weasel: use tent cache

/home is a nfs mount, which does not support extra filesystem arguments
needed to run podman. We need to have a local home.

m/apex/configuration.nix

@@ -5,6 +5,7 @@
     ../common/xeon.nix
     ../common/ssf/hosts.nix
     ../module/ceph.nix
+    ../module/hut-substituter.nix
     ../module/slurm-server.nix
     ./nfs.nix
     ./wireguard.nix
@@ -65,10 +66,4 @@
       iptables -I nixos-fw 2 -p tcp -s 84.88.52.176 -j nixos-fw-refuse
     '';
   };
-
-  # Use tent for cache
-  nix.settings = {
-    extra-substituters = [ "https://jungle.bsc.es/cache" ];
-    extra-trusted-public-keys = [ "jungle.bsc.es:pEc7MlAT0HEwLQYPtpkPLwRsGf80ZI26aj29zMw/HH0=" ];
-  };
 }

m/bay/configuration.nix

@@ -3,6 +3,7 @@
 {
   imports = [
     ../common/ssf.nix
+    ../module/hut-substituter.nix
     ../module/monitoring.nix
   ];
 

m/common/base.nix

@@ -11,11 +11,13 @@
     ./base/hw.nix
     ./base/net.nix
     ./base/nix.nix
+    ./base/nosv.nix
     ./base/ntp.nix
     ./base/rev.nix
     ./base/ssh.nix
     ./base/users.nix
     ./base/watchdog.nix
     ./base/zsh.nix
+    ./base/fish.nix
   ];
 }

m/common/base/env.nix

@@ -5,6 +5,8 @@
     vim wget git htop tmux pciutils tcpdump ripgrep nix-index nixos-option
     nix-diff ipmitool freeipmi ethtool lm_sensors cmake gnumake file tree
     ncdu config.boot.kernelPackages.perf ldns pv
+    nix-output-monitor
+    nixfmt-rfc-style
     # From bsckgs overlay
     osumb
   ];

m/common/base/fish.nix

@@ -0,0 +1,4 @@
+{ ... }:
+{
+  programs.fish.enable = true;
+}

m/common/base/nosv.nix

@@ -0,0 +1,9 @@
+{ ... }:
+{
+  nix.settings.system-features = [ "nosv" ];
+  programs.nix-required-mounts.enable = true;
+  programs.nix-required-mounts.allowedPatterns.nosv.paths = [
+    "/sys/devices/system/cpu"
+    "/sys/devices/system/node"
+  ];
+}

m/common/base/users.nix

@@ -87,6 +87,12 @@
         openssh.authorizedKeys.keys = [
           "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIIFiqXqt88VuUfyANkZyLJNiuroIITaGlOOTMhVDKjf abonerib@bsc"
         ];
+        shell = pkgs.fish;
+        packages = with pkgs; [
+          starship
+          jujutsu
+          neovim
+        ];
       };
 
       vlopez = {

m/eudy/configuration.nix

@@ -9,6 +9,7 @@
     ./cpufreq.nix
     ./fs.nix
     ./users.nix
+    ../module/hut-substituter.nix
     ../module/debuginfod.nix
   ];
 

m/fox/configuration.nix

@@ -8,6 +8,7 @@
     ../module/emulation.nix
     ../module/nvidia.nix
     ../module/slurm-client.nix
+    ../module/hut-substituter.nix
     ./wireguard.nix
   ];
 
@@ -62,12 +63,6 @@
     interfaces.enp1s0f0np0.useDHCP = true;
   };
 
-  # Use hut for cache
-  nix.settings = {
-    extra-substituters = [ "https://jungle.bsc.es/cache" ];
-    extra-trusted-public-keys = [ "jungle.bsc.es:pEc7MlAT0HEwLQYPtpkPLwRsGf80ZI26aj29zMw/HH0=" ];
-  };
-
   # Recommended for new graphics cards
   hardware.nvidia.open = true;
 

m/raccoon/configuration.nix

@@ -9,6 +9,7 @@
     ../module/nvidia.nix
     ../eudy/kernel/perf.nix
     ./wireguard.nix
+    ../module/hut-substituter.nix
   ];
 
   # Don't install Grub on the disk yet
@@ -51,11 +52,6 @@
     options = [ "nfsvers=3" "rsize=1024" "wsize=1024" "cto" "nofail" ];
   };
 
-  nix.settings = {
-    extra-substituters = [ "https://jungle.bsc.es/cache" ];
-    extra-trusted-public-keys = [ "jungle.bsc.es:pEc7MlAT0HEwLQYPtpkPLwRsGf80ZI26aj29zMw/HH0=" ];
-  };
-
   # Enable performance governor
   powerManagement.cpuFreqGovernor = "performance";
 

m/tent/configuration.nix

@@ -15,6 +15,7 @@
     ../hut/msmtp.nix
     ../module/p.nix
     ../module/vpn-dac.nix
+    ../module/hut-substituter.nix
   ];
 
   # Select the this using the ID to avoid mismatches

m/weasel/configuration.nix

@@ -3,6 +3,8 @@
 {
   imports = [
     ../common/ssf.nix
+    ../module/hut-substituter.nix
+    ./virtualization.nix
   ];
 
   # Select this using the ID to avoid mismatches
@@ -29,4 +31,5 @@
       prefixLength = 24;
     } ];
   };
+
 }

m/weasel/virtualization.nix

@@ -0,0 +1,40 @@
+{
+  lib,
+  pkgs,
+  config,
+  ...
+}:
+
+{
+  # Enable common container config files in /etc/containers
+  virtualisation.containers.enable = true;
+  virtualisation = {
+    podman = {
+      enable = true;
+
+      # Required for containers under podman-compose to be able to talk to each other.
+      defaultNetwork.settings.dns_enabled = true;
+    };
+  };
+
+  # We cannot use /home since nfs does not support fileattrs needed by podman
+  systemd.tmpfiles.settings = {
+    "podman-users" = lib.mapAttrs' (
+      name: value:
+      lib.nameValuePair ("/var/lib/podman-users/" + name) {
+        d = {
+          group = value.group;
+          mode = value.homeMode;
+          user = name;
+        };
+      }
+    ) (lib.filterAttrs (_: x: x.isNormalUser) config.users.users);
+  };
+
+  # Useful other development tools
+  environment.systemPackages = with pkgs; [
+    dive # look into docker image layers
+    podman-tui # status of containers in the terminal
+    podman-compose # start group of containers for dev
+  ];
+}