environment" "darwinConfig" ] options;
-
-  ageBin = config.age.ageBin;
-
-  users = config.users.users;
-
-  sysusersEnabled =
-    if isDarwin then
-      false
-    else
-      options.systemd ? sysusers && (config.systemd.sysusers.enable || config.services.userborn.enable);
-
-  mountCommand =
-    if isDarwin then
-      ''
-        if ! diskutil info "${cfg.secretsMountPoint}" &> /dev/null; then
-            num_sectors=1048576
-            dev=$(hdiutil attach -nomount ram://"$num_sectors" | sed 's/[[:space:]]*$//')
-            newfs_hfs -v agenix "$dev"
-            mount -t hfs -o nobrowse,nodev,nosuid,-m=0751 "$dev" "${cfg.secretsMountPoint}"
-        fi
-      ''
-    else
-      ''
-        grep -q "${cfg.secretsMountPoint} ramfs" /proc/mounts ||
-          mount -t ramfs none "${cfg.secretsMountPoint}" -o nodev,nosuid,mode=0751
-      '';
-  newGeneration = ''
-    _agenix_generation="$(basename "$(readlink ${cfg.secretsDir})" || echo 0)"
-    (( ++_agenix_generation ))
-    echo "[agenix] creating new generation in ${cfg.secretsMountPoint}/$_agenix_generation"
-    mkdir -p "${cfg.secretsMountPoint}"
-    chmod 0751 "${cfg.secretsMountPoint}"
-    ${mountCommand}
-    mkdir -p "${cfg.secretsMountPoint}/$_agenix_generation"
-    chmod 0751 "${cfg.secretsMountPoint}/$_agenix_generation"
-  '';
-
-  chownGroup = if isDarwin then "admin" else "keys";
-  # chown the secrets mountpoint and the current generation to the keys group
-  # instead of leaving it root:root.
-  chownMountPoint = ''
-    chown :${chownGroup} "${cfg.secretsMountPoint}" "${cfg.secretsMountPoint}/$_agenix_generation"
-  '';
-
-  setTruePath = secretType: ''
-    ${
-      if secretType.symlink then
-        ''
-          _truePath="${cfg.secretsMountPoint}/$_agenix_generation/${secretType.name}"
-        ''
-      else
-        ''
-          _truePath="${secretType.path}"
-        ''
-    }
-  '';
-
-  installSecret = secretType: ''
-    ${setTruePath secretType}
-    echo "decrypting '${secretType.file}' to '$_truePath'..."
-    TMP_FILE="$_truePath.tmp"
-
-    IDENTITIES=()
-    for identity in ${toString cfg.identityPaths}; do
-      test -r "$identity" || continue
-      test -s "$identity" || continue
-      IDENTITIES+=(-i)
-      IDENTITIES+=("$identity")
-    done
-
-    test "''${#IDENTITIES[@]}" -eq 0 && echo "[agenix] WARNING: no readable identities found!"
-
-    mkdir -p "$(dirname "$_truePath")"
-    [ "${secretType.path}" != "${cfg.secretsDir}/${secretType.name}" ] && mkdir -p "$(dirname "${secretType.path}")"
-    (
-      umask u=r,g=,o=
-      test -f "${secretType.file}" || echo '[agenix] WARNING: encrypted file ${secretType.file} does not exist!'
-      test -d "$(dirname "$TMP_FILE")" || echo "[agenix] WARNING: $(dirname "$TMP_FILE") does not exist!"
-      LANG=${
-        config.i18n.defaultLocale or "C"
-      } ${ageBin} --decrypt "''${IDENTITIES[@]}" -o "$TMP_FILE" "${secretType.file}"
-    )
-    chmod ${secretType.mode} "$TMP_FILE"
-    mv -f "$TMP_FILE" "$_truePath"
-
-    ${optionalString secretType.symlink ''
-      [ "${secretType.path}" != "${cfg.secretsDir}/${secretType.name}" ] && ln -sfT "${cfg.secretsDir}/${secretType.name}" "${secretType.path}"
-    ''}
-  '';
-
-  testIdentities = map (path: ''
-    test -f ${path} || echo '[agenix] WARNING: config.age.identityPaths entry ${path} not present!'
-  '') cfg.identityPaths;
-
-  cleanupAndLink = ''
-    _agenix_generation="$(basename "$(readlink ${cfg.secretsDir})" || echo 0)"
-    (( ++_agenix_generation ))
-    echo "[agenix] symlinking new secrets to ${cfg.secretsDir} (generation $_agenix_generation)..."
-    ln -sfT "${cfg.secretsMountPoint}/$_agenix_generation" ${cfg.secretsDir}
-
-    (( _agenix_generation > 1 )) && {
-    echo "[agenix] removing old secrets (generation $(( _agenix_generation - 1 )))..."
-    rm -rf "${cfg.secretsMountPoint}/$(( _agenix_generation - 1 ))"
-    }
-  '';
-
-  installSecrets = builtins.concatStringsSep "\n" (
-    [ "echo '[agenix] decrypting secrets...'" ]
-    ++ testIdentities
-    ++ (map installSecret (builtins.attrValues cfg.secrets))
-    ++ [ cleanupAndLink ]
-  );
-
-  chownSecret = secretType: ''
-    ${setTruePath secretType}
-    chown ${secretType.owner}:${secretType.group} "$_truePath"
-  '';
-
-  chownSecrets = builtins.concatStringsSep "\n" (
-    [ "echo '[agenix] chowning...'" ]
-    ++ [ chownMountPoint ]
-    ++ (map chownSecret (builtins.attrValues cfg.secrets))
-  );
-
-  secretType = types.submodule (
-    { config, ... }:
-    {
-      options = {
-        name = mkOption {
-          type = types.str;
-          default = config._module.args.name;
-          defaultText = literalExpression "config._module.args.name";
-          description = ''
-            Name of the file used in {option}`age.secretsDir`
-          '';
-        };
-        file = mkOption {
-          type = types.path;
-          description = ''
-            Age file the secret is loaded from.
-          '';
-        };
-        path = mkOption {
-          type = types.str;
-          default = "${cfg.secretsDir}/${config.name}";
-          defaultText = literalExpression ''
-            "''${cfg.secretsDir}/''${config.name}"
-          '';
-          description = ''
-            Path where the decrypted secret is installed.
-          '';
-        };
-        mode = mkOption {
-          type = types.str;
-          default = "0400";
-          description = ''
-            Permissions mode of the decrypted secret in a format understood by chmod.
-          '';
-        };
-        owner = mkOption {
-          type = types.str;
-          default = "0";
-          description = ''
-            User of the decrypted secret.
-          '';
-        };
-        group = mkOption {
-          type = types.str;
-          default = users.${config.owner}.group or "0";
-          defaultText = literalExpression ''
-            users.''${config.owner}.group or "0"
-          '';
-          description = ''
-            Group of the decrypted secret.
-          '';
-        };
-        symlink = mkEnableOption "symlinking secrets to their destination" // {
-          default = true;
-        };
-      };
-    }
-  );
-in
-{
-  imports = [
-    (mkRenamedOptionModule [ "age" "sshKeyPaths" ] [ "age" "identityPaths" ])
-  ];
-
-  options.age = {
-    ageBin = mkOption {
-      type = types.str;
-      default = "${pkgs.age}/bin/age";
-      defaultText = literalExpression ''
-        "''${pkgs.age}/bin/age"
-      '';
-      description = ''
-        The age executable to use.
-      '';
-    };
-    secrets = mkOption {
-      type = types.attrsOf secretType;
-      default = { };
-      description = ''
-        Attrset of secrets.
-      '';
-    };
-    secretsDir = mkOption {
-      type = types.path;
-      default = "/run/agenix";
-      description = ''
-        Folder where secrets are symlinked to
-      '';
-    };
-    secretsMountPoint = mkOption {
-      type =
-        types.addCheck types.str (
-          s:
-          (builtins.match "[ \t\n]*" s) == null # non-empty
-          && (builtins.match ".+/" s) == null
-        ) # without trailing slash
-        // {
-          description = "${types.str.description} (with check: non-empty without trailing slash)";
-        };
-      default = "/run/agenix.d";
-      description = ''
-        Where secrets are created before they are symlinked to {option}`age.secretsDir`
-      '';
-    };
-    identityPaths = mkOption {
-      type = types.listOf types.path;
-      default =
-        if isDarwin then
-          [
-            "/etc/ssh/ssh_host_ed25519_key"
-            "/etc/ssh/ssh_host_rsa_key"
-          ]
-        else if (config.services.openssh.enable or false) then
-          map (e: e.path) (
-            lib.filter (e: e.type == "rsa" || e.type == "ed25519") config.services.openssh.hostKeys
-          )
-        else
-          [ ];
-      defaultText = literalExpression ''
-        if isDarwin
-        then [
-          "/etc/ssh/ssh_host_ed25519_key"
-          "/etc/ssh/ssh_host_rsa_key"
-        ]
-        else if (config.services.openssh.enable or false)
-        then map (e: e.path) (lib.filter (e: e.type == "rsa" || e.type == "ed25519") config.services.openssh.hostKeys)
-        else [];
-      '';
-      description = ''
-        Path to SSH keys to be used as identities in age decryption.
-      '';
-    };
-  };
-
-  config = mkIf (cfg.secrets != { }) (mkMerge [
-    {
-      assertions = [
-        {
-          assertion = cfg.identityPaths != [ ];
-          message = "age.identityPaths must be set, for example by enabling openssh.";
-        }
-      ];
-    }
-    (optionalAttrs (!isDarwin) {
-      # When using sysusers we no longer be started as an activation script
-      # because those are started in initrd while sysusers is started later.
-      systemd.services.agenix-install-secrets = mkIf sysusersEnabled {
-        wantedBy = [ "sysinit.target" ];
-        after = [ "systemd-sysusers.service" ];
-        unitConfig.DefaultDependencies = "no";
-
-        path = [ pkgs.mount ];
-        serviceConfig = {
-          Type = "oneshot";
-          ExecStart = pkgs.writeShellScript "agenix-install" (concatLines [
-            newGeneration
-            installSecrets
-            chownSecrets
-          ]);
-          RemainAfterExit = true;
-        };
-      };
-
-      # Create a new directory full of secrets for symlinking (this helps
-      # ensure removed secrets are actually removed, or at least become
-      # invalid symlinks).
-      system.activationScripts = mkIf (!sysusersEnabled) {
-        agenixNewGeneration = {
-          text = newGeneration;
-          deps = [
-            "specialfs"
-          ];
-        };
-
-        agenixInstall = {
-          text = installSecrets;
-          deps = [
-            "agenixNewGeneration"
-            "specialfs"
-          ];
-        };
-
-        # So user passwords can be encrypted.
-        users.deps = [ "agenixInstall" ];
-
-        # Change ownership and group after users and groups are made.
-        agenixChown = {
-          text = chownSecrets;
-          deps = [
-            "users"
-            "groups"
-          ];
-        };
-
-        # So other activation scripts can depend on agenix being done.
-        agenix = {
-          text = "";
-          deps = [ "agenixChown" ];
-        };
-      };
-    })
-
-    (optionalAttrs isDarwin {
-      launchd.daemons.activate-agenix = {
-        script = ''
-          set -e
-          set -o pipefail
-          export PATH="${pkgs.gnugrep}/bin:${pkgs.coreutils}/bin:@out@/sw/bin:/usr/bin:/bin:/usr/sbin:/sbin"
-          ${newGeneration}
-          ${installSecrets}
-          ${chownSecrets}
-          exit 0
-        '';
-        serviceConfig = {
-          RunAtLoad = true;
-          KeepAlive.SuccessfulExit = false;
-        };
-      };
-    })
-  ]);
-}

m/module/amd-uprof.nix

@@ -1,49 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{
-  options = {
-    services.amd-uprof = {
-      enable = lib.mkOption {
-        type = lib.types.bool;
-        default = false;
-        description = "Whether to enable AMD uProf.";
-      };
-    };
-  };
-
-  # Only setup amd-uprof if enabled
-  config = lib.mkIf config.services.amd-uprof.enable {
-
-    # First make sure that we add the module to the list of available modules
-    # in the kernel matching the same kernel version of this configuration.
-    boot.extraModulePackages = with config.boot.kernelPackages; [ amd-uprof-driver ];
-    boot.kernelModules = [ "AMDPowerProfiler" ];
-
-    # Make the userspace tools available in $PATH.
-    environment.systemPackages = with pkgs; [ amd-uprof ];
-
-    # The AMDPowerProfiler module doesn't create the /dev device nor it emits
-    # any uevents, so we cannot use udev rules to automatically create the
-    # device. Instead, we run a systemd unit that does it after loading the
-    # modules.
-    systemd.services.amd-uprof-device = {
-      description = "Create /dev/AMDPowerProfiler device";
-      after = [ "systemd-modules-load.service" ];
-      wantedBy = [ "multi-user.target" ];
-      unitConfig.ConditionPathExists = [
-          "/proc/AMDPowerProfiler/device"
-          "!/dev/AMDPowerProfiler"
-      ];
-      serviceConfig = {
-        Type = "oneshot";
-        RemainAfterExit = true;
-        ExecStart = pkgs.writeShellScript "add-amd-uprof-dev.sh" ''
-          mknod /dev/AMDPowerProfiler -m 666 c $(< /proc/AMDPowerProfiler/device) 0
-        '';
-        ExecStop = pkgs.writeShellScript "remove-amd-uprof-dev.sh" ''
-          rm -f /dev/AMDPowerProfiler
-        '';
-      };
-    };
-  };
-}

m/module/hut-substituter.nix

@@ -6,8 +6,5 @@
     {
       extra-substituters = [ "http://hut/cache" ];
       extra-trusted-public-keys = [ "jungle.bsc.es:pEc7MlAT0HEwLQYPtpkPLwRsGf80ZI26aj29zMw/HH0=" ];
-
-      # Set a low timeout in case hut is down
-      connect-timeout = 3; # seconds
     };
 }

m/module/slurm-client.nix

@@ -12,12 +12,6 @@
     # https://github.com/NixOS/nixpkgs/commit/ae93ed0f0d4e7be0a286d1fca86446318c0c6ffb
     # https://bugs.schedmd.com/show_bug.cgi?id=2095#c24
     KillMode = lib.mkForce "control-group";
-
-    # If slurmd fails to contact the control server it will fail, causing the
-    # node to remain out of service until manually restarted. Always try to
-    # restart it.
-    Restart = "always";
-    RestartSec = "30s";
   };
 
   services.slurm.client.enable = true;

m/module/ssh-hut-extern.nix

@@ -0,0 +1,8 @@
+{
+  programs.ssh.extraConfig = ''
+    Host apex ssfhead
+      HostName ssflogin.bsc.es
+    Host hut
+      ProxyJump apex
+  '';
+}

m/raccoon/configuration.nix

@@ -3,13 +3,11 @@
 {
   imports = [
     ../common/base.nix
-    ../common/ssf/hosts.nix
     ../module/emulation.nix
     ../module/debuginfod.nix
+    ../module/ssh-hut-extern.nix
     ../module/nvidia.nix
     ../eudy/kernel/perf.nix
-    ./wireguard.nix
-    ../module/hut-substituter.nix
   ];
 
   # Don't install Grub on the disk yet
@@ -45,11 +43,9 @@
     };
   };
 
-  # Mount the NFS home
-  fileSystems."/nfs/home" = {
-    device = "10.106.0.30:/home";
-    fsType = "nfs";
-    options = [ "nfsvers=3" "rsize=1024" "wsize=1024" "cto" "nofail" ];
+  nix.settings = {
+    extra-substituters = [ "https://jungle.bsc.es/cache" ];
+    extra-trusted-public-keys = [ "jungle.bsc.es:pEc7MlAT0HEwLQYPtpkPLwRsGf80ZI26aj29zMw/HH0=" ];
   };
 
   # Enable performance governor

m/raccoon/wireguard.nix

@@ -1,48 +0,0 @@
-{ config, pkgs, ... }:
-
-{
-  networking.nat = {
-    enable = true;
-    enableIPv6 = false;
-    externalInterface = "eno0";
-    internalInterfaces = [ "wg0" ];
-  };
-
-  networking.firewall = {
-    allowedUDPPorts = [ 666 ];
-  };
-
-  age.secrets.wgRaccoon.file = ../../secrets/wg-raccoon.age;
-
-  # Enable WireGuard
-  networking.wireguard.enable = true;
-  networking.wireguard.interfaces = {
-    wg0 = {
-      ips = [ "10.106.0.236/24" ];
-      listenPort = 666;
-      privateKeyFile = config.age.secrets.wgRaccoon.path;
-      # Public key: QUfnGXSMEgu2bviglsaSdCjidB51oEDBFpnSFcKGfDI=
-      peers = [
-        {
-          name = "fox";
-          publicKey = "VfMPBQLQTKeyXJSwv8wBhc6OV0j2qAxUpX3kLHunK2Y=";
-          allowedIPs = [ "10.106.0.1/32" ];
-          endpoint = "fox.ac.upc.edu:666";
-          persistentKeepalive = 25;
-        }
-        {
-          name = "apex";
-          publicKey = "VwhcN8vSOzdJEotQTpmPHBC52x3Hbv1lkFIyKubrnUA=";
-          allowedIPs = [ "10.106.0.30/32" "10.0.40.0/24" ];
-          endpoint = "ssfhead.bsc.es:666";
-          persistentKeepalive = 25;
-        }
-      ];
-    };
-  };
-
-  networking.hosts = {
-    "10.106.0.1"  = [ "fox.wg" ];
-    "10.106.0.30" = [ "apex.wg" ];
-  };
-}

m/tent/configuration.nix

@@ -3,9 +3,9 @@
 {
   imports = [
     ../common/xeon.nix
-    ../common/ssf/hosts.nix
     ../module/emulation.nix
     ../module/debuginfod.nix
+    ../module/ssh-hut-extern.nix
     ./monitoring.nix
     ./nginx.nix
     ./nix-serve.nix
@@ -15,7 +15,6 @@
     ../hut/msmtp.nix
     ../module/p.nix
     ../module/vpn-dac.nix
-    ../module/hut-substituter.nix
   ];
 
