Fix infiniband interface name

flake.lock: Update
Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/8bb5646e0bed5dbd3ab08c7a7cc15b75ab4e1d0f?narHash=sha256-SqUuBFjhl/kpDiVaKLQBoD8TLD%2B/cTUzzgVFoaHrkqY%3D' (2025-11-30) → 'github:NixOS/nixpkgs/3c9db02515ef1d9b6b709fc60ba9a540957f661c?narHash=sha256-2GffSfQxe3sedHzK%2BsTKlYo/NTIAGzbFCIsNMUPAAnk%3D' (2026-01-05)
2026-01-08 14:33:44 +01:00 · 2026-01-07 13:41:40 +01:00 · 2026-01-07 13:29:45 +01:00 · 2026-01-07 13:29:45 +01:00 · 2026-01-07 13:29:45 +01:00 · 2026-01-07 13:29:45 +01:00
20 changed files with 68 additions and 24 deletions
--- a/flake.lock
+++ b/flake.lock
@@ -2,16 +2,16 @@
  "nodes": {
    "nixpkgs": {
      "locked": {
-        "lastModified": 1752436162,
-        "narHash": "sha256-Kt1UIPi7kZqkSc5HVj6UY5YLHHEzPBkgpNUByuyxtlw=",
+        "lastModified": 1767634882,
+        "narHash": "sha256-2GffSfQxe3sedHzK+sTKlYo/NTIAGzbFCIsNMUPAAnk=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "dfcd5b901dbab46c9c6e80b265648481aafb01f8",
+        "rev": "3c9db02515ef1d9b6b709fc60ba9a540957f661c",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
-        "ref": "nixos-25.05",
+        "ref": "nixos-25.11",
        "repo": "nixpkgs",
        "type": "github"
      }
--- a/flake.nix
+++ b/flake.nix
@@ -1,6 +1,6 @@
 {
  inputs = {
-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05";
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11";
  };

  outputs = { self, nixpkgs, ... }:
--- a/m/apex/configuration.nix
+++ b/m/apex/configuration.nix
@@ -57,6 +57,18 @@
    };
  };

+  services.fail2ban = {
+    enable = true;
+    maxretry = 5;
+    bantime-increment = {
+      enable = true; # Double ban time on each attack
+      maxtime = "7d"; # Ban up to a week
+    };
+  };
+
+  # Disable SSH login with password, allow only keypair
+  services.openssh.settings.PasswordAuthentication = false;
+
  networking.firewall = {
    extraCommands = ''
      # Blackhole BSC vulnerability scanner (OpenVAS) as it is spamming our
--- a/m/bay/configuration.nix
+++ b/m/bay/configuration.nix
@@ -24,7 +24,7 @@
      address = "10.0.40.40";
      prefixLength = 24;
    } ];
-    interfaces.ibp5s0.ipv4.addresses = [ {
+    interfaces.ibs785.ipv4.addresses = [ {
      address = "10.0.42.40";
      prefixLength = 24;
    } ];
--- a/m/common/base/env.nix
+++ b/m/common/base/env.nix
@@ -1,10 +1,10 @@
-{ pkgs, config, ... }:
+{ pkgs, ... }:

 {
  environment.systemPackages = with pkgs; [
    vim wget git htop tmux pciutils tcpdump ripgrep nix-index nixos-option
    nix-diff ipmitool freeipmi ethtool lm_sensors cmake gnumake file tree
-    ncdu config.boot.kernelPackages.perf ldns pv
+    ncdu perf ldns pv
    # From jungle overlay
    osumb nixgen
  ];
--- a/m/common/base/users.nix
+++ b/m/common/base/users.nix
@@ -139,6 +139,7 @@
        openssh.authorizedKeys.keys = [
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKGt0ESYxekBiHJQowmKpfdouw0hVm3N7tUMtAaeLejK vincent@varch"
        ];
+        shell = pkgs.zsh;
      };

      pmartin1 = {
--- a/m/common/base/watchdog.nix
+++ b/m/common/base/watchdog.nix
@@ -5,5 +5,5 @@
  boot.kernelModules = [ "ipmi_watchdog" ];