   # Select the this using the ID to avoid mismatches
@@ -36,7 +35,6 @@
     defaultGateway = "10.0.44.1";
     hosts = {
       "84.88.53.236" = [ "apex" ];
-      "10.0.44.1" = [ "raccoon" ];
     };
   };
 

m/tent/gitea.nix

@@ -26,5 +26,7 @@
         SENDMAIL_ARGS = "--";
       };
     };
+
+    lfs.enable = true;
   };
 }

m/tent/nginx.nix

@@ -2,13 +2,10 @@
 let
   website = pkgs.stdenv.mkDerivation {
     name = "jungle-web";
-    src = pkgs.fetchgit {
-      url = "https://jungle.bsc.es/git/rarias/jungle-website.git";
-      rev = "52abaf4d71652a9ef77a0b098db14ca33bffff4c";
-      hash = "sha256-/ul9GazbOrOkmlvSgDz/+2W+V+ir5725Y7mVLc3rb0M=";
-    };
+    src = theFlake;
     buildInputs = [ pkgs.hugo ];
     buildPhase = ''
+      cd web
       rm -rf public/
       hugo
     '';
@@ -42,6 +39,7 @@ in
           rewrite ^/git/(.*) /$1 break;
           proxy_pass http://127.0.0.1:3000;
           proxy_redirect http:// $scheme://;
+          client_max_body_size 64M;
         }
         location /cache {
           rewrite ^/cache/(.*) /$1 break;
@@ -70,9 +68,6 @@ in
         location /p/ {
           alias /var/lib/p/;
         }
-        location /pub/ {
-          alias /vault/pub/;
-        }
       '';
     };
   };

m/weasel/configuration.nix

@@ -3,7 +3,6 @@
 {
   imports = [
     ../common/ssf.nix
-    ../module/hut-substituter.nix
   ];
 
   # Select this using the ID to avoid mismatches

overlay.nix

@@ -1,157 +0,0 @@
-final: /* Future last stage */
-prev:  /* Previous stage */
-
-with final.lib;
-
-let
-  callPackage = final.callPackage;
-
-  bscPkgs = {
-    agenix = prev.callPackage ./pkgs/agenix/default.nix { };
-    amd-uprof = prev.callPackage ./pkgs/amd-uprof/default.nix { };
-    bench6 = callPackage ./pkgs/bench6/default.nix { };
-    bigotes = callPackage ./pkgs/bigotes/default.nix { };
-    clangOmpss2 = callPackage ./pkgs/llvm-ompss2/default.nix { };
-    clangOmpss2Nanos6 = callPackage ./pkgs/llvm-ompss2/default.nix { ompss2rt = final.nanos6; };
-    clangOmpss2Nodes = callPackage ./pkgs/llvm-ompss2/default.nix { ompss2rt = final.nodes; openmp = final.openmp; };
-    clangOmpss2NodesOmpv = callPackage ./pkgs/llvm-ompss2/default.nix { ompss2rt = final.nodes; openmp = final.openmpv; };
-    clangOmpss2Unwrapped = callPackage ./pkgs/llvm-ompss2/clang.nix { };
-    cudainfo = prev.callPackage ./pkgs/cudainfo/default.nix { };
-    #extrae = callPackage ./pkgs/extrae/default.nix { }; # Broken and outdated
-    gpi-2 = callPackage ./pkgs/gpi-2/default.nix { };
-    intelPackages_2023 = callPackage ./pkgs/intel-oneapi/2023.nix { };
-    jemallocNanos6 = callPackage ./pkgs/nanos6/jemalloc.nix { };
-    # FIXME: Extend this to all linuxPackages variants. Open problem, see:
-    # https://discourse.nixos.org/t/whats-the-right-way-to-make-a-custom-kernel-module-available/4636
-    linuxPackages = prev.linuxPackages.extend (_final: _prev: {
-      amd-uprof-driver = _prev.callPackage ./pkgs/amd-uprof/driver.nix { };
-    });
-    linuxPackages_latest = prev.linuxPackages_latest.extend(_final: _prev: {
-      amd-uprof-driver = _prev.callPackage ./pkgs/amd-uprof/driver.nix { };
-    });
-    lmbench = callPackage ./pkgs/lmbench/default.nix { };
-    mcxx = callPackage ./pkgs/mcxx/default.nix { };
-    meteocat-exporter = prev.callPackage ./pkgs/meteocat-exporter/default.nix { };
-    mpi = final.mpich; # Set MPICH as default
-    mpich = callPackage ./pkgs/mpich/default.nix { mpich = prev.mpich; };
-    nanos6 = callPackage ./pkgs/nanos6/default.nix { };
-    nanos6Debug = final.nanos6.override { enableDebug = true; };
-    nixtools = callPackage ./pkgs/nixtools/default.nix { };
-    # Broken because of pkgsStatic.libcap
-    # See: https://github.com/NixOS/nixpkgs/pull/268791
-    #nix-wrap = callPackage ./pkgs/nix-wrap/default.nix { };
-    nodes = callPackage ./pkgs/nodes/default.nix { };
-    nosv = callPackage ./pkgs/nosv/default.nix { };
-    openmp = callPackage ./pkgs/llvm-ompss2/openmp.nix { monorepoSrc = final.clangOmpss2Unwrapped.src; version = final.clangOmpss2Unwrapped.version; };
-    openmpv = final.openmp.override { enableNosv = true; enableOvni = true; };
-    osumb = callPackage ./pkgs/osu/default.nix { };
-    ovni = callPackage ./pkgs/ovni/default.nix { };
-    ovniGit = final.ovni.override { useGit = true; };
-    paraverKernel = callPackage ./pkgs/paraver/kernel.nix { };
-    prometheus-slurm-exporter = prev.callPackage ./pkgs/slurm-exporter/default.nix { };
-    #pscom = callPackage ./pkgs/parastation/pscom.nix { }; # Unmaintaned
-    #psmpi = callPackage ./pkgs/parastation/psmpi.nix { }; # Unmaintaned
-    sonar = callPackage ./pkgs/sonar/default.nix { };
-    stdenvClangOmpss2 = final.stdenv.override { cc = final.clangOmpss2; allowedRequisites = null; };
-    stdenvClangOmpss2Nanos6 = final.stdenv.override { cc = final.clangOmpss2Nanos6; allowedRequisites = null; };
-    stdenvClangOmpss2Nodes = final.stdenv.override { cc = final.clangOmpss2Nodes; allowedRequisites = null; };
-    stdenvClangOmpss2NodesOmpv = final.stdenv.override { cc = final.clangOmpss2NodesOmpv; allowedRequisites = null; };
-    tagaspi = callPackage ./pkgs/tagaspi/default.nix { };
-    tampi = callPackage ./pkgs/tampi/default.nix { };
-    upc-qaire-exporter = prev.callPackage ./pkgs/upc-qaire-exporter/default.nix { };
-    wxparaver = callPackage ./pkgs/paraver/default.nix { };
-  };
-
-  tests = rec {
-    hwloc = callPackage ./test/bugs/hwloc.nix { };
-    #sigsegv = callPackage ./test/reproducers/sigsegv.nix { };
-    hello-c = callPackage ./test/compilers/hello-c.nix { };
-    hello-cpp = callPackage ./test/compilers/hello-cpp.nix { };
-    lto = callPackage ./test/compilers/lto.nix { };
-    asan = callPackage ./test/compilers/asan.nix { };
-    intel2023-icx-c   = hello-c.override   { stdenv = final.intelPackages_2023.stdenv; };
-    intel2023-icc-c   = hello-c.override   { stdenv = final.intelPackages_2023.stdenv-icc; };
-    intel2023-icx-cpp = hello-cpp.override { stdenv = final.intelPackages_2023.stdenv; };
-    intel2023-icc-cpp = hello-cpp.override { stdenv = final.intelPackages_2023.stdenv-icc; };
-    intel2023-ifort   = callPackage ./test/compilers/hello-f.nix {
-      stdenv = final.intelPackages_2023.stdenv-ifort;
-    };
-    clangOmpss2-lto   = lto.override       { stdenv = final.stdenvClangOmpss2Nanos6; };
-    clangOmpss2-asan  = asan.override      { stdenv = final.stdenvClangOmpss2Nanos6; };
-    clangOmpss2-task  = callPackage ./test/compilers/ompss2.nix {
-      stdenv = final.stdenvClangOmpss2Nanos6;
-    };
-    clangNodes-task = callPackage ./test/compilers/ompss2.nix {
-      stdenv = final.stdenvClangOmpss2Nodes;
-    };
-    clangNosvOpenmp-task = callPackage ./test/compilers/clang-openmp.nix {
-      stdenv = final.stdenvClangOmpss2Nodes;
-    };
-    clangNosvOmpv-nosv = callPackage ./test/compilers/clang-openmp-nosv.nix {
-      stdenv = final.stdenvClangOmpss2NodesOmpv;
-    };
-    clangNosvOmpv-ld = callPackage ./test/compilers/clang-openmp-ld.nix {
-      stdenv = final.stdenvClangOmpss2NodesOmpv;
-    };
-  };
-
-  # For now, only build toplevel packages in CI/Hydra
-  pkgsTopLevel = filterAttrs (_: isDerivation) bscPkgs;
-
-  # Native build in that platform doesn't imply cross build works
-  canCrossCompile = platform: pkg:
-    (isDerivation pkg) &&
-    # Must be defined explicitly
-    (pkg.meta.cross or false) &&
-    (meta.availableOn platform pkg);
-
-  # For now only RISC-V
-  crossSet = { riscv64 = final.pkgsCross.riscv64.bsc.pkgsTopLevel; };
-
-  buildList = name: paths:
-    final.runCommandLocal name { } ''
-      printf '%s\n' ${toString paths} | tee $out
-    '';
-
-  buildList' = name: paths:
-    final.runCommandLocal name { } ''
-      deps="${toString paths}"
-      cat $deps
-      printf '%s\n' $deps >$out
-    '';
-
-  pkgsList = buildList "ci-pkgs" (builtins.attrValues pkgsTopLevel);
-  testsList = buildList "ci-tests" (collect isDerivation tests);
-  allList = buildList' "ci-all" [ pkgsList testsList ];
-  # For now only RISC-V
-  crossList = buildList "ci-cross"
-    (filter
-      (canCrossCompile final.pkgsCross.riscv64.stdenv.hostPlatform)
-        (builtins.attrValues crossSet.riscv64));
-
-in bscPkgs // {
-
-  lib = prev.lib // {
-    maintainers = prev.lib.maintainers // {
-      bsc = import ./pkgs/maintainers.nix;
-    };
-  };
-
-  # Prevent accidental usage of bsc-ci attribute
-  bsc-ci = throw "the bsc-ci attribute is deprecated, use bsc.ci";
-
-  # Internal for our CI tests
-  bsc = {
-    # CI targets for nix build
-    ci = { pkgs = pkgsList; tests = testsList; all = allList; cross = crossList; };
-
-    # Direct access to package sets
-    tests = tests;
-    pkgs = bscPkgs;
-    pkgsTopLevel = pkgsTopLevel;
-    cross = crossSet;
-
-    # Hydra uses attribute sets of pkgs
-    hydraJobs = { tests = tests; pkgs = pkgsTopLevel; cross = crossSet; };
-  };
-}

pkgs/agenix/agenix.sh

@@ -1,212 +0,0 @@
-#!/usr/bin/env bash
-set -Eeuo pipefail
-
-PACKAGE="agenix"
-
-function show_help () {
-  echo "$PACKAGE - edit and rekey age secret files"
-  echo " "
-  echo "$PACKAGE -e FILE [-i PRIVATE_KEY]"
-  echo "$PACKAGE -r [-i PRIVATE_KEY]"
-  echo ' '
-  echo 'options:'
-  echo '-h, --help                show help'
-  # shellcheck disable=SC2016
-  echo '-e, --edit FILE           edits FILE using $EDITOR'
-  echo '-r, --rekey               re-encrypts all secrets with specified recipients'
-  echo '-d, --decrypt FILE        decrypts FILE to STDOUT'
-  echo '-i, --identity            identity to use when decrypting'
-  echo '-v, --verbose             verbose output'
-  echo ' '
-  echo 'FILE an age-encrypted file'
-  echo ' '
-  echo 'PRIVATE_KEY a path to a private SSH key used to decrypt file'
-  echo ' '
-  echo 'EDITOR environment variable of editor to use when editing FILE'
-  echo ' '
-  echo 'If STDIN is not interactive, EDITOR will be set to "cp /dev/stdin"'
-  echo ' '
-  echo 'RULES environment variable with path to Nix file specifying recipient public keys.'
-  echo "Defaults to './secrets.nix'"
-  echo ' '
-  echo "agenix version: @version@"
-  echo "age binary path: @ageBin@"
-  echo "age version: $(@ageBin@ --version)"
-}
-
-function warn() {
-  printf '%s\n' "$*" >&2
-}
-
-function err() {
-  warn "$*"
-  exit 1
-}
-
-test $# -eq 0 && (show_help && exit 1)
-
-REKEY=0
-DECRYPT_ONLY=0
-DEFAULT_DECRYPT=(--decrypt)
-
-while test $# -gt 0; do
-  case "$1" in
-    -h|--help)
-      show_help
-      exit 0
-      ;;
-    -e|--edit)
-      shift
-      if test $# -gt 0; then
-        export FILE=$1
-      else
-        echo "no FILE specified"
-        exit 1
-      fi
-      shift
-      ;;
-    -i|--identity)
-      shift
-      if test $# -gt 0; then
-        DEFAULT_DECRYPT+=(--identity "$1")
-      else
-        echo "no PRIVATE_KEY specified"
-        exit 1
-      fi
-      shift
-      ;;
-    -r|--rekey)
-      shift
-      REKEY=1
-      ;;
-    -d|--decrypt)
-      shift
-      DECRYPT_ONLY=1
-      if test $# -gt 0; then
-        export FILE=$1
-      else
-        echo "no FILE specified"
-        exit 1
-      fi
-      shift
-      ;;
-    -v|--verbose)
-      shift
-      set -x
-      ;;
-    *)
-      show_help
-      exit 1
-      ;;
-  esac
-done
-
-RULES=${RULES:-./secrets.nix}
-function cleanup {
-    if [ -n "${CLEARTEXT_DIR+x}" ]
-    then
-        rm -rf -- "$CLEARTEXT_DIR"
-    fi
-    if [ -n "${REENCRYPTED_DIR+x}" ]
-    then
-        rm -rf -- "$REENCRYPTED_DIR"
-    fi
-}
-trap "cleanup" 0 2 3 15
-
-function keys {
-    (@nixInstantiate@ --json --eval --strict -E "(let rules = import $RULES; in rules.\"$1\".publicKeys)" | @jqBin@ -r .[]) || exit 1
-}
-
-function armor {
-    (@nixInstantiate@ --json --eval --strict -E "(let rules = import $RULES; in (builtins.hasAttr \"armor\" rules.\"$1\" && rules.\"$1\".armor))") || exit 1
-}
-
-function decrypt {
-    FILE=$1
-    KEYS=$2
-    if [ -z "$KEYS" ]
-    then
-        err "There is no rule for $FILE in $RULES."
-    fi
-
-    if [ -f "$FILE" ]
-    then
-        DECRYPT=("${DEFAULT_DECRYPT[@]}")
-        if [[ "${DECRYPT[*]}" != *"--identity"* ]]; then
-            if [ -f "$HOME/.ssh/id_rsa" ]; then
-                DECRYPT+=(--identity "$HOME/.ssh/id_rsa")
-            fi
-            if [ -f "$HOME/.ssh/id_ed25519" ]; then
-                DECRYPT+=(--identity "$HOME/.ssh/id_ed25519")
-            fi
-        fi
-        if [[ "${DECRYPT[*]}" != *"--identity"* ]]; then
-          err "No identity found to decrypt $FILE. Try adding an SSH key at $HOME/.ssh/id_rsa or $HOME/.ssh/id_ed25519 or using the --identity flag to specify a file."
-        fi
-
-        @ageBin@ "${DECRYPT[@]}" -- "$FILE" || exit 1
-    fi
-}
-
-function edit {
-    FILE=$1
-    KEYS=$(keys "$FILE") || exit 1
-    ARMOR=$(armor "$FILE") || exit 1
-
-    CLEARTEXT_DIR=$(@mktempBin@ -d)
-    CLEARTEXT_FILE="$CLEARTEXT_DIR/$(basename -- "$FILE")"
-    DEFAULT_DECRYPT+=(-o "$CLEARTEXT_FILE")
-
-    decrypt "$FILE" "$KEYS" || exit 1
-
-    [ ! -f "$CLEARTEXT_FILE" ] || cp -- "$CLEARTEXT_FILE" "$CLEARTEXT_FILE.before"
-
-    [ -t 0 ] || EDITOR='cp -- /dev/stdin'
-
-    $EDITOR "$CLEARTEXT_FILE"
-
-    if [ ! -f "$CLEARTEXT_FILE" ]
-    then
-      warn "$FILE wasn't created."
-      return
-    fi
-    [ -f "$FILE" ] && [ "$EDITOR" != ":" ] && @diffBin@ -q -- "$CLEARTEXT_FILE.before" "$CLEARTEXT_FILE" && warn "$FILE wasn't changed, skipping re-encryption." && return
-
-    ENCRYPT=()
-    if [[ "$ARMOR" == "true" ]]; then
-        ENCRYPT+=(--armor)
-    fi
-    while IFS= read -r key
-    do
-        if [ -n "$key" ]; then
-            ENCRYPT+=(--recipient "$key")
-        fi
-    done <<< "$KEYS"
-
-    REENCRYPTED_DIR=$(@mktempBin@ -d)
-    REENCRYPTED_FILE="$REENCRYPTED_DIR/$(basename -- "$FILE")"
-
-    ENCRYPT+=(-o "$REENCRYPTED_FILE")
-
-    @ageBin@ "${ENCRYPT[@]}" <"$CLEARTEXT_FILE" || exit 1
-
-    mkdir -p -- "$(dirname -- "$FILE")"
-
-    mv -f -- "$REENCRYPTED_FILE" "$FILE"
-}
-
-function rekey {
-    FILES=$( (@nixInstantiate@ --json --eval -E "(let rules = import $RULES; in builtins.attrNames rules)"  | @jqBin@ -r .[]) || exit 1)
-
-    for FILE in $FILES
-    do
-        warn "rekeying $FILE..."
-        EDITOR=: edit "$FILE"
-        cleanup
-    done
-}
-
-[ $REKEY -eq 1 ] && rekey && exit 0
-[ $DECRYPT_ONLY -eq 1 ] && DEFAULT_DECRYPT+=("-o" "-") && decrypt "${FILE}" "$(keys "$FILE")" && exit 0
-edit "$FILE" && cleanup && exit 0

pkgs/agenix/default.nix

@@ -1,66 +0,0 @@
-{
-  lib,
-  stdenv,
-  age,
-  jq,
-  nix,
-  mktemp,
-  diffutils,
-  replaceVars,
-  ageBin ? "${age}/bin/age",
-  shellcheck,
-}:
-let
-  bin = "${placeholder "out"}/bin/agenix";
-in
-stdenv.mkDerivation rec {
-  pname = "agenix";
-  version = "0.15.0";
-  src = replaceVars ./agenix.sh {
-    inherit ageBin version;
-    jqBin = "${jq}/bin/jq";
-    nixInstantiate = "${nix}/bin/nix-instantiate";
-    mktempBin = "${mktemp}/bin/mktemp";
-    diffBin = "${diffutils}/bin/diff";
-  };
-  dontUnpack = true;
-  doInstallCheck = true;
-  installCheckInputs = [ shellcheck ];
-  postInstallCheck = ''
-    shellcheck ${bin}
-    ${bin} -h | grep ${version}
-
-    test_tmp=$(mktemp -d 2>/dev/null || mktemp -d -t 'mytmpdir')
-    export HOME="$test_tmp/home"
-    export NIX_STORE_DIR="$test_tmp/nix/store"
-    export NIX_STATE_DIR="$test_tmp/nix/var"
-    mkdir -p "$HOME" "$NIX_STORE_DIR" "$NIX_STATE_DIR"
-    function cleanup {
-      rm -rf "$test_tmp"
-    }
-    trap "cleanup" 0 2 3 15
-
-    mkdir -p $HOME/.ssh
-    cp -r "${./example}" $HOME/secrets
-    chmod -R u+rw $HOME/secrets
-    (
-    umask u=rw,g=r,o=r
-    cp ${./example_keys/user1.pub} $HOME/.ssh/id_ed25519.pub
-    chown $UID $HOME/.ssh/id_ed25519.pub
-    )
-    (
-    umask u=rw,g=,o=
-    cp ${./example_keys/user1} $HOME/.ssh/id_ed25519
-    chown $UID $HOME/.ssh/id_ed25519
-    )
-
-    cd $HOME/secrets
-    test $(${bin} -d secret1.age) = "hello"
-  '';
-
-  installPhase = ''
-    install -D $src ${bin}
-  '';
-
-  meta.description = "age-encrypted secrets for NixOS";
-}

pkgs/agenix/example/-leading-hyphen-filename.age

@@ -1,7 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 V3XmEA zirqdzZZ1E+sedBn7fbEHq4ntLEkokZ4GctarBBOHXY
-Rvs5YHaAUeCZyNwPedubPcHClWYIuXXWA5zadXPWY6w
--> ssh-ed25519 KLPP8w BVp4rDkOYSQyn8oVeHFeinSqW+pdVtxBF9+5VM1yORY
-bMwppAi8Nhz0328taU4AzUkTVyWtSLvFZG6c5W/Fs78
---- xCbqLhXAcOziO2wmbjTiSQfZvt5Rlsc4SCvF+iEzpQA
-ôKB£î/²ZÅÈrÙ%
¾à4¡´—Mq5×Ô_ÌÂÝ’‹†ã„Ò11ܨqM;& ¢‡LríÂÒføû”]>N

pkgs/agenix/example/armored-secret.age

@@ -1,7 +0,0 @@
------BEGIN AGE ENCRYPTED FILE-----
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFYzWG1FQSBpZkZW
-aFpLNnJxc0VUMHRmZ2dZS0pjMGVENnR3OHd5K0RiT1RjRUhibFZBCnN5UG5vUjA3
-SXpsNGtiVUw4T0tIVFo5Wkk5QS9NQlBndzVvektiQ0ozc0kKLS0tIGxyY1Q4dEZ1
-VGZEanJyTFNta2JNRmpZb2FnK2JyS1hSVml1UGdMNWZKQXMKYla+wTXcRedyZoEb
-LVWaSx49WoUTU0KBPJg9RArxaeC23GoCDzR/aM/1DvYU
------END AGE ENCRYPTED FILE-----

pkgs/agenix/example/passwordfile-user1.age

@@ -1,9 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 KLPP8w s1DYZRlZuSsyhmZCF1lFB+E9vB8bZ/+ZhBRlx8nprwE
-nmYVCsVBrX2CFXXPU+D+bbkkIe/foofp+xoUrg9DHZw
--> ssh-ed25519 V3XmEA Pwv3oCwcY0DX8rY48UNfsj9RumWsn4dbgorYHCwObgI
-FKxRYkL3JHtJxUwymWDF0rAtJ33BivDI6IfPsfumM90
--> V'v(/u$-grease em/Vgf 2qDuk
-7I3iiQLPGi1COML9u/JeYkr7EqbSLoU
---- 57WJRigUGtmcObrssS3s4PvmR8wgh1AOC/ijJn1s3xI
-<EFBFBD>'K©Æ·Y&‘7GÆOÝòFj
±kÆXç«BnuJöê:9Ê(’ÙÏX¬#¼AíÄÞÃÚ§j’,ê_ÈþÝ?ÝZ“¥vœ¹V’96]oks~%£c	Îe^CÅ%JQ5€<H¢z}îCý,°pŒ¿*!W§§ÈA±º­Ò…dC¼K)¿¢-žy

pkgs/agenix/example/secret2.age

@@ -1,5 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 V3XmEA OB4+1FbPhQ3r6iGksM7peWX5it8NClpXIq/o5nnP7GA
-FmHVUj+A5i5+bDFgySQskmlvynnosJiWUTJmBRiNA9I
---- tP+3mFVtd7ogVu1Lkboh55zoi5a77Ht08Uc/QuIviv4
-¤¬Xæ{”ïOŠ£èätMXxÔvÓª(¬IÁmyPÇï¸è+3²S3i

pkgs/agenix/example/secrets.nix

@@ -1,23 +0,0 @@
-let
-  user1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL0idNvgGiucWgup/mP78zyC23uFjYq0evcWdjGQUaBH";
-  system1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPJDyIr/FSz1cJdcoW69R+NrWzwGK/+3gJpqD1t8L2zE";
-in
-{
-  "secret1.age".publicKeys = [
-    user1
-    system1
-  ];
-  "secret2.age".publicKeys = [ user1 ];
-  "passwordfile-user1.age".publicKeys = [
-    user1
-    system1
-  ];
-  "-leading-hyphen-filename.age".publicKeys = [
-    user1
-    system1
-  ];
-  "armored-secret.age" = {
-    publicKeys = [ user1 ];
-    armor = true;
-  };
-}

pkgs/agenix/example_keys/system1

@@ -1,7 +0,0 @@
------BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
-QyNTUxOQAAACDyQ8iK/xUs9XCXXKFuvUfja1s8Biv/t4Caag9bfC9sxAAAAJA3yvCWN8rw
-lgAAAAtzc2gtZWQyNTUxOQAAACDyQ8iK/xUs9XCXXKFuvUfja1s8Biv/t4Caag9bfC9sxA
-AAAEA+J2V6AG1NriAIvnNKRauIEh1JE9HSdhvKJ68a5Fm0w/JDyIr/FSz1cJdcoW69R+Nr
-WzwGK/+3gJpqD1t8L2zEAAAADHJ5YW50bUBob21lMQE=
------END OPENSSH PRIVATE KEY-----

pkgs/agenix/example_keys/system1.pub

@@ -1 +0,0 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPJDyIr/FSz1cJdcoW69R+NrWzwGK/+3gJpqD1t8L2zE

pkgs/agenix/example_keys/user1

@@ -1,7 +0,0 @@
------BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
-QyNTUxOQAAACC9InTb4BornFoLqf5j+/M8gtt7hY2KtHr3FnYxkFGgRwAAAJC2JJ8htiSf
-IQAAAAtzc2gtZWQyNTUxOQAAACC9InTb4BornFoLqf5j+/M8gtt7hY2KtHr3FnYxkFGgRw
-AAAEDxt5gC/s53IxiKAjfZJVCCcFIsdeERdIgbYhLO719+Kb0idNvgGiucWgup/mP78zyC
-23uFjYq0evcWdjGQUaBHAAAADHJ5YW50bUBob21lMQE=
------END OPENSSH PRIVATE KEY-----

pkgs/agenix/example_keys/user1.pub

@@ -1 +0,0 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL0idNvgGiucWgup/mP78zyC23uFjYq0evcWdjGQUaBH

pkgs/agenix/update.sh

@@ -1,23 +0,0 @@
-#!/bin/sh
-
-set -e
-
-# All operations are done relative to root
-GITROOT=$(git rev-parse --show-toplevel)
-cd "$GITROOT"
-
-REVISION=${1:-main}
-
-TMPCLONE=$(mktemp -d)
-trap "rm -rf ${TMPCLONE}" EXIT
-
-git clone https://github.com/ryantm/agenix.git --revision="$REVISION" "$TMPCLONE" --depth=1
-
-cp "${TMPCLONE}/pkgs/agenix.sh" pkgs/agenix/agenix.sh
-cp "${TMPCLONE}/pkgs/agenix.nix" pkgs/agenix/default.nix
-sed -i 's#../example#./example#' pkgs/agenix/default.nix
-
-cp "${TMPCLONE}/example/"* pkgs/agenix/example/
-cp "${TMPCLONE}/example_keys/"* pkgs/agenix/example_keys/
-
-cp "${TMPCLONE}/modules/age.nix" m/module/agenix.nix

pkgs/amd-uprof/default.nix

@@ -1,98 +0,0 @@
-{ stdenv
-, lib
-, curl
-, cacert
-, runCommandLocal
-, autoPatchelfHook
-, elfutils
-, glib
-, libGL
-, ncurses5
-, xorg
-, zlib
-, libxkbcommon
-, freetype
-, fontconfig
-, libGLU
-, dbus
-, rocmPackages
-, libxcrypt-legacy
-, numactl
-, radare2
-}:
-
-let
-  version = "5.1.701";
-  tarball = "AMDuProf_Linux_x64_${version}.tar.bz2";
-
-  # NOTE: Remember to update the radare2 patch below if AMDuProfPcm changes.
-  uprofSrc = runCommandLocal tarball {
-    nativeBuildInputs = [ curl ];
-    outputHash = "sha256-j9gxcBcIg6Zhc5FglUXf/VV9bKSo+PAKeootbN7ggYk=";
-    SSL_CERT_FILE="${cacert}/etc/ssl/certs/ca-bundle.crt";
-  } ''
-    curl \
-    -o $out \
-    'https://download.amd.com/developer/eula/uprof/uprof-5-1/${tarball}' \
-    -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:139.0) Gecko/20100101 Firefox/139.0' \
-    -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' \
-    -H 'Accept-Language: en-US,en;q=0.5' \
-    -H 'Accept-Encoding: gzip, deflate, br, zstd' \
-    -H 'Referer: https://www.amd.com/' 2>&1 | tr '\r' '\n'
-  '';
-
-in
-  stdenv.mkDerivation {
-    pname = "AMD-uProf";
-    inherit version;
-    src = uprofSrc;
-    dontStrip = true;
-    phases = [ "installPhase" "fixupPhase" ];
-    nativeBuildInputs = [ autoPatchelfHook radare2 ];
-    buildInputs = [
-      stdenv.cc.cc.lib
-      ncurses5
-      elfutils
-      glib
-      libGL
-      libGLU
-      libxcrypt-legacy
-      xorg.libX11
-      xorg.libXext
-      xorg.libXi
-      xorg.libXmu
-      xorg.libxcb
-      xorg.xcbutilwm
-      xorg.xcbutilrenderutil
-      xorg.xcbutilkeysyms
-      xorg.xcbutilimage
-      fontconfig.lib
-      libxkbcommon
-      zlib
-      freetype
-      dbus
-      rocmPackages.rocprofiler
-      numactl
-    ];
-    installPhase = ''
-      set -x
-      mkdir -p $out
-      tar -x -v -C $out --strip-components=1 -f $src
-      rm $out/bin/AMDPowerProfilerDriverSource.tar.gz
-      patchelf --replace-needed libroctracer64.so.1 libroctracer64.so $out/bin/ProfileAgents/x64/libAMDGpuAgent.so
-      patchelf --add-needed libcrypt.so.1 --add-needed libstdc++.so.6 $out/bin/AMDuProfSys
-      echo "16334a51fcc48668307ad94e20482ca4  $out/bin/AMDuProfPcm" | md5sum -c -
-      radare2 -w -q -i ${./libnuma.r2} $out/bin/AMDuProfPcm
-      patchelf --add-needed libnuma.so $out/bin/AMDuProfPcm
-      set +x
-    '';
-
-    meta = {
-      description = "Performance analysis tool-suite for x86 based applications";
-      homepage = "https://www.amd.com/es/developer/uprof.html";
-      platforms = lib.platforms.linux;
-      license = lib.licenses.unfree;
-      maintainers = with lib.maintainers.bsc; [ rarias varcila ];
-    };
-
-  }

pkgs/amd-uprof/driver.nix

@@ -1,35 +0,0 @@
-{ stdenv
-, lib
-, amd-uprof
-, kernel
-, runCommandLocal
-}:
-
-let
-  version = amd-uprof.version;
-  tarball = amd-uprof.src;
-in stdenv.mkDerivation {
-  pname = "AMDPowerProfilerDriver";
-  inherit version;
-  src = runCommandLocal "AMDPowerProfilerDriverSource.tar.gz" { } ''
-    set -x
-    tar -x -f ${tarball} AMDuProf_Linux_x64_${version}/bin/AMDPowerProfilerDriverSource.tar.gz
-    mv AMDuProf_Linux_x64_${version}/bin/AMDPowerProfilerDriverSource.tar.gz $out
-    set +x
-  '';
-  hardeningDisable = [ "pic" "format" ];
-  nativeBuildInputs = kernel.moduleBuildDependencies;
-  patches = [ ./makefile.patch ./hrtimer.patch ];
-  makeFlags = [
-    "KERNEL_VERSION=${kernel.modDirVersion}"
-    "KERNEL_DIR=${kernel.dev}/lib/modules/${kernel.modDirVersion}/build"
-    "INSTALL_MOD_PATH=$(out)"
-  ];
-  meta = {
-    description = "AMD Power Profiler Driver";
-    homepage = "https://www.amd.com/es/developer/uprof.html";
-    platforms = lib.platforms.linux;
-    license = lib.licenses.unfree;
-    maintainers = with lib.maintainers.bsc; [ rarias varcila ];
-  };
-}