  # Enable systemd watchdog with 30 s interval
-  systemd.watchdog.runtimeTime = "30s";
+  systemd.settings.Manager.RuntimeWatchdogSec = 30;
 }
--- a/m/hut/configuration.nix
+++ b/m/hut/configuration.nix
@@ -45,7 +45,7 @@
      address = "10.0.40.7";
      prefixLength = 24;
    } ];
-    interfaces.ibp5s0.ipv4.addresses = [ {
+    interfaces.ibs785.ipv4.addresses = [ {
      address = "10.0.42.7";
      prefixLength = 24;
    } ];
--- a/m/lake2/configuration.nix
+++ b/m/lake2/configuration.nix
@@ -46,7 +46,7 @@
      address = "10.0.40.42";
      prefixLength = 24;
    } ];
-    interfaces.ibp5s0.ipv4.addresses = [ {
+    interfaces.ibs785.ipv4.addresses = [ {
      address = "10.0.42.42";
      prefixLength = 24;
    } ];
--- a/m/module/debuginfod.nix
+++ b/m/module/debuginfod.nix
@@ -1,3 +1,10 @@
 {
-  services.nixseparatedebuginfod.enable = true;
+  services.nixseparatedebuginfod2 = {
+    enable = true;
+    substituters = [
+      "local:"
+      "https://cache.nixos.org"
+      "http://hut/cache"
+    ];
+  };
 }
--- a/overlay.nix
+++ b/overlay.nix
@@ -30,7 +30,8 @@ let
      amd-uprof-driver = _prev.callPackage ./pkgs/amd-uprof/driver.nix { };
    });
    lmbench = callPackage ./pkgs/lmbench/default.nix { };
-    mcxx = callPackage ./pkgs/mcxx/default.nix { };
+    # Broken and unmantained
+    # mcxx = callPackage ./pkgs/mcxx/default.nix { };
    meteocat-exporter = prev.callPackage ./pkgs/meteocat-exporter/default.nix { };
    mpi = final.mpich; # Set MPICH as default
    mpich = callPackage ./pkgs/mpich/default.nix { mpich = prev.mpich; };
--- a/pkgs/amd-uprof/driver.nix
+++ b/pkgs/amd-uprof/driver.nix
@@ -19,7 +19,7 @@ in stdenv.mkDerivation {
  '';
  hardeningDisable = [ "pic" "format" ];
  nativeBuildInputs = kernel.moduleBuildDependencies;
-  patches = [ ./makefile.patch ./hrtimer.patch ];
+  patches = [ ./makefile.patch ./hrtimer.patch ./remove-wr-rdmsrq.patch ];
  makeFlags = [
    "KERNEL_VERSION=${kernel.modDirVersion}"
    "KERNEL_DIR=${kernel.dev}/lib/modules/${kernel.modDirVersion}/build"
--- a/pkgs/amd-uprof/remove-wr-rdmsrq.patch
+++ b/pkgs/amd-uprof/remove-wr-rdmsrq.patch
@@ -0,0 +1,20 @@
+diff --git a/inc/PwrProfAsm.h b/inc/PwrProfAsm.h
+index d77770a..c93a0e9 100644
+--- a/inc/PwrProfAsm.h
+++ b/inc/PwrProfAsm.h
+@@ -347,6 +347,7 @@
+ 
+ #endif
+ 
+/*
+ #define rdmsrq(msr,val1,val2,val3,val4) ({ \
+         __asm__ __volatile__( \
+                               "rdmsr\n" \
+@@ -362,6 +363,7 @@
+                               :"c"(msr), "a"(val1), "d"(val2), "S"(val3), "D"(val4) \
+                             ); \
+     })
+*/
+ 
+ #define rdmsrpw(msr,val1,val2,val3,val4) ({ \
+         __asm__ __volatile__( \
--- a/pkgs/cudainfo/default.nix
+++ b/pkgs/cudainfo/default.nix
@@ -12,7 +12,7 @@ stdenv.mkDerivation (finalAttrs: {
  src = ./.;
  buildInputs = [
    cudatoolkit # Required for nvcc
-    cudaPackages.cuda_cudart.static # Required for -lcudart_static
+    (lib.getOutput "static" cudaPackages.cuda_cudart) # Required for -lcudart_static
    autoAddDriverRunpath
  ];
  installPhase = ''
--- a/pkgs/intel-oneapi/2023.nix
+++ b/pkgs/intel-oneapi/2023.nix
@@ -10,7 +10,7 @@
 , zlib
 , autoPatchelfHook
 , libfabric
-, gcc13
+, gcc
 , wrapCCWith
 }:

@@ -33,8 +33,6 @@ let
    maintainers = with lib.maintainers.bsc; [ abonerib ];
  };

-  gcc = gcc13;
-
  v = {
    hpckit   = "2023.1.0";
    compiler = "2023.1.0";
--- a/pkgs/llvm-ompss2/default.nix
+++ b/pkgs/llvm-ompss2/default.nix
@@ -27,10 +27,10 @@ let
  # We need to replace the lld linker from bintools with our linker just built,
  # otherwise we run into incompatibility issues when mixing compiler and linker
  # versions.
-  bintools-unwrapped = llvmPackages_latest.tools.bintools-unwrapped.override {
+  bintools-unwrapped = llvmPackages_latest.bintools-unwrapped.override {
    lld = clangOmpss2Unwrapped;
  };
-  bintools = llvmPackages_latest.tools.bintools.override {
+  bintools = llvmPackages_latest.bintools.override {
    bintools = bintools-unwrapped;
  };
  targetConfig = stdenv.targetPlatform.config;
--- a/pkgs/mcxx/default.nix
+++ b/pkgs/mcxx/default.nix
@@ -65,6 +65,7 @@ stdenv.mkDerivation rec {
  ];

  meta = {
+    broken = true;
    homepage = "https://github.com/bsc-pm/mcxx";
    description = "C/C++/Fortran source-to-source compilation infrastructure aimed at fast prototyping";
    maintainers = with lib.maintainers.bsc; [ rpenacob ];
--- a/pkgs/meteocat-exporter/default.nix
+++ b/pkgs/meteocat-exporter/default.nix
@@ -1,9 +1,11 @@
 { python3Packages, lib }:

-python3Packages.buildPythonApplication rec {
+python3Packages.buildPythonApplication {
  pname = "meteocat-exporter";
  version = "1.0";

+  pyproject = true;
+
  src = ./.;

  doCheck = false;
--- a/pkgs/paraver/default.nix
+++ b/pkgs/paraver/default.nix
@@ -12,7 +12,7 @@
 , paraverKernel
 , openssl
 , glibcLocales
-, wrapGAppsHook
+, wrapGAppsHook3
 }:

 let
@@ -64,7 +64,7 @@ stdenv.mkDerivation rec {
    autoconf
    automake
    autoreconfHook
-    wrapGAppsHook
+    wrapGAppsHook3
  ];

  buildInputs = [
--- a/pkgs/upc-qaire-exporter/default.nix
+++ b/pkgs/upc-qaire-exporter/default.nix
@@ -1,9 +1,11 @@
 { python3Packages, lib }:

-python3Packages.buildPythonApplication rec {
+python3Packages.buildPythonApplication {
  pname = "upc-qaire-exporter";
  version = "1.0";

+  pyproject = true;
+
  src = ./.;

  doCheck = false;
Author	SHA1	Message	Date
Rodrigo Arias Mallo	4a6e36c7e9	Fix infiniband interface name All checks were successful CI / build:cross (pull_request) Successful in 8s Details CI / build:all (pull_request) Successful in 16s Details	2026-01-08 14:33:44 +01:00
Rodrigo Arias Mallo	14fe50fc2a	flake.lock: Update Some checks failed CI / build:all (pull_request) Failing after 1m45s Details CI / build:cross (pull_request) Failing after 1m43s Details Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/8bb5646e0bed5dbd3ab08c7a7cc15b75ab4e1d0f?narHash=sha256-SqUuBFjhl/kpDiVaKLQBoD8TLD%2B/cTUzzgVFoaHrkqY%3D' (2025-11-30) → 'github:NixOS/nixpkgs/3c9db02515ef1d9b6b709fc60ba9a540957f661c?narHash=sha256-2GffSfQxe3sedHzK%2BsTKlYo/NTIAGzbFCIsNMUPAAnk%3D' (2026-01-05)	2026-01-07 13:41:40 +01:00
Aleix Boné	178afc667e	Remove conflicting definitions in amd-uprof-driver See: https://lkml.org/lkml/2025/4/9/1709	2026-01-07 13:29:45 +01:00
Aleix Boné	596bf121a6	Mark mcxx as broken and remove from package list	2026-01-07 13:29:45 +01:00
Aleix Boné	1a8549064b	Fix moved package linuxPackages.perf is now perf	2026-01-07 13:29:45 +01:00
Aleix Boné	54e9f0a561	Fix replaced nixseparatedebuginfod nixseparatedebuginfod has been replaced by nixseparatedebuginfod2	2026-01-07 13:29:45 +01:00
Aleix Boné	e8702f49c3	Use standard gcc for intel packages This reverts `26f52aa27d`	2026-01-07 13:29:44 +01:00
Aleix Boné	c81813b0f8	Fix renamed option watchdog.runtimeTime The option 'systemd.watchdog.runtimeTime' has been renamed to 'systemd.settings.Manager.RuntimeWatchdogSec'.	2026-01-07 13:29:44 +01:00
Aleix Boné	81114d55b8	Replace wrapGAppsHook with wrapGAppsHook3	2026-01-07 13:29:44 +01:00
Aleix Boné	f4bb3e7c17	Fix changed cudaPackages.cuda_cudart output See: https://github.com/NixOS/nixpkgs/pull/437723	2026-01-07 13:29:44 +01:00
Aleix Boné	c80a855627	Set pyproject=true in buildPythonApplication The buildPythonPackage and buildPythonApplication functions now require an explicit format attribute. Previously the default format used setuptools and called setup.py from the source tree, which is deprecated. The modern alternative is to configure pyproject = true with build-system = [ setuptools ].	2026-01-07 13:29:44 +01:00
Aleix Boné	e9a3a5ecc7	Fix renamed llvm bintools Moved from llvmPackages_latest.tools.bintools to llvmPackages_latest.bintools	2026-01-07 13:29:44 +01:00
Aleix Boné	272185d9b7	Upgrade nixpkgs to 25.11	2026-01-07 13:29:44 +01:00
Vincent A. Arcila	859eebda98	Change varcila shell to zsh All checks were successful CI / build:all (push) Successful in 59m37s Details CI / build:cross (push) Successful in 1h27m33s Details CI / build:cross (pull_request) Successful in 1h29m20s Details CI / build:all (pull_request) Successful in 1h29m22s Details Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>	2026-01-07 13:22:17 +01:00
Rodrigo Arias Mallo	c2a201b085	Increase fail2ban ban time on each attempt Some checks failed CI / build:all (push) Has been cancelled Details CI / build:cross