pkgs/amd-uprof/hrtimer.patch

@@ -1,31 +0,0 @@
---- a/src/PmcTimerConfig.c	2025-09-04 12:17:16.771707049 +0200
-+++ b/src/PmcTimerConfig.c	2025-09-04 12:17:04.878515468 +0200
-@@ -99,7 +99,7 @@ static void PmcInitTimer(void* pInfo)
- 
-     DRVPRINT("pTimerConfig(%p)", pTimerConfig);
- 
--    hrtimer_init(&pTimerConfig->m_hrTimer, CLOCK_MONOTONIC, HRTIMER_MODE_REL_PINNED);
-+    hrtimer_setup(&pTimerConfig->m_hrTimer, PmcTimerCallback, CLOCK_MONOTONIC, HRTIMER_MODE_REL_PINNED);
- }
- 
- int PmcSetupTimer(ClientContext* pClientCtx)
-@@ -157,7 +157,6 @@ int PmcSetupTimer(ClientContext* pClient
-                 {
-                     /* Interval in ms */
-                     pTimerConfig->m_time = ktime_set(interval / 1000, interval * 1000000);
--                    pTimerConfig->m_hrTimer.function = PmcTimerCallback;
- 
-                     DRVPRINT("retVal(%d) m_time(%lld)", retVal, (long long int) pTimerConfig->m_time);
-                 }
---- a/src/PwrProfTimer.c	2025-09-04 12:18:08.750544327 +0200
-+++ b/src/PwrProfTimer.c	2025-09-04 12:18:28.557863382 +0200
-@@ -573,8 +573,7 @@ void InitHrTimer(uint32 cpu)
-     pCoreClientData = &per_cpu(g_coreClientData, cpu);
- 
-     // initialize HR timer
--    hrtimer_init(&pCoreClientData->m_hrTimer, CLOCK_MONOTONIC, HRTIMER_MODE_REL_PINNED);
--    pCoreClientData->m_hrTimer.function = &HrTimerCallback;
-+    hrtimer_setup(&pCoreClientData->m_hrTimer, &HrTimerCallback, CLOCK_MONOTONIC, HRTIMER_MODE_REL_PINNED);
- 
-     return;
- } // InitHrTimer

pkgs/amd-uprof/libnuma.r2

@@ -1,10 +0,0 @@
-# Patch arguments to call sym std::string::find(char const*, unsigned long, unsigned long)
-# so it matches NixOS:
-#
-# Change OS name to NixOS
-wz NixOS @ 0x00550a43
-# And set the length to 5 characters
-wa mov ecx, 5 @0x00517930
-#
-# Then change the argument to dlopen() so it only uses libnuma.so
-wz libnuma.so @ 0x00562940

pkgs/amd-uprof/makefile.patch

@@ -1,66 +0,0 @@
---- a/Makefile	2025-06-19 20:36:49.346693267 +0200
-+++ b/Makefile	2025-06-19 20:42:29.778088660 +0200
-@@ -27,7 +27,7 @@ MODULE_VERSION=$(shell cat AMDPowerProfi
- MODULE_NAME_KO=$(MODULE_NAME).ko
- 
- # check is module inserted
--MODPROBE_OUTPUT=$(shell lsmod | grep $(MODULE_NAME))
-+#MODPROBE_OUTPUT=$(shell lsmod | grep $(MODULE_NAME))
- 
- # check pcore dkms status
- PCORE_DKMS_STATUS=$(shell dkms status | grep $(MODULE_NAME) | grep $(MODULE_VERSION))
-@@ -50,7 +50,7 @@ endif
- # “-Wno-missing-attributes” is added for GCC version >= 9.0 and kernel version <= 5.00
- G_VERSION=9
- K_VERSION=5
--KERNEL_MAJOR_VERSION=$(shell uname -r | cut -f1 -d.)
-+KERNEL_MAJOR_VERSION=$(shell echo "$(KERNEL_VERSION)" | cut -f1 -d.)
- GCCVERSION = $(shell gcc -dumpversion | cut -f1 -d.)
- ifeq ($(G_VERSION),$(firstword $(sort $(GCCVERSION) $(G_VERSION))))
- 	ifeq ($(K_VERSION),$(lastword $(sort $(KERNEL_MAJOR_VERSION) $(K_VERSION))))
-@@ -66,17 +66,7 @@ ${MODULE_NAME}-objs :=  src/PmcDataBuffe
- 
- # make
- all:
--	@chmod a+x ./AMDPPcert.sh
--	@./AMDPPcert.sh 0 1; echo $$? > $(PWD)/sign_status;
--	@SIGSTATUS1=`cat $(PWD)/sign_status | tr -d '\n'`; \
--                if [ $$SIGSTATUS1 -eq 1 ]; then \
--			exit 1; \
--		fi
--	@make -C /lib/modules/$(KERNEL_VERSION)/build M=$(PWD) $(MAKE_OPTS) EXTRA_CFLAGS="$(EXTRA_CFLAGS)" modules
--	@SIGSTATUS3=`cat $(PWD)/sign_status | tr -d '\n'`; \
--                if [ $$SIGSTATUS3 -eq 0 ]; then \
--			./AMDPPcert.sh 1 $(MODULE_NAME_KO); \
--		fi
-+	make -C $(KERNEL_DIR) M=$(PWD) $(MAKE_OPTS) CFLAGS_MODULE="$(EXTRA_CFLAGS)" modules
- 
- # make clean
- clean:
-@@ -84,23 +74,9 @@ clean:
- 
- # make install
- install:
--	@mkdir -p /lib/modules/`uname -r`/kernel/drivers/extra
--	@rm  -f /lib/modules/`uname -r`/kernel/drivers/extra/$(MODULE_NAME_KO)
--	@cp $(MODULE_NAME_KO) /lib/modules/`uname -r`/kernel/drivers/extra/
--	@depmod -a
--	@if [ ! -z "$(MODPROBE_OUTPUT)" ]; then \
--		echo "Uninstalling AMDPowerProfiler Linux kernel module.";\
--		rmmod $(MODULE_NAME);\
--	fi
--	@modprobe $(MODULE_NAME) 2> $(PWD)/sign_status1; \
--		cat $(PWD)/sign_status1 | grep "Key was rejected by service"; \
--		echo $$? > $(PWD)/sign_status; SIGSTATUS1=`cat $(PWD)/sign_status | tr -d '\n'`; \
--                if [ $$SIGSTATUS1 -eq 0 ]; then \
--			echo "ERROR: Secure Boot enabled, correct key is not yet enrolled in BIOS key table"; \
--			exit 1; \
--		else \
--			cat $(PWD)/sign_status1; \
--		fi
-+	mkdir -p $(INSTALL_MOD_PATH)/lib/modules/$(KERNEL_VERSION)/kernel/drivers/extra/
-+	cp -a $(MODULE_NAME_KO) $(INSTALL_MOD_PATH)/lib/modules/$(KERNEL_VERSION)/kernel/drivers/extra/
-+
- # make dkms
- dkms:
- 	@chmod a+x ./AMDPPcert.sh

pkgs/babeltrace/default.nix

@@ -1,25 +0,0 @@
-{ stdenv, lib, fetchurl, pkg-config, glib, libuuid, popt, elfutils, swig4, python3 }:
-
-stdenv.mkDerivation rec {
-  name = "babeltrace-1.5.8";
-
-  src = fetchurl {
-    url = "https://www.efficios.com/files/babeltrace/${name}.tar.bz2";
-    sha256 = "1hkg3phnamxfrhwzmiiirbhdgckzfkqwhajl0lmr1wfps7j47wcz";
-  };
-
-  nativeBuildInputs = [ pkg-config ];
-  buildInputs = [ glib libuuid popt elfutils swig4 python3 ];
-
-  meta = with lib; {
-    description = "Command-line tool and library to read and convert LTTng tracefiles";
-    homepage = "https://www.efficios.com/babeltrace";
-    license = licenses.mit;
-    platforms = platforms.linux;
-    maintainers = [ maintainers.bjornfor ];
-  };
-
-  configureFlags = [
-    "--enable-python-bindings"
-  ];
-}

pkgs/babeltrace2/default.nix

@@ -1,34 +0,0 @@
-{
-  stdenv
-, fetchurl
-, pkg-config
-, glib
-, libuuid
-, popt
-, elfutils
-, python3
-, swig4
-, ncurses
-, breakpointHook
-}:
-
-stdenv.mkDerivation rec {
-  pname = "babeltrace2";
-  version = "2.0.3";
-
-  src = fetchurl {
-    url = "https://www.efficios.com/files/babeltrace/${pname}-${version}.tar.bz2";
-    sha256 = "1804pyq7fz6rkcz4r1abkkn0pfnss13m6fd8if32s42l4lajadm5";
-  };
-
-  enableParallelBuilding = true;
-  nativeBuildInputs = [ pkg-config ];
-  buildInputs = [ glib libuuid popt elfutils python3 swig4 ncurses breakpointHook ];
-  hardeningDisable = [ "all" ];
-
-  configureFlags = [
-    "--enable-python-plugins"
-    "--enable-python-bindings"
-  ];
-
-}

pkgs/bench6/default.nix

@@ -1,70 +0,0 @@
-{
-  stdenv
-, lib
-, bigotes
-, cmake
-, clangOmpss2
-, openmp
-, openmpv
-, nanos6
-, nodes
-, nosv
-, mpi
-, tampi
-, openblas
-, ovni
-, gitBranch ? "master"
-, gitURL ? "ssh://git@bscpm04.bsc.es/rarias/bench6.git"
-, gitCommit ? "bf29a53113737c3aa74d2fe3d55f59868faea7b4"
-}:
-
-stdenv.mkDerivation rec {
-  pname = "bench6";
-  version = "${src.shortRev}";
-
-  src = builtins.fetchGit {
-    url = gitURL;
-    ref = gitBranch;
-    rev = gitCommit;
-  };
-
-  nativeBuildInputs = [
-    cmake
-    clangOmpss2
-  ];
-
-  buildInputs = [
-    bigotes
-    openmp
-    openmpv
-    nanos6
-    nodes
-    nosv
-    mpi
-    tampi
-    openblas
-    openblas.dev
-    ovni
-  ];
-
-  env = {
-    NANOS6_HOME = nanos6;
-    NODES_HOME = nodes;
-    NOSV_HOME = nosv;
-  };
-
-  cmakeFlags = [
-    "-DCMAKE_C_COMPILER=clang"
-    "-DCMAKE_CXX_COMPILER=clang++"
-  ];
-  hardeningDisable = [ "all" ];
-  dontStrip = true;
-
-  meta = {
-    homepage = "https://gitlab.pm.bsc.es/rarias/bench6";
-    description = "Set of micro-benchmarks for OmpSs-2 and several mini-apps";
-    maintainers = with lib.maintainers.bsc; [ rarias ];
-    platforms = lib.platforms.linux;
-    license = lib.licenses.gpl3Plus;
-  };
-}

pkgs/bigotes/default.nix

@@ -1,26 +0,0 @@
-{
-  stdenv
-, lib
-, fetchFromGitHub
-, cmake
-}:
-
-stdenv.mkDerivation {
-  pname = "bigotes";
-  version = "9dce13";
-  src = fetchFromGitHub {
-    owner = "rodarima";
-    repo = "bigotes";
-    rev = "9dce13446a8da30bea552d569d260d54e0188518";
-    sha256 = "sha256-ktxM3pXiL8YXSK+/IKWYadijhYXqGoLY6adLk36iigE=";
-  };
-  nativeBuildInputs = [ cmake ];
-
-  meta = {
-    homepage = "https://github.com/rodarima/bigotes";
-    description = "Versatile benchmark tool";
-    maintainers = with lib.maintainers.bsc; [ rarias ];
-    platforms = lib.platforms.linux;
-    license = lib.licenses.gpl3Plus;
-  };
-}

pkgs/clsync/default.nix

@@ -1,54 +0,0 @@
-{ stdenv
-, fetchFromGitHub
-, libcap
-, libcgroup
-, libmhash
-, doxygen
-, graphviz
-, autoreconfHook
-, pkg-config
-, glib
-}:
-
-let
-  version = "0.4.4";
-
-in stdenv.mkDerivation {
-  pname = "clsync";
-  inherit version;
-
-  src = fetchFromGitHub {
-    repo = "clsync";
-    owner = "clsync";
-    rev = "v${version}";
-    sha256 = "0sdiyfwp0iqr6l1sirm51pirzmhi4jzgky5pzfj24nn71q3fwqgz";
-  };
-
-  outputs = [ "out" "dev" ];
-
-  buildInputs = [
-    autoreconfHook
-    libcap
-    libcgroup
-    libmhash
-    doxygen
-    graphviz
-    pkg-config
-    glib
-  ];
-
-  preConfigure = ''
-    ./configure --help
-  '';
-
-  enableParallelBuilding = true;
-
-  meta = with lib; {
-    description = "File live sync daemon based on inotify/kqueue/bsm (Linux, FreeBSD), written in GNU C";
-    homepage = "https://github.com/clsync/clsync";
-    license = licenses.gpl3Plus;
-    maintainers = [ ];
-    platforms = platforms.linux;
-  };
-}
-

pkgs/cn6/default.nix

@@ -1,51 +0,0 @@
-{
-  stdenv
-, lib
-, babeltrace2
-, pkg-config
-, uthash
-, enableTest ? false
-, mpi ? null
-, clangOmpss2 ? null
-, tampi ? null
-}:
-
-with lib;
-
-assert (enableTest -> (mpi != null));
-assert (enableTest -> (clangOmpss2 != null));
-assert (enableTest -> (tampi != null));
-
-stdenv.mkDerivation rec {
-  pname = "cn6";
-  version = "${src.shortRev}";
-
-  buildInputs = [
-    babeltrace2
-    pkg-config
-    uthash
-    mpi
-  ] ++ optionals (enableTest) [ mpi clangOmpss2 tampi ];
-
-  src = builtins.fetchGit {
-    url = "ssh://git@bscpm04.bsc.es/rarias/cn6.git";
-    ref = "master";
-    rev = "c72c3b66b720c2a33950f536fc819051c8f20a69";
-  };
-
-  makeFlags = [ "PREFIX=$(out)" ];
-
-  postBuild = optionalString (enableTest) ''
-    (
-      cd test
-      make timediff timediff_mpi
-    )
-  '';
-
-  postInstall = optionalString (enableTest) ''
-    (
-      cd test
-      cp timediff timediff_mpi sync-err.sh $out/bin/
-    )
-  '';
-}

pkgs/cpuid/default.nix

@@ -1,21 +0,0 @@
-{
-  stdenv
-, perl # For the pod2man command
-}:
-
-stdenv.mkDerivation rec {
-  version = "20201006";
-  pname = "cpuid";
-
-  buildInputs = [ perl ];
-
-  # Replace /usr install directory for $out
-  postPatch = ''
-    sed -i "s@/usr@$out@g" Makefile
-  '';
-
-  src = builtins.fetchTarball {
-    url = "http://www.etallen.com/cpuid/${pname}-${version}.src.tar.gz";
-    sha256 = "04qhs938gs1kjxpsrnfy6lbsircsprfyh4db62s5cf83a1nrwn9w";
-  };
-}

pkgs/dummy/default.nix

@@ -1,25 +0,0 @@
-{
-  stdenv
-}:
-
-stdenv.mkDerivation rec {
-  name = "dummy";
-
-  src = null;
-  dontUnpack = true;
-  dontBuild = true;
-
-  programPath = "/bin/dummy";
-
-  installPhase = ''
-    mkdir -p $out/bin
-
-    cat > $out/bin/dummy <<EOF
-    #!/bin/sh
-    echo Hello worlda!
-
-    EOF
-
-    chmod +x $out/bin/dummy
-  '';
-}

pkgs/extrae/PTR.patch

@@ -1,13 +0,0 @@
-diff --git a/src/merger/common/bfd_manager.c b/src/merger/common/bfd_manager.c
-index 5f9dacf9..5231e3eb 100644
---- a/src/merger/common/bfd_manager.c
-+++ b/src/merger/common/bfd_manager.c
-@@ -225,7 +225,7 @@ asymbol **BFDmanager_getDefaultSymbols (void)
-  *
-  * @return No return value.
-  */
--static void BFDmanager_findAddressInSection (bfd * abfd, asection * section, PTR data)
-+static void BFDmanager_findAddressInSection (bfd * abfd, asection * section, void * data)
- {
- #if HAVE_BFD_GET_SECTION_SIZE || HAVE_BFD_SECTION_SIZE || HAVE_BFD_GET_SECTION_SIZE_BEFORE_RELOC
- 	bfd_size_type size;

pkgs/extrae/default.nix

@@ -1,123 +0,0 @@
-{ stdenv
-, lib
-, fetchFromGitHub
-, boost
-, libdwarf
-, libelf
-, libxml2
-, libunwind
-, papi
-, binutils-unwrapped
-, libiberty
-, gfortran
-, xml2
-, which
-, libbfd
-, mpi ? null
-, cuda ? null
-, llvmPackages
-, autoreconfHook
-#, python3Packages
-, installShellFiles
-, symlinkJoin
-, enablePapi ? stdenv.hostPlatform == stdenv.buildPlatform # Disabled when cross-compiling
-}:
-
-let
-  libdwarfBundle = symlinkJoin {
-    name = "libdwarfBundle";
-    paths = [ libdwarf.dev libdwarf.lib libdwarf.out ];
-  };
-in
-
-stdenv.mkDerivation rec {
-  pname = "extrae";
-  version = "4.0.1";
-  src = fetchFromGitHub {
-    owner = "bsc-performance-tools";
-    repo = "extrae";
-    rev = "${version}";
-    sha256 = "SlMYxNQXJ0Xg90HmpnotUR3tEPVVBXhk1NtEBJwGBR4=";
-  };
-
-  patches = [
-    # FIXME: Waiting for German to merge this patch. Still not in master, merged
-    # on 2023-03-01 in devel branch (after 3 years), see:
-    # https://github.com/bsc-performance-tools/extrae/pull/45
-    ./use-command.patch
-    # https://github.com/bsc-performance-tools/extrae/issues/71
-    ./PTR.patch
-  ];
-
-  enableParallelBuilding = true;
-  hardeningDisable = [ "all" ];
-
-  nativeBuildInputs = [ installShellFiles ];
-
-  buildInputs = [
-    autoreconfHook
-    gfortran
-    libunwind
-    binutils-unwrapped
-    boost
-    boost.dev
-    libiberty
-    mpi
-    xml2
-    which
-    libxml2.dev
-    libbfd
-    #python3Packages.sphinx
-  ]
-  ++ lib.optional stdenv.cc.isClang llvmPackages.openmp;
-    
-  preConfigure = ''
-    configureFlagsArray=(
-      --enable-posix-clock
-      --with-binutils="${binutils-unwrapped} ${libiberty}"
-      --with-dwarf=${libdwarfBundle}
-      --with-elf=${libelf}
-      --with-boost=${boost.dev}
-      --enable-instrument-io
-      --enable-instrument-dynamic-memory
-      --without-memkind
-      --enable-merge-in-trace
-      --disable-online
-      --without-opencl
-      --enable-pebs-sampling
-      --enable-sampling
-      --with-unwind=${libunwind.dev}
-      --with-xml-prefix=${libxml2.dev}
-      ${lib.optionalString enablePapi "--with-papi=${papi}"}
-      ${if (mpi != null) then ''--with-mpi=${mpi}''
-        else ''--without-mpi''}
-      --without-dyninst)
-  '';
-
-  # Install the manuals only by hand, as we don't want to pull the complete
-  # LaTeX world
-
-  # FIXME: sphinx is broken
-  #postBuild = ''
-  #  make -C docs man
-  #'';
-  #
-  #postInstall = ''
-  #  installManPage docs/builds/man/*/*
-  #'';
-
-#  ++ (
-#    if (openmp)
-#    then [ "--enable-openmp" ]
-#    else []
-#  );
-
-  meta = {
-    homepage = "https://github.com/bsc-performance-tools/extrae";
-    description = "Instrumentation framework to generate execution traces of the most used parallel runtimes";
-    maintainers = [ ];
-    broken = true;
-    platforms = lib.platforms.linux;
-    license = lib.licenses.lgpl21Plus;
-  };
-}

pkgs/extrae/use-command.patch

@@ -1,24 +0,0 @@
-diff --git a/substitute b/substitute
-index d5615606..82ca91a5 100755
---- a/substitute
-+++ b/substitute
-@@ -16,7 +16,7 @@ UNAME=`uname`
- if [ "${UNAME}" = "Darwin" -o "${UNAME}" = "AIX" ] ; then
- 	TMPFILE=substitute-$$
- 	${SED} "s|${KEY}|${VALUE}|g" < ${FILE} >${TMPFILE}
--	/bin/mv -f ${TMPFILE} ${FILE}
-+	command mv -f ${TMPFILE} ${FILE}
- else
- 	${SED} "s|${KEY}|${VALUE}|g" -i ${FILE}
- fi
-diff --git a/substitute-all b/substitute-all
-index 48c6b76a..eda7a0f2 100755
---- a/substitute-all
-+++ b/substitute-all
-@@ -23,5 +23,5 @@ fi
- 
- echo "Applying modification in ${PATHTOCHANGE} - Key = ${KEY} for value = ${VALUE}"
- 
--/usr/bin/find ${PATHTOCHANGE} -type f -exec ${SCRIPT_LOCATION} "${SED}" "${KEY}" "${VALUE}" {} \;
-+command find ${PATHTOCHANGE} -type f -exec ${SCRIPT_LOCATION} "${SED}" "${KEY}" "${VALUE}" {} \;
- 

pkgs/fftw/default.nix

@@ -1,58 +0,0 @@
-{ fetchurl, stdenv, lib, llvmPackages ? null, precision ? "double", perl, mpi }:
-
-with lib;
-
-assert stdenv.cc.isClang -> llvmPackages != null;
-assert elem precision [ "single" "double" "long-double" "quad-precision" ];
-
-let
-  version = "3.3.8";
-  withDoc = stdenv.cc.isGNU;
-in
-
-stdenv.mkDerivation {
-  name = "fftw-${precision}-${version}";
-
-  src = fetchurl {
-    urls = [
-      "http://fftw.org/fftw-${version}.tar.gz"
-      "ftp://ftp.fftw.org/pub/fftw/fftw-${version}.tar.gz"
-    ];
-    sha256 = "00z3k8fq561wq2khssqg0kallk0504dzlx989x3vvicjdqpjc4v1";
-  };
-
-  outputs = [ "out" "dev" "man" ]
-    ++ optional withDoc "info"; # it's dev-doc only
-  outputBin = "dev"; # fftw-wisdom
-
-  buildInputs = [ mpi ]
-  ++ lib.optionals stdenv.cc.isClang [
-    # TODO: This may mismatch the LLVM version sin the stdenv, see #79818.
-    llvmPackages.openmp
-  ];
-
-  configureFlags =
-    [ "--enable-shared"
-      "--enable-threads"
-      "--enable-mpi"
-      "--disable-openmp"
-    ]
-    ++ optional (precision != "double") "--enable-${precision}"
-    # all x86_64 have sse2
-    # however, not all float sizes fit
-    ++ optional (stdenv.isx86_64 && (precision == "single" || precision == "double") )  "--enable-sse2"
-    # doc generation causes Fortran wrapper generation which hard-codes gcc
-    ++ optional (!withDoc) "--disable-doc";
-
-  enableParallelBuilding = true;
-
-  checkInputs = [ perl ];
-
-  meta = with lib; {
-    description = "Fastest Fourier Transform in the West library";
-    homepage = "http://www.fftw.org/";
-    license = licenses.gpl2Plus;
-    maintainers = [ maintainers.spwhitt ];
-    platforms = platforms.unix;
-  };
-}

pkgs/gpi-2/default.nix

@@ -1,64 +0,0 @@
-{
-  stdenv
-, lib
-, fetchurl
-, symlinkJoin
-, slurm
-, rdma-core
-, autoconf
-, automake
-, libtool
-, mpi
-, rsync
-, gfortran
-}:
-
-let
-  rdma-core-all = symlinkJoin {
-    name ="rdma-core-all";
-    paths = [ rdma-core.dev rdma-core.out ];
-  };
-  mpiAll = symlinkJoin {
-    name = "mpi-all";
-    paths = [ mpi.all ];
-  };
-in
-
-stdenv.mkDerivation rec {
-  pname = "GPI-2";
-  version = "tagaspi-2021.11";
-
-  src = fetchurl {
-    url = "https://pm.bsc.es/gitlab/interoperability/extern/GPI-2/-/archive/${version}/GPI-2-${version}.tar.gz";
-    hash = "sha256-eY2wpyTpnOXRoAcYoAP82Jq9Q7p5WwDpMj+f1vEX5zw=";
-  };
-
-  enableParallelBuilding = true;
-
-  patches = [ ./rdma-core.patch ./max-mem.patch ];
-
-  preConfigure = ''
-    patchShebangs autogen.sh
-    ./autogen.sh
-  '';
-
-  configureFlags = [
-    "--with-infiniband=${rdma-core-all}"
-    "--with-mpi=${mpiAll}"
-    "--with-slurm"
-    "CFLAGS=-fPIC"
-    "CXXFLAGS=-fPIC"
-  ];
-
-  buildInputs = [ slurm mpiAll rdma-core-all autoconf automake libtool rsync gfortran ];
-
-  hardeningDisable = [ "all" ];
-
-  meta = {
-    homepage = "https://pm.bsc.es/gitlab/interoperability/extern/GPI-2";
-    description = "GPI-2 extended for supporting Task-Aware GASPI (TAGASPI) library";
-    maintainers = with lib.maintainers.bsc; [ rarias ];
-    platforms = lib.platforms.linux;
-    license = lib.licenses.gpl3Plus;
-  };
-}

pkgs/gpi-2/max-mem.patch

@@ -1,10 +0,0 @@
---- a/tests/tests/segments/max_mem.c	2025-09-12 13:30:53.449353591 +0200
-+++ b/tests/tests/segments/max_mem.c	2025-09-12 13:33:49.750352401 +0200
-@@ -1,5 +1,7 @@
- #include <test_utils.h>
- 
-+gaspi_size_t gaspi_get_system_mem (void);
-+
- /* Test allocates 45% of system memory and creates a segment that
-    large or if several ranks per node exist, divided among that
-    number */

pkgs/gpi-2/rdma-core.patch

@@ -1,12 +0,0 @@
---- a/src/devices/ib/GPI2_IB.h	2025-09-12 13:25:31.564181121 +0200
-+++ b/src/devices/ib/GPI2_IB.h	2025-09-12 13:24:49.105422150 +0200
-@@ -26,6 +26,9 @@ along with GPI-2. If not, see <http://ww
- 
- #include "GPI2_Dev.h"
- 
-+/* Missing prototype as driver.h is now private */
-+int ibv_read_sysfs_file(const char *dir, const char *file, char *buf, size_t size);
-+
- #define GASPI_GID_INDEX   (0)
- #define PORT_LINK_UP      (5)
- #define MAX_INLINE_BYTES  (128)

pkgs/groff/0001-Fix-cross-compilation-by-looking-for-ar.patch

@@ -1,46 +0,0 @@
-From 1454525f70b43a6957b7c9e1870e997368787da3 Mon Sep 17 00:00:00 2001
-From: Samuel Dionne-Riel <samuel@dionne-riel.com>
-Date: Fri, 8 Nov 2019 21:59:21 -0500
-Subject: [PATCH] Fix cross-compilation by looking for `ar`.
-
----
- Makefile.am  | 2 +-
- configure.ac | 2 ++
- 2 files changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/Makefile.am b/Makefile.am
-index d18c49b8..b1b53338 100644
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -494,7 +494,7 @@ CCC=@CXX@
- # INSTALL_INFO
- # LN_S
- 
--AR=ar
-+AR=@AR@
- ETAGS=etags
- ETAGSFLAGS=
- # Flag that tells etags to assume C++.
-diff --git a/configure.ac b/configure.ac
-index 28e75f17..2449b9f5 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -37,6 +37,7 @@ AC_CONFIG_AUX_DIR([build-aux])
- 
- AC_CONFIG_HEADERS([src/include/config.h:src/include/config.hin])
- AC_CONFIG_SRCDIR([src/roff/groff/groff.cpp])
-+AC_CONFIG_MACRO_DIR([m4])
- 
- AC_USE_SYSTEM_EXTENSIONS
- 
-@@ -72,6 +73,7 @@ GROFF_DOC_CHECK
- GROFF_MAKEINFO
- GROFF_TEXI2DVI
- AC_PROG_RANLIB
-+AC_CHECK_TOOL([AR], [ar], [ar])
- GROFF_INSTALL_SH
- GROFF_INSTALL_INFO
- AC_PROG_INSTALL
--- 
-2.23.0
-

pkgs/groff/default.nix

@@ -1,127 +0,0 @@
-{ stdenv, lib, fetchurl, perl
-, ghostscript #for postscript and html output
-, psutils, netpbm #for html output
-, buildPackages
-, autoreconfHook
-, pkg-config
-, texinfo
-}:
-
-stdenv.mkDerivation rec {
-  pname = "groff";
-  version = "1.22.4";
-
-  src = fetchurl {
-    url = "mirror://gnu/groff/${pname}-${version}.tar.gz";
-    sha256 = "14q2mldnr1vx0l9lqp9v2f6iww24gj28iyh4j2211hyynx67p3p7";
-  };
-
-  enableParallelBuilding = false;
-
-  patches = [
-    ./0001-Fix-cross-compilation-by-looking-for-ar.patch
-  ];
-
-  postPatch = lib.optionalString (psutils != null) ''
-    substituteInPlace src/preproc/html/pre-html.cpp \
-      --replace "psselect" "${psutils}/bin/psselect"
-  '' + lib.optionalString (netpbm != null) ''
-    substituteInPlace src/preproc/html/pre-html.cpp \
-      --replace "pnmcut" "${lib.getBin netpbm}/bin/pnmcut" \
-      --replace "pnmcrop" "${lib.getBin netpbm}/bin/pnmcrop" \
-      --replace "pnmtopng" "${lib.getBin netpbm}/bin/pnmtopng"
-    substituteInPlace tmac/www.tmac.in \
-      --replace "pnmcrop" "${lib.getBin netpbm}/bin/pnmcrop" \
-      --replace "pngtopnm" "${lib.getBin netpbm}/bin/pngtopnm" \
-      --replace "@PNMTOPS_NOSETPAGE@" "${lib.getBin netpbm}/bin/pnmtops -nosetpage"
-  '';
-
-  buildInputs = [ ghostscript psutils netpbm perl ];
-  nativeBuildInputs = [ autoreconfHook pkg-config texinfo ];
-
-  # Builds running without a chroot environment may detect the presence
-  # of /usr/X11 in the host system, leading to an impure build of the
-  # package. To avoid this issue, X11 support is explicitly disabled.
-  # Note: If we ever want to *enable* X11 support, then we'll probably
-  # have to pass "--with-appresdir", too.
-  configureFlags = [
-    "--without-x"
-  ] ++ lib.optionals (ghostscript != null) [
-    "--with-gs=${ghostscript}/bin/gs"
-  ] ++ lib.optionals (stdenv.buildPlatform != stdenv.hostPlatform) [
-    "ac_cv_path_PERL=${buildPackages.perl}/bin/perl"
-  ];
-
-  makeFlags = lib.optionals (stdenv.buildPlatform != stdenv.hostPlatform) [
-    # Trick to get the build system find the proper 'native' groff
-    # http://www.mail-archive.com/bug-groff@gnu.org/msg01335.html
-    "GROFF_BIN_PATH=${buildPackages.groff}/bin"
-    "GROFFBIN=${buildPackages.groff}/bin/groff"
-  ];
-
-  doCheck = true;
-
-  postInstall = ''
-    for f in 'man.local' 'mdoc.local'; do
-        cat '${./site.tmac}' >>"$out/share/groff/site-tmac/$f"
-    done
-
-    moveToOutput bin/gropdf $out
-    moveToOutput bin/pdfmom $out
-    moveToOutput bin/roff2text $out
-    moveToOutput bin/roff2pdf $out
-    moveToOutput bin/roff2ps $out
-    moveToOutput bin/roff2dvi $out
-    moveToOutput bin/roff2ps $out
-    moveToOutput bin/roff2html $out
-    moveToOutput bin/glilypond $out
-    moveToOutput bin/mmroff $out
-    moveToOutput bin/roff2x $out
-    moveToOutput bin/afmtodit $out
-    moveToOutput bin/gperl $out
-    moveToOutput bin/chem $out
-    moveToOutput share/groff/${version}/font/devpdf $out
-
-    # idk if this is needed, but Fedora does it
-    moveToOutput share/groff/${version}/tmac/pdf.tmac $out
-
-    moveToOutput bin/gpinyin $out
-    moveToOutput lib/groff/gpinyin $out
-    substituteInPlace $out/bin/gpinyin \
-      --replace $out/lib/groff/gpinyin $out/lib/groff/gpinyin
-
-    moveToOutput bin/groffer $out
-    moveToOutput lib/groff/groffer $out
-    substituteInPlace $out/bin/groffer \
-      --replace $out/lib/groff/groffer $out/lib/groff/groffer
-
-    moveToOutput bin/grog $out
-    moveToOutput lib/groff/grog $out
-    substituteInPlace $out/bin/grog \
-      --replace $out/lib/groff/grog $out/lib/groff/grog
-
-  '' + lib.optionalString (stdenv.buildPlatform != stdenv.hostPlatform) ''
-    find $out/ -type f -print0 | xargs --null sed -i 's|${buildPackages.perl}|${perl}|'
-  '';
-
-  meta = with lib; {
-    homepage = "https://www.gnu.org/software/groff/";
-    description = "GNU Troff, a typesetting package that reads plain text and produces formatted output";
-    license = licenses.gpl3Plus;
-    platforms = platforms.all;
-    maintainers = with maintainers; [ pSub ];
-
-    longDescription = ''
-      groff is the GNU implementation of troff, a document formatting
-      system.  Included in this release are implementations of troff,
-      pic, eqn, tbl, grn, refer, -man, -mdoc, -mom, and -ms macros,
-      and drivers for PostScript, TeX dvi format, HP LaserJet 4
-      printers, Canon CAPSL printers, HTML and XHTML format (beta
-      status), and typewriter-like devices.  Also included is a
-      modified version of the Berkeley -me macros, the enhanced
-      version gxditview of the X11 xditview previewer, and an
-      implementation of the -mm macros.
-    '';
-
-  };
-}

pkgs/groff/site.tmac

@@ -1,16 +0,0 @@
-.
-.if n \{\
-.  \" Character translations for non-keyboard
-.  \" characters - to make them searchable
-.  if '\*[.T]'utf8' \{\
-.    char \- \N'45'
-.    char - \N'45'
-.    char ' \N'39'
-.    char \' \N'39'
-.  \}
-.
-.  \" Shut off SGR by default (groff colors)
-.  \" Require GROFF_SGR envvar defined to turn it on
-.  if '\V[GROFF_SGR]'' \
-.    output x X tty: sgr 0
-.\}

pkgs/hwloc/1.11.6/default.nix

@@ -1,70 +0,0 @@
-{ stdenv, lib, fetchurl, pkg-config, expat, ncurses
-, pciutils, numactl }:
-
-with lib;
-
-stdenv.mkDerivation rec {
-  name = "hwloc-1.11.6";
-
-  src = fetchurl {
-    url = "http://www.open-mpi.org/software/hwloc/v1.11/downloads/${name}.tar.bz2";
-    sha256 = "1yl7dm2qplwmnidd712zy12qfvxk28k8ccs694n42ybwdjwzg1bn";
-  };
-
-  nativeBuildInputs = [ pkg-config ];
-
-  # Filter out `null' inputs.  This allows users to `.override' the
-  # derivation and set optional dependencies to `null'.
-  buildInputs = filter (x: x != null)
-   ([ expat ncurses ]
-     ++  (optionals stdenv.isLinux [ numactl ]));
-
-  propagatedBuildInputs =
-    # Since `libpci' appears in `hwloc.pc', it must be propagated.
-    optional stdenv.isLinux pciutils;
-
-  enableParallelBuilding = true;
-
-  postInstall =
-    optionalString (stdenv.isLinux && numactl != null)
-      '' if [ -d "${numactl}/lib64" ]
-         then
-             numalibdir="${numactl}/lib64"
-         else
-             numalibdir="${numactl}/lib"
-             test -d "$numalibdir"
-         fi
-
-         sed -i "$out/lib/libhwloc.la" \
-             -e "s|-lnuma|-L$numalibdir -lnuma|g"
-      '';
-
-  # Checks disabled because they're impure (hardware dependent) and
-  # fail on some build machines.
-  doCheck = false;
-
-  meta = {
-    description = "Portable abstraction of hierarchical architectures for high-performance computing";
-    longDescription = ''
-       hwloc provides a portable abstraction (across OS,
-       versions, architectures, ...) of the hierarchical topology of
-       modern architectures, including NUMA memory nodes, sockets,
-       shared caches, cores and simultaneous multithreading.  It also
-       gathers various attributes such as cache and memory
-       information.  It primarily aims at helping high-performance
-       computing applications with gathering information about the
-       hardware so as to exploit it accordingly and efficiently.
-
-       hwloc may display the topology in multiple convenient
-       formats.  It also offers a powerful programming interface to
-       gather information about the hardware, bind processes, and much
-       more.
-    '';
-
-    # http://www.open-mpi.org/projects/hwloc/license.php
-    license = licenses.bsd3;
-    homepage = http://www.open-mpi.org/projects/hwloc/;
-    maintainers = [ ];
-    platforms = platforms.all;
-  };
-}

pkgs/intel-compiler/default.nix

@@ -1,40 +0,0 @@
-{
-  stdenv
-, gcc
-, iccUnwrapped
-, wrapCCWith
-, intelLicense
-}:
-
-let
-  targetConfig = stdenv.targetPlatform.config;
-  inherit gcc;
-in wrapCCWith rec {
-  cc = iccUnwrapped;
-  extraBuildCommands = ''
-    echo "-B${gcc.cc}/lib/gcc/${targetConfig}/${gcc.version}" >> $out/nix-support/cc-cflags
-    echo "-isystem ${iccUnwrapped}/include" >> $out/nix-support/cc-cflags
-    echo "-isystem ${iccUnwrapped}/include/intel64" >> $out/nix-support/cc-cflags
-    echo "-L${gcc.cc}/lib/gcc/${targetConfig}/${gcc.version}" >> $out/nix-support/cc-ldflags
-    echo "-L${gcc.cc.lib}/lib" >> $out/nix-support/cc-ldflags
-
-    cat "${iccUnwrapped}/nix-support/propagated-build-inputs" >> \
-      $out/nix-support/propagated-build-inputs
-
-    echo "export INTEL_LICENSE_FILE=${intelLicense}" \
-      >> $out/nix-support/setup-hook
-
-    # Create the wrappers for icc and icpc
-    if [ -e $ccPath/icc ]; then
-      wrap icc  $wrapper $ccPath/icc
-    fi
-
-    if [ -e $ccPath/icpc ]; then
-      wrap icpc $wrapper $ccPath/icpc
-    fi
-
-    if [ -e $ccPath/ifort ]; then
-      wrap ifort $wrapper $ccPath/ifort
-    fi
-  '';
-}

pkgs/intel-compiler/icc2020.nix

@@ -1,71 +0,0 @@
-{ stdenv
-, lib
-, fetchurl
-, rpmextract
-, autoPatchelfHook
-, gcc
-, intel-mpi
-}:
-
-stdenv.mkDerivation rec {
-  version = "${year}.${v_a}.${v_b}";
-  name = "intel-compiler-${version}";
-
-  passthru = {
-    CC = "icc";
-    CXX = "icpc";
-  };
-
-  # From Arch Linux PKGBUILD
-  dir_nr="17114";
-  year="2020";
-  v_a="4";
-  v_b="304";
-  update="4";
-  composer_xe_dir="compilers_and_libraries_${year}.${v_a}.${v_b}";
-  tgz="parallel_studio_xe_2020_update${update}_professional_edition.tgz";
-
-  src = fetchurl {
-    url = "https://registrationcenter-download.intel.com/akdlm/irc_nas/tec/${dir_nr}/${tgz}";
-    sha256 = "1rn9kk5bjj0jfv853b09dxrx7kzvv8dlyzw3hl9ijx9mqr09lrzr";
-  };
-
-  buildInputs = [
-    rpmextract
-    autoPatchelfHook
-    gcc.cc.lib
-    gcc
-    intel-mpi
-  ];
-
-  # The gcc package is required for building other programs
-  propagatedBuildInputs = [ gcc ];
-
-  installPhase = ''
-    pwd
-    ls -l rpm
-    rpmextract rpm/intel-icc-*.rpm
-    rpmextract rpm/intel-comp-*.rpm
-    rpmextract rpm/intel-c-comp-*.rpm
-    rpmextract rpm/intel-openmp*.rpm
-    rpmextract rpm/intel-ifort*.rpm
-
-    mkdir -p $out/{bin,lib,include}
-
-    pushd ./opt/intel/${composer_xe_dir}/linux/
-      cp -a bin/intel64/* $out/bin/
-      cp -a compiler/include/* $out/include/
-      cp -a compiler/lib/intel64_lin/* $out/lib/
-      ln -s lib $out/lib_lin
-      rm $out/lib/*.dbg
-    popd
-  '';
-
-  meta = {
-    homepage = "https://www.intel.com/content/www/us/en/developer/tools/overview.html";
-    description = "Intel compiler";
-    maintainers = with lib.maintainers.bsc; [ rarias ];
-    platforms = lib.platforms.linux;
-    license = lib.licenses.unfree;
-  };
-}

pkgs/intel-compiler/icc2021.nix

@@ -1,156 +0,0 @@
-{ stdenv
-, lib
-, fetchurl
-, dpkg
-, rsync
-, libffi
-, libelf
-, libxml2
-, hwloc
-, autoPatchelfHook
-}:
-
-with lib;
-
-let
-
-  getsrc = url: sha256: fetchurl { inherit url sha256; };
-
-  version = "2021.2.0";
-  _debpkgrel = "610";
-  tbbrel = "357";
-
-  # Shorhands
-  main     = "intel-oneapi-dpcpp-cpp";
-  compiler = "intel-oneapi-compiler-dpcpp-cpp";
-  shared   = "intel-oneapi-compiler-shared";
-  openmp   = "intel-oneapi-openmp";
-  tbb      = "intel-oneapi-tbb";
-
-  # From Arch Linux PKGBUILD:
-  # https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=intel-oneapi-compiler-dpcpp-cpp
-  debs = [
-    # From intel-oneapi-compiler-dpcpp-cpp
-    "${main}-${version}-${version}-${_debpkgrel}_amd64.deb"
-    "${compiler}-common-${version}-${version}-${_debpkgrel}_all.deb"
-    "${compiler}-runtime-${version}-${version}-${_debpkgrel}_amd64.deb"
-
-    # From intel-oneapi-compiler-shared
-    "${shared}-${version}-${version}-${_debpkgrel}_amd64.deb"
-    "${shared}-runtime-${version}-${version}-${_debpkgrel}_amd64.deb"
-    "${shared}-common-${version}-${version}-${_debpkgrel}_all.deb"
-    "${shared}-common-runtime-${version}-${version}-${_debpkgrel}_all.deb"
-    "${compiler}-classic-fortran-shared-runtime-${version}-${version}-${_debpkgrel}_amd64.deb"
-
-    # From intel-oneapi-openmp
-    "${openmp}-${version}-${version}-${_debpkgrel}_amd64.deb"
-    "${openmp}-common-${version}-${version}-${_debpkgrel}_all.deb"
-
-    # From intel-oneapi-tbb
-    "${tbb}-${version}-${version}-${tbbrel}_amd64.deb"
-    "${tbb}-devel-${version}-${version}-${tbbrel}_amd64.deb"
-    "${tbb}-common-${version}-${version}-${tbbrel}_all.deb"
-    "${tbb}-common-devel-${version}-${version}-${tbbrel}_all.deb"
-  ];
-
-  apthost = "https://apt.repos.intel.com/oneapi/pool/main/";
-  urls = map (x: apthost + x) debs;
-
-  sums = [
-    # From intel-oneapi-compiler-dpcpp-cpp
-    "0pwsfzkazr9yf6v6lgwb3p2in6ch3rlcc9qcfarkyqn052p760kk"
-    "0vzsanldhs4ym4gsfn0zjqm03x53ma1zjkj24hpkhpsvlr2r069w"
-    "0nx62v6g0wl70lqdh7sh7gfgxbynhrrips9gpj9if60ngz6fm21m"
-
-    # From intel-oneapi-compiler-shared
-    "1al80pcy2r3q2r2pm04sva7rd3z6y287mkdv5jq4p5bfd8yi14d4"
-    "07rp0cjmbgj48wly9dm6ibxzbsanmgrsjjqr7mx688ms6qbhv314"
-    "1pf4xckyyhssjknhs6hwampjsz2qjlg81jw2fc441zaccwf25yf3"
-    "0hk0x4wq60g9wnn9j051v25zcmbasjdzp34xfvrihmcvyws0s69g"
-    "0dhbw8kshw4abqc9zf891z5ic0x13x3kvhk56nrqkqgcfwps9w8a"
-
-    # From intel-oneapi-openmp
-    "1wqy2sjwlqdh72zhfrxl9pm106hjzfdbbm98cxigbg20fb5lbv5a"
-    "19nbqypvqcf8c3mwriaqrmp5igjpwvwrb9mq2fxa5i40w7bhlxjl"
-
-    # From intel-oneapi-tbb
-    "1dpii3g861kimky0x7dqcj6hg7zb6i5kw1wgwrxdc5yxhi5slbm9"
-    "0bl1flm6w0w9nzrh34ig4p9qz2gbdgw9q14as2pwp8flicd8p899"
-    "0w3kip6q713v1xlfc10ai4v15cbwmbqrv8r1f5x6pfqdbb0bpmbv"
-    "0v95nmddyi0mjjdvm07w9fm3vq4a0wkx7zxlyzn2f4xg38qc5j73"
-  ];
-
-in
-  stdenv.mkDerivation {
-    inherit version;
-    name = "intel-compiler-${version}";
-
-    passthru = {
-      CC = "icc";
-      CXX = "icpc";
-    };
-
-    srcs = zipListsWith getsrc urls sums;
-
-    buildInputs = [
-      dpkg
-      rsync
-      libffi
-      libelf
-      libxml2
-      hwloc
-      autoPatchelfHook
-      stdenv.cc.cc.lib
-    ];
-
-    dontBuild = true;
-    dontStrip = true;
-
-    # The gcc package is required for building other programs
-    #propagatedBuildInputs = [ gcc ];
-
-    unpackCmd = ''
-      dpkg -x $curSrc .
-    '';
-
-    # FIXME: Some dependencies are missing
-    autoPatchelfIgnoreMissingDeps = true;
-    #autoPatchelfIgnoreMissingDeps = [ "*" ];
-
-    # Compiler
-    installPhase = ''
-      mkdir -p $out/{bin,lib,include}
-
-      pushd intel/oneapi/compiler/${version}/linux
-        # Binaries
-        rsync -a bin/ $out/bin/
-        rsync -a bin/intel64/ $out/bin/
-
-        # Libraries
-        rsync -a --exclude=oclfpga lib/ $out/lib/
-        rsync -a compiler/lib/intel64_lin/ $out/lib/
-
-        # Headers
-        rsync -a include/ $out/include/
-        rsync -a compiler/include/ $out/include/
-      popd
-
-      # TBB
-      pushd intel/oneapi/tbb/${version}
-        # Libraries
-        rsync -a lib/intel64/gcc4.8/ $out/lib/
-
-        # Headers
-        rsync -a include/ $out/include/
-      popd
-    '';
-
-    meta = {
-      homepage = "https://www.intel.com/content/www/us/en/developer/tools/overview.html";
-      description = "Intel compiler";
-      maintainers = with lib.maintainers.bsc; [ rarias ];
-      platforms = lib.platforms.linux;
-      license = lib.licenses.unfree;
-    };
-
-  }

pkgs/intel-compiler/license.nix

@@ -1,39 +0,0 @@
-{ stdenv
-, requireFile
-}:
-
-stdenv.mkDerivation rec {
-  name = "intel-compiler-license";
-  version = "2019.7.217";
-
-  src = requireFile {
-    name = "license.lic";
-    sha256 = "0rgmsqkhpqcfny8j7msa4sgz3prhh248ylh69gjh12dkra77prsj";
-    message = ''
-      The Intel Compiler requires a license. You can get one (free of charge) if
-      you meet the requeriments at the website:
-
-        https://software.intel.com/content/www/us/en/develop/articles/qualify-for-free-software.html#opensourcecontributor
-
-      Or you can use your own license. Add it to the store with:
-
-        $ nix-store --add-fixed sha256 license.lic
-        /nix/store/2p9v0nvsl3scshjx348z6j32rh7ac0db-license.lic
-
-      Notice that the name must match exactly "license.lic".
-
-      Then update the hash in the bsc/intel-compiler/license.nix file using the
-      nix-hash command with:
-
-        $ nix-hash --type sha256 --base32 --flat /nix/store/2p9v0nvsl3scshjx348z6j32rh7ac0db-license.lic
-        06g2xgm1lch6zqfkhb768wacdx46kf61mfvj5wfpyssw0anr0x9q
-    '';
-  };
-
-  dontUnpack = true;
-
-  installPhase = ''
-    mkdir -p $out
-    cp $src $out/
-  '';
-}

pkgs/intel-compiler/wrapper2021.nix

@@ -1,29 +0,0 @@
-{
-  stdenv
-, gcc
-, iccUnwrapped
-, wrapCCWith
-}:
-
-let
-  targetConfig = stdenv.targetPlatform.config;
-  inherit gcc;
-in wrapCCWith rec {
-  cc = iccUnwrapped;
-  extraBuildCommands = ''
-    echo "-B${gcc.cc}/lib/gcc/${targetConfig}/${gcc.version}" >> $out/nix-support/cc-cflags
-    echo "-isystem ${iccUnwrapped}/include" >> $out/nix-support/cc-cflags
-    echo "-isystem ${iccUnwrapped}/include/icc" >> $out/nix-support/cc-cflags
-    echo "-isystem ${gcc.cc}/include/c++/${gcc.version}" >> $out/nix-support/cc-cflags
-    echo "-isystem ${gcc.cc}/include/c++/${gcc.version}/${targetConfig}" >> $out/nix-support/cc-cflags
-
-    echo "-L${iccUnwrapped}/lib" >> $out/nix-support/cc-ldflags
-    echo "-L${gcc.cc}/lib/gcc/${targetConfig}/${gcc.version}" >> $out/nix-support/cc-ldflags
-    echo "-L${gcc.cc.lib}/lib" >> $out/nix-support/cc-ldflags
-
-    # Create the wrappers for icx*
-    wrap lld  $wrapper $ccPath/lld
-    wrap icx  $wrapper $ccPath/icx
-    wrap icpx  $wrapper $ccPath/icpx
-  '';
-}

pkgs/intel-mpi/default.nix

@@ -1,113 +0,0 @@
-{ stdenv
-, lib
-, rpmextract
-, gcc
-, zlib
-, ucx
-, numactl
-, rdma-core
-, libpsm2
-, patchelf
-, autoPatchelfHook
-, enableDebug ? false
-# The _mt version seems to cause seg-faults and deadlocks with the libpsm2
-# provider library with programs that call the MPI library without any locking
-# mechanism. See https://pm.bsc.es/gitlab/rarias/bscpkgs/-/issues/28. By
-# default, we use the non-mt variant, which provides a big lock. If you want to
-# use it, take a look at the I_MPI_THREAD_SPLIT env-var as well.
-, enableMt ? false
-}:
-
-let
-
-  lib_variant = (if enableDebug then "debug" else "release");
-
-  # See https://software.intel.com/content/www/us/en/develop/documentation/mpi-developer-reference-linux/top/environment-variable-reference/other-environment-variables.html
-  lib_mt = (if enableMt then "_mt" else "");
-  lib_name = "${lib_variant}${lib_mt}";
-
-in
-
-stdenv.mkDerivation rec {
-  name = "intel-mpi-${version}";
-  version = "2019.10.317";
-  dir_nr = "17534";
-
-  src = builtins.fetchTarball {
-    url = "http://registrationcenter-download.intel.com/akdlm/irc_nas/tec/${dir_nr}/l_mpi_${version}.tgz";
-    sha256 = "00nimgqywr20dv1ns5kg4r8539gvharn0xfj48i7mhbg8kwf8s08";
-  };
-
-  buildInputs = [
-    rpmextract
-    autoPatchelfHook
-    gcc.cc.lib
-    zlib
-    ucx
-    numactl
-    rdma-core
-    libpsm2
-    patchelf
-  ];
-
-  postUnpack = ''
-    pushd $sourceRoot
-      rpmextract rpm/intel-mpi-*.rpm
-      # Predictable name
-      mv opt/intel/compilers_and_libraries_* opt/intel/compilers_and_libraries
-    popd
-    sourceRoot="$sourceRoot/opt/intel/compilers_and_libraries/linux/mpi/intel64"
-  '';
-
-  patches = [
-    ./mpicc.patch
-    ./mpicxx.patch
-  ];
-
-  postPatch = ''
-    for i in bin/mpi* ; do
-      echo "Fixing paths in $i"
-      sed -i "s:I_MPI_SUBSTITUTE_INSTALLDIR:$out:g" "$i"
-    done     
-  '';
-
-  dontBuild = true;
-
-  installPhase = ''
-    mkdir -p $out
-    mv etc $out
-    mv bin $out 
-    mv include $out 
-    mkdir $out/lib
-    cp -a lib/lib* $out/lib
-    cp -a lib/${lib_name}/lib* $out/lib
-    cp -a libfabric/lib/* $out/lib
-    cp -a libfabric/lib/prov/* $out/lib
-    cp -a libfabric/bin/* $out/bin
-    ln -s . $out/intel64
-    rm $out/lib/libmpi.dbg
-
-    # Fixup Intel PSM2 library missing (now located at PSMX2)
-    ln -s $out/lib/libpsmx2-fi.so $out/lib/libpsm2-fi.so
-  '';
-
-  dontAutoPatchelf = true;
-
-  # The rpath of libfabric.so bundled with Intel MPI is patched to include the
-  # rdma-core lib path, as is required for dlopen to find the rdma components.
-  # TODO: Try the upstream libfabric library with rdma support, so we can avoid
-  # this hack.
-  postFixup = ''
-    autoPatchelf -- $out
-    patchelf --set-rpath "$out/lib:${rdma-core}/lib:${libpsm2}/lib" $out/lib/libfabric.so
-    echo "Patched RPATH in libfabric.so to: $(patchelf --print-rpath $out/lib/libfabric.so)"
-  '';
-
-  meta = {
-    homepage = "https://www.intel.com/content/www/us/en/developer/tools/overview.html";
-    description = "Intel MPI";
-    maintainers = with lib.maintainers.bsc; [ rarias ];
-    platforms = lib.platforms.linux;
-    license = lib.licenses.unfree;
-  };
-}

pkgs/intel-mpi/mpicc.patch

@@ -1,20 +0,0 @@
---- a/bin/mpicc	2021-02-04 18:15:11.233632360 +0100
-+++ b/bin/mpicc	2021-02-05 09:33:49.493598479 +0100
-@@ -50,7 +50,7 @@
- if [ x"$opt_args" == x"" ]; then
-     case "${compiler_short_name}" in
-     icc|icx)    "$dir"/mpiicc -cc=$compiler_name "$@" ;;
--    cc|*gcc*|clang*) "$dir"/mpigcc -cc=$compiler_name "$@" ;;
-+    cc|*gcc*|clang*|mcc|echo) "$dir"/mpigcc -cc=$compiler_name "$@" ;;
-     mpicc)  "$dir"/mpigcc "$@" ;;    
-     *)  
-             echo "Error: unsupported compiler name '$compiler_name'."
-@@ -60,7 +60,7 @@
- else
-     case "${compiler_short_name}" in
-     icc|icx)    "$dir"/mpiicc -cc=$compiler_name "$@" $opt_args ;;
--    cc|*gcc*|clang*) "$dir"/mpigcc -cc=$compiler_name "$@" $opt_args ;;
-+    cc|*gcc*|clang*|mcc|echo) "$dir"/mpigcc -cc=$compiler_name "$@" $opt_args ;;
-     mpicc)  "$dir"/mpigcc "$@" $opt_args ;;    
-     *)  
-             echo "Error: unsupported compiler name '$compiler_name'."

pkgs/intel-mpi/mpicxx.patch

@@ -1,20 +0,0 @@
---- a/bin/mpicxx	2021-02-04 18:15:11.233632360 +0100
-+++ b/bin/mpicxx	2021-02-05 09:36:21.396922569 +0100
-@@ -50,7 +50,7 @@
- if [ x"$opt_args" == x"" ]; then
-     case "${compiler_short_name}" in
-     icc|icpc|dpcpp)   "$dir"/mpiicpc -cxx=$compiler_name "$@" ;;
--    *g++*)        "$dir"/mpigxx -cxx=$compiler_name "$@" ;;
-+    *g++*|clang*++|mcxx|echo) "$dir"/mpigxx -cxx=$compiler_name "$@" ;;
-     mpicxx)     "$dir"/mpigxx "$@" ;;
-     *)  
-             echo "Error: unsupported compiler name '$compiler_name'."
-@@ -60,7 +60,7 @@
- else
-     case "${compiler_short_name}" in
-     icc|icpc|dpcpp)   "$dir"/mpiicpc -cxx=$compiler_name "$@" $opt_args ;;
--    *g++*)        "$dir"/mpigxx -cxx=$compiler_name "$@" $opt_args ;;
-+    *g++*|clang*++|mcxx|echo) "$dir"/mpigxx -cxx=$compiler_name "$@" $opt_args ;;
-     mpicxx)     "$dir"/mpigxx "$@" $opt_args ;;
-     *)  
-             echo "Error: unsupported compiler name '$compiler_name'."

pkgs/intel-oneapi/2023.nix

@@ -1,511 +0,0 @@
-{ stdenv
-, fetchurl
-, lib
-, dpkg
-, rsync
-, libffi_3_3
-, libelf
-, libxml2
-, hwloc
-, zlib
-, autoPatchelfHook
-, libfabric
-, gcc13
-, wrapCCWith
-}:
-
-# The distribution of intel packages is a mess. We are doing the installation
-# based on the .deb metapackage "intel-hpckit", and follow de dependencies,
-# which have mismatching versions.
-
-# Bruno Bzeznik (bzizou) went through the madness of using their .sh installer,
-# pulling all the X dependencies here:
-# https://github.com/Gricad/nur-packages/blob/4b67c8ad0ce1baa1d2f53ba41ae5bca8e00a9a63/pkgs/intel/oneapi.nix
-
-# But this is an attempt to install the packages from the APT repo
-
-let
-
-  meta = {
-    description = "Intel oneapi hpckit package component";
-    homepage = "https://www.intel.com/content/www/us/en/developer/tools/oneapi/hpc-toolkit-download.html";
-    license = lib.licenses.unfree;
-    maintainers = with lib.maintainers.bsc; [ abonerib ];
-  };
-
-  gcc = gcc13;
-
-  v = {
-    hpckit   = "2023.1.0";
-    compiler = "2023.1.0";
-    tbb      = "2021.9.0";
-    mpi      = "2021.9.0";
-  };
-
-  aptPackageIndex = stdenv.mkDerivation {
-    name = "intel-oneapi-packages";
-    srcs = [
-      # Run update.sh to update the package lists
-      ./amd64-packages ./all-packages
-    ];
-    phases = [ "installPhase" ];
-    installPhase = ''
-      awk -F': ' '\
-        BEGIN   { print "[ {" } \
-        NR>1 && /^Package: / { print "} {"; } \
-        /: /    { printf "%s = \"%s\";\n", $1, $2 } \
-        END     { print "} ]" }' $srcs > $out
-    '';
-  };
-
-  aptPackages = import aptPackageIndex;
-
-  apthost = "https://apt.repos.intel.com/oneapi/";
-
-  getSum = pkgList: name:
-  let
-    matches = lib.filter (x: name == x.Package) pkgList;
-    #n = lib.length matches;
-    #match = builtins.trace (name + " -- ${builtins.toString n}") (lib.elemAt matches 0);
-    match = lib.elemAt matches 0;
-  in
-    match.SHA256;
-
-  getUrl = pkgList: name:
-  let
-    matches = lib.filter (x: name == x.Package) pkgList;
-    #match = assert lib.length matches == 1; lib.elemAt matches 0;
-    n = lib.length matches;
-    match =
-      #builtins.trace (name + " -- n=${builtins.toString n}")
-      (lib.elemAt matches 0);
-  in
-    apthost + match.Filename;
-
-  uncompressDebs = debs: name: stdenv.mkDerivation {
-    name = name;
-    srcs = debs;
-    nativeBuildInputs = [ dpkg ];
-    phases = [ "installPhase" ];
-    installPhase = ''
-      mkdir -p $out
-      for src in $srcs; do
-        echo "unpacking $src"
-        dpkg -x $src $out
-      done
-    '';
-
-    inherit meta;
-  };
-
-  joinDebs = name: names:
-  let
-    urls = builtins.map (x: getUrl aptPackages x) names;
-    sums = builtins.map (x: getSum aptPackages x) names;
-    getsrc = url: sha256: builtins.fetchurl { inherit url sha256; };
-    debs = lib.zipListsWith getsrc urls sums;
-  in
-    uncompressDebs debs "${name}-source";
-
-
-  intel-mpi = stdenv.mkDerivation rec {
-    version = v.mpi;
-    pname = "intel-mpi";
-
-    src = joinDebs pname [
-      "intel-oneapi-mpi-devel-${version}"
-      "intel-oneapi-mpi-${version}"
-    ];
-
-    nativeBuildInputs = [
-      autoPatchelfHook
-      rsync
-    ];
-
-    buildInputs = [
-      libfabric
-      zlib
-      stdenv.cc.cc.lib
-    ];
-
-    phases = [ "installPhase" "fixupPhase" ];
-    dontStrip = true;
-    installPhase = ''
-      mkdir -p $out/{bin,etc,lib,include}
-      mkdir -p $out/share/man
-
-      cd $src
-
-      # MPI
-      pushd opt/intel/oneapi/mpi/${version}
-        rsync -a man/ $out/share/man/
-        rsync -a etc/ $out/etc/
-        rsync -a include/ $out/include/
-        cp -a lib/lib* $out/lib/
-        # Copy the actual libmpi.so from release
-        cp -a lib/release/lib* $out/lib
-        # Broken due missing libze_loader.so.1
-        rsync -a --exclude IMB-MPI1-GPU bin/ $out/bin/
-      popd
-    '';
-    preFixup = ''
-      for i in $out/bin/mpi* ; do
-        echo "Fixing paths in $i"
-        sed -i "s:I_MPI_SUBSTITUTE_INSTALLDIR:$out:g" "$i"
-      done
-    '';
-
-    inherit meta;
-  };
-
-  intel-tbb = stdenv.mkDerivation rec {
-    version = v.tbb;
-    pname = "intel-tbb";
-    src = joinDebs pname [
-      "intel-oneapi-tbb-${version}"
-      "intel-oneapi-tbb-common-${version}"
-    ];
-
-    buildInputs = [
-      intel-mpi
-      libffi_3_3
-      libelf
-      libxml2
-      hwloc
-      stdenv.cc.cc.lib
-    ];
-
-    nativeBuildInputs = [
-      autoPatchelfHook
-      rsync
-    ];
-    phases = [ "installPhase" "fixupPhase" ];
-    dontStrip = true;
-
-    autoPatchelfIgnoreMissingDeps = [ "libhwloc.so.5" ];
-
-    installPhase = ''
-      mkdir -p $out/lib
-
-      cd $src
-
-      pushd opt/intel/oneapi/tbb/${version}
-        # Libraries
-        rsync -a lib/intel64/gcc4.8/ $out/lib/
-      popd
-    '';
-
-    inherit meta;
-  };
-
-  intel-compiler-shared = stdenv.mkDerivation rec {
-    version = v.compiler;
-    pname = "intel-compiler-shared";
-    src = joinDebs pname [
-      "intel-oneapi-compiler-shared-${version}"
-      "intel-oneapi-compiler-shared-common-${version}"
-      "intel-oneapi-compiler-shared-runtime-${version}"
-    ];
-
-    buildInputs = [
-      intel-mpi
-      intel-tbb
-      libffi_3_3
-      libelf
-      libxml2
-      zlib
-      hwloc
-      stdenv.cc.cc.lib
-    ];
-
-    nativeBuildInputs = [
-      autoPatchelfHook
-      rsync
-    ];
-    phases = [ "installPhase" "fixupPhase" ];
-    dontStrip = true;
-
-    autoPatchelfIgnoreMissingDeps = [ "libsycl.so.6" ];
-
-    installPhase = ''
-      mkdir -p $out/{bin,lib,include}
-      mkdir -p $out/share/man
-
-      cd $src
-
-      # Compiler
-      pushd opt/intel/oneapi/compiler/${version}
-        pushd linux
-          # Binaries
-          rsync -a bin/ $out/bin/
-          rsync -a --exclude libcilkrts.so.5 bin/intel64/ $out/bin/
-
-          # Libraries
-          rsync -a lib/ $out/lib/
-          rsync -a lib/x64/ $out/lib/
-          rsync -a compiler/lib/intel64_lin/ $out/lib/
-          chmod +w $out/lib
-          cp bin/intel64/libcilkrts.so.5 $out/lib/
-          ln -s $out/lib/libcilkrts.so.5 $out/lib/libcilkrts.so
-
-          # Headers
-          rsync -a compiler/include/ $out/include/
-        popd
-      popd
-    '';
-
-    inherit meta;
-  };
-
-
-  intel-compiler-fortran = stdenv.mkDerivation rec {
-    version = v.compiler;
-    pname = "intel-fortran";
-    src = joinDebs pname [
-      "intel-oneapi-compiler-fortran-${version}"
-      "intel-oneapi-compiler-fortran-common-${version}"
-      "intel-oneapi-compiler-fortran-runtime-${version}"
-
-      "intel-oneapi-compiler-dpcpp-cpp-classic-fortran-shared-runtime-${version}"
-      #"intel-oneapi-compiler-dpcpp-cpp-and-cpp-classic-${version}"
-      #"intel-oneapi-compiler-dpcpp-cpp-and-cpp-classic-runtime-${version}"
-    ];
-
-    langFortran = true;
-
-    buildInputs = [
-      intel-mpi
-      intel-compiler-shared
-      libffi_3_3
-      libelf
-      libxml2
-      hwloc
-      stdenv.cc.cc.lib
-    ];
-
-    nativeBuildInputs = [
-      autoPatchelfHook
-      rsync
-    ];
-
-    phases = [ "installPhase" "fixupPhase" ];
-
-    dontStrip = true;
-
-    installPhase = ''
-      mkdir -p $out/{bin,lib,include}
-      mkdir -p $out/share/man
-
-      cd $src
-
-      # Compiler
-      pushd opt/intel/oneapi/compiler/${version}
-        pushd linux
-          # Binaries
-          rsync -a bin/ $out/bin/
-          rsync -a bin/intel64/ $out/bin/
-
-          # Libraries
-          rsync -a lib/ $out/lib/
-          rsync -a compiler/lib/intel64_lin/ $out/lib/
-
-          # Headers
-          rsync -a compiler/include/ $out/include/
-        popd
-
-        # Manuals
-        rsync -a documentation/en/man/common/ $out/share/man/
-
-        # Fix lib_lin
-        ln -s $out/lib $out/lib_lin
-      popd
-    '';
-
-    inherit meta;
-  };
-
-  intel-compiler = stdenv.mkDerivation rec {
-    version = v.compiler;
-    pname = "intel-compiler";
-    src = joinDebs pname [
-      # C/C++
-      "intel-oneapi-dpcpp-cpp-${version}"
-      "intel-oneapi-compiler-dpcpp-cpp-${version}"
-      "intel-oneapi-compiler-dpcpp-cpp-common-${version}"
-      "intel-oneapi-compiler-dpcpp-cpp-runtime-${version}"
-      "intel-oneapi-compiler-dpcpp-cpp-and-cpp-classic-${version}"
-      "intel-oneapi-compiler-dpcpp-cpp-and-cpp-classic-common-${version}"
-      "intel-oneapi-compiler-dpcpp-cpp-and-cpp-classic-runtime-${version}"
-      "intel-oneapi-compiler-dpcpp-cpp-classic-fortran-shared-runtime-${version}"
-    ];
-    dontCheckForBrokenSymlinks = true;
-    # From https://aur.archlinux.org/packages/intel-oneapi-compiler:
-    # - intel-oneapi-compiler-cpp-eclipse-cfg-2023.0.0-25370_all.deb
-    # + intel-oneapi-compiler-dpcpp-cpp-2023.0.0-2023.0.0-25370_amd64.deb
-    # x intel-oneapi-compiler-dpcpp-cpp-and-cpp-classic-2023.0.0-2023.0.0-25370_amd64.deb (empty)
-    # + intel-oneapi-compiler-dpcpp-cpp-and-cpp-classic-2023.0.0-25370_amd64.deb
-    # + intel-oneapi-compiler-dpcpp-cpp-and-cpp-classic-common-2023.0.0-2023.0.0-25370_all.deb
-    # + intel-oneapi-compiler-dpcpp-cpp-and-cpp-classic-runtime-2023.0.0-2023.0.0-25370_amd64.deb
-    # + intel-oneapi-compiler-dpcpp-cpp-classic-fortran-shared-runtime-2023.0.0-2023.0.0-25370_amd64.deb
-    # + intel-oneapi-compiler-dpcpp-cpp-common-2023.0.0-2023.0.0-25370_all.deb
-    # + intel-oneapi-compiler-dpcpp-cpp-runtime-2023.0.0-2023.0.0-25370_amd64.deb
-    # - intel-oneapi-compiler-dpcpp-eclipse-cfg-2023.0.0-25370_all.deb
-    # - intel-oneapi-compiler-fortran-2023.0.0-2023.0.0-25370_amd64.deb
-    # - intel-oneapi-compiler-fortran-common-2023.0.0-2023.0.0-25370_all.deb
-    # - intel-oneapi-compiler-fortran-runtime-2023.0.0-2023.0.0-25370_amd64.deb
-    # - intel-oneapi-compiler-fortran-runtime-2023.0.0-25370_amd64.deb
-    # - intel-oneapi-compiler-shared-2023.0.0-2023.0.0-25370_amd64.deb
-    # - intel-oneapi-compiler-shared-common-2023.0.0-2023.0.0-25370_all.deb
-    # - intel-oneapi-compiler-shared-runtime-2023.0.0-2023.0.0-25370_amd64.deb
-    # - intel-oneapi-dpcpp-cpp-2023.0.0-2023.0.0-25370_amd64.deb
-    # - intel-oneapi-openmp-2023.0.0-2023.0.0-25370_amd64.deb
-    # - intel-oneapi-openmp-common-2023.0.0-2023.0.0-25370_all.deb
-
-    buildInputs = [
-      intel-compiler-shared
-      libffi_3_3
-      libelf
-      libxml2
-      hwloc
-      stdenv.cc.cc.lib
-    ];
-
-    nativeBuildInputs = [
-      autoPatchelfHook
-      rsync
-    ];
-    autoPatchelfIgnoreMissingDeps = [ "libtbb.so.12" "libtbbmalloc.so.2" "libze_loader.so.1" ];
-
-    phases = [ "installPhase" "fixupPhase" ];
-
-    dontStrip = true;
-
-    installPhase = ''
-      mkdir -p $out/{bin,lib}
-      mkdir -p $out/share/man
-
-      cd $src
-
-      # Compiler
-      pushd opt/intel/oneapi/compiler/${version}
-        pushd linux
-          # Binaries
-          rsync -a bin/ $out/bin/
-          rsync -a bin-llvm/ $out/bin/
-          rsync -a bin/intel64/ $out/bin/
-
-          # Libraries
-          rsync -a --exclude oclfpga lib/ $out/lib/
-          rsync -a compiler/lib/intel64_lin/ $out/lib/
-
-          # Headers
-          rsync -a compiler/include/ $out/include/ # Intrinsics for icc
-          rsync -a include/ $out/include/
-          chmod +w $out/include
-          ln -s $out/lib/clang/16.0.0/include/ $out/include/icx # For icx
-        popd
-
-        # Manuals
-        rsync -a documentation/en/man/common/ $out/share/man/
-      popd
-    '';
-
-    inherit meta;
-  };
-
-  wrapIntel = { cc, mygcc, extraBuild ? "", extraInstall ? "" }:
-    let
-      targetConfig = stdenv.targetPlatform.config;
-    in (wrapCCWith {
-      cc = cc;
-      extraBuildCommands = ''
-        echo "-isystem ${cc}/include" >> $out/nix-support/cc-cflags
-        echo "-isystem ${cc}/include/intel64" >> $out/nix-support/cc-cflags
-
-        echo "-L${mygcc.cc}/lib/gcc/${targetConfig}/${mygcc.version}" >> $out/nix-support/cc-ldflags
-        echo "-L${mygcc.cc.lib}/lib" >> $out/nix-support/cc-ldflags
-        echo "-L${intel-compiler-shared}/lib" >> $out/nix-support/cc-ldflags
-        echo "-L${cc}/lib" >> $out/nix-support/cc-ldflags
-
-        # Need the gcc in the path
-        # FIXME: We should find a better way to modify the PATH instead of using
-        # this ugly hack. See https://jungle.bsc.es/git/rarias/bscpkgs/issues/9
-        echo 'path_backup="${mygcc}/bin:$path_backup"' >> $out/nix-support/cc-wrapper-hook
-
-        # Disable hardening by default
-        echo "" > $out/nix-support/add-hardening.sh
-      '' + extraBuild;
-    }).overrideAttrs (old: {
-      installPhase = old.installPhase + extraInstall;
-    });
-
-  icx-wrapper = wrapIntel rec {
-    cc = intel-compiler;
-    mygcc = gcc;
-    extraBuild = ''
-      wrap icx  $wrapper $ccPath/icx
-      wrap icpx $wrapper $ccPath/icpx
-      echo "-isystem ${cc}/include/icx" >> $out/nix-support/cc-cflags
-      echo "--gcc-toolchain=${mygcc.cc}" >> $out/nix-support/cc-cflags
-    '';
-    extraInstall = ''
-      export named_cc="icx"
-      export named_cxx="icpx"
-    '';
-  };
-
-  # Legacy
-  icc-wrapper = wrapIntel rec {
-    cc = intel-compiler;
-    # Intel icc classic compiler tries to behave like the gcc found in $PATH.
-    # EVEN if it doesn't support some of the features. See:
-    # https://community.intel.com/t5/Intel-C-Compiler/builtin-shuffle-GCC-compatibility-and-has-builtin/td-p/1143619
-    mygcc = gcc;
-    extraBuild = ''
-      wrap icc  $wrapper $ccPath/icc
-      wrap icpc $wrapper $ccPath/icpc
-      echo "-isystem ${cc}/include/icc" >> $out/nix-support/cc-cflags
-    '';
-    extraInstall = ''
-      export named_cc="icc"
-      export named_cxx="icpc"
-    '';
-  };
-
-  ifort-wrapper = wrapIntel rec {
-    cc = intel-compiler-fortran;
-    mygcc = gcc;
-    extraBuild = ''
-      wrap ifort  $wrapper $ccPath/ifort
-    '';
-    extraInstall = ''
-      export named_fc="ifort"
-    '';
-  };
-
-  stdenv-icc = stdenv.override {
-    cc = icc-wrapper;
-    allowedRequisites = null;
-  };
-
-  stdenv-icx = stdenv.override {
-    cc = icx-wrapper;
-    allowedRequisites = null;
-  };
-
-  stdenv-ifort = stdenv.override {
-    cc = ifort-wrapper;
-    allowedRequisites = null;
-  };
-
-in
-  {
-    inherit intel-mpi;
-    icx = icx-wrapper;
-    icc = icc-wrapper;
-    ifort = ifort-wrapper;
-
-    stdenv = stdenv-icx;
-    stdenv-icc = stdenv-icc;
-    stdenv-ifort = stdenv-ifort;
-  }

pkgs/intel-oneapi/update.sh

@@ -1,4 +0,0 @@
-#!/bin/sh
-
-curl https://apt.repos.intel.com/oneapi/dists/all/main/binary-amd64/Packages -o amd64-packages
-curl https://apt.repos.intel.com/oneapi/dists/all/main/binary-all/Packages -o all-packages

pkgs/libpsm2/default.nix

@@ -1,44 +0,0 @@
-{ stdenv, lib, fetchFromGitHub, numactl, pkg-config }:
-
-let
-  version = "11.2.185";
-in
-stdenv.mkDerivation {
-  pname = "libpsm2";
-  inherit version;
-
-  preConfigure= ''
-    export UDEVDIR=$out/etc/udev
-    substituteInPlace ./Makefile --replace "udevrulesdir}" "prefix}/etc/udev";
-  '';
-
-  enableParallelBuilding = true;
-
-  buildInputs = [ numactl pkg-config ];
-
-  installFlags = [ 
-    "DESTDIR=$(out)"
-    "UDEVDIR=/etc/udev"
-    "LIBPSM2_COMPAT_CONF_DIR=/etc"
-  ];
-
-  src = fetchFromGitHub {
-    owner = "intel";
-    repo = "opa-psm2";
-    rev = "PSM2_${version}";
-    sha256 = "062hg4r6gz7pla9df70nqs5i2a3mp1wszmp4l0g771fykhhrxsjg";
-  };
-
-  postInstall = ''
-    mv $out/usr/* $out
-    rmdir $out/usr
-  '';
-
-  meta = with lib; {
-    homepage = "https://github.com/intel/opa-psm2";
-    description = "The PSM2 library supports a number of fabric media and stacks";
-    license = with licenses; [ gpl2 bsd3 ];
-   platforms = [ "x86_64-linux" ];
-    maintainers = [ maintainers.bzizou ];
-  };
-}

pkgs/llvm-ompss2/clang.nix

@@ -1,137 +0,0 @@
-{
-  llvmPackages_latest
-, lib
-, fetchFromGitHub
-, cmake
-, bash
-, python3
-, perl
-, which
-, elfutils
-, libffi
-, zlib
-, pkg-config
-, gcc # needed to set the rpath of libstdc++ for clang-tblgen
-, enableDebug ? false
-, useGit ? false
-, gitUrl ? "ssh://git@bscpm04.bsc.es/llvm-ompss/llvm-mono.git"
-, gitBranch ? "master"
-, gitCommit ? "880e2341c56bad1dc14e8c369fb3356bec19018e"
-}:
-
-let
-  stdenv = llvmPackages_latest.stdenv;
-
-  release = rec {
-    version = "2025.06";
-    src = fetchFromGitHub {
-      owner = "bsc-pm";
-      repo = "llvm";
-      rev = "refs/tags/github-release-${version}";
-      hash = "sha256-ww9PpRmtz/M9IyLiZ8rAehx2UW4VpQt+svf4XfKBzKo=";
-    };
-  };
-
-  git = rec {
-    version = src.shortRev;
-    src = builtins.fetchGit {
-      url = gitUrl;
-      ref = gitBranch;
-      rev = gitCommit;
-    };
-  };
-
-  source = if (useGit) then git else release;
-
-in stdenv.mkDerivation {
-  pname = "clang-ompss2";
-  inherit (source) src version;
-
-  enableParallelBuilding = true;
-
-  passthru = {
-    CC = "clang";
-    CXX = "clang++";
-
-    isClang = true;
-    isClangWithOmpss = true;
-
-    inherit gcc zlib;
-  };
-
-  nativeBuildInputs = [
-    bash
-    cmake
-    elfutils
-    llvmPackages_latest.lld
-    pkg-config
-    python3
-    perl
-    which
-    zlib
-  ];
-
-  buildInputs = [
-    libffi
-    zlib
-    gcc.cc.lib # Required for libstdc++.so.6
-  ];
-
-  # Error with -D_FORTIFY_SOURCE=2, see https://bugs.gentoo.org/636604:
-  # /build/source/compiler-rt/lib/tsan/dd/dd_interceptors.cpp:225:20:
-  # error: redefinition of 'realpath'
-  # Requires disabling the "fortify" set of flags, however, for performance we
-  # disable all:
-  hardeningDisable = [ "all" ];
-
-  cmakeBuildType = if enableDebug then "Debug" else "Release";
-
-  dontStrip = enableDebug;
-
-  dontUseCmakeBuildDir = true;
-
-  # Fix the host triple, as it has changed in a newer config.guess:
-  # https://git.savannah.gnu.org/gitweb/?p=config.git;a=commitdiff;h=ca9bfb8cc75a2be1819d89c664a867785c96c9ba
-  preConfigure = ''
-    mkdir -p build
-    cd build
-    cmakeDir="../llvm"
-    cmakeFlagsArray=(
-      "-DLLVM_HOST_TRIPLE=${stdenv.targetPlatform.config}"
-      "-DLLVM_TARGETS_TO_BUILD=host"
-      "-DLLVM_BUILD_LLVM_DYLIB=ON"
-      "-DLLVM_LINK_LLVM_DYLIB=ON"
-      # Required to run clang-ast-dump and clang-tblgen during build
-      "-DCMAKE_BUILD_RPATH=$PWD/lib:${zlib}/lib:${gcc.cc.lib}/lib"
-      "-DLLVM_ENABLE_LLD=ON"
-      "-DCMAKE_CXX_FLAGS_DEBUG=-g -ggnu-pubnames"
-      "-DCMAKE_EXE_LINKER_FLAGS_DEBUG=-Wl,--gdb-index"
-      "-DLLVM_LIT_ARGS=-sv --xunit-xml-output=xunit.xml"
-      "-DLLVM_ENABLE_PROJECTS=clang;compiler-rt;lld"
-      "-DLLVM_ENABLE_ASSERTIONS=ON"
-      "-DLLVM_INSTALL_TOOLCHAIN_ONLY=ON"
-      "-DCMAKE_INSTALL_BINDIR=bin"
-      "-DLLVM_ENABLE_ZLIB=FORCE_ON"
-      "-DLLVM_ENABLE_LIBXML2=OFF"
-      # Set the rpath to include external libraries (zlib) both on build and
-      # install
-      "-DCMAKE_INSTALL_RPATH_USE_LINK_PATH=ON"
-      "-DCMAKE_INSTALL_RPATH=${zlib}/lib:${gcc.cc.lib}/lib"
-      "-DLLVM_APPEND_VC_REV=ON"
-      "-DLLVM_FORCE_VC_REVISION=${source.version}"
-    )
-  '';
-
-# About "-DCLANG_DEFAULT_NANOS6_HOME=${nanos6}", we could specify a default
-# nanos6 installation, but this is would require a recompilation of clang each
-# time nanos6 is changed. Better to use the environment variable NANOS6_HOME,
-# and specify nanos6 at run time.
-
-  meta = {
-    homepage = "https://gitlab.pm.bsc.es/llvm-ompss/llvm-mono";
-    description = "C language family frontend for LLVM (for OmpSs-2)";
-    maintainers = with lib.maintainers.bsc; [ rpenacob ];
-    platforms = lib.platforms.linux;
-    license = [ lib.licenses.asl20 lib.licenses.llvm-exception ];
-  };
-}

pkgs/llvm-ompss2/default.nix

@@ -1,70 +0,0 @@
-{
-  stdenv
-, lib
-, gcc
-, clangOmpss2Unwrapped
-, openmp ? null
-, wrapCCWith
-, llvmPackages_latest
-, ompss2rt ? null
-}:
-
-with lib;
-
-let
-  usingNodesAndOmpv = (openmp.pname == "openmp-v" && ompss2rt.pname == "nodes");
-  sameNosv = openmp.nosv == ompss2rt.nosv;
-in
-
-assert assertMsg (usingNodesAndOmpv -> sameNosv) "OpenMP-V and NODES must share the same nOS-V";
-
-let
-  homevar = if ompss2rt.pname == "nanos6" then "NANOS6_HOME" else "NODES_HOME";
-  rtname  = if ompss2rt.pname == "nanos6" then "libnanos6" else "libnodes";
-  ompname = if openmp.pname == "openmp-v" then  "libompv" else "libomp";
-
-
-  # We need to replace the lld linker from bintools with our linker just built,
-  # otherwise we run into incompatibility issues when mixing compiler and linker
-  # versions.
-  bintools-unwrapped = llvmPackages_latest.tools.bintools-unwrapped.override {
-    lld = clangOmpss2Unwrapped;
-  };
-  bintools = llvmPackages_latest.tools.bintools.override {
-    bintools = bintools-unwrapped;
-  };
-  targetConfig = stdenv.targetPlatform.config;
-  inherit gcc;
-  cc = clangOmpss2Unwrapped;
-  gccVersion = with versions; let v = gcc.version; in concatStringsSep "." [(major v) (minor v) (patch v)];
-in wrapCCWith {
-  inherit cc bintools;
-  # extraPackages adds packages to depsTargetTargetPropagated
-  extraPackages = optional (openmp != null) openmp;
-  extraBuildCommands = ''
-    echo "-target ${targetConfig}" >> $out/nix-support/cc-cflags
-    echo "-B${gcc.cc}/lib/gcc/${targetConfig}/${gccVersion}" >> $out/nix-support/cc-cflags
-    echo "-L${gcc.cc}/lib/gcc/${targetConfig}/${gccVersion}" >> $out/nix-support/cc-ldflags
-    echo "-L${gcc.cc.lib}/lib" >> $out/nix-support/cc-ldflags
-
-    for dir in ${gcc.cc}/include/c++/*; do
-      echo "-isystem $dir" >> $out/nix-support/libcxx-cxxflags
-    done
-    for dir in ${gcc.cc}/include/c++/*/${targetConfig}; do
-      echo "-isystem $dir" >> $out/nix-support/libcxx-cxxflags
-    done
-
-    echo "--gcc-toolchain=${gcc}" >> $out/nix-support/cc-cflags
-
-    wrap clang++  $wrapper $ccPath/clang++
-
-  '' + optionalString (openmp != null) ''
-    echo "export OPENMP_RUNTIME=${ompname}" >> $out/nix-support/cc-wrapper-hook
-  '' + optionalString (ompss2rt != null) ''
-    echo "export OMPSS2_RUNTIME=${rtname}" >> $out/nix-support/cc-wrapper-hook
-    echo "export ${homevar}=${ompss2rt}"   >> $out/nix-support/cc-wrapper-hook
-  '' + optionalString (ompss2rt != null && ompss2rt.pname == "nodes") ''
-    echo "export NOSV_HOME=${ompss2rt.nosv}" >> $out/nix-support/cc-wrapper-hook
-  '';
-}
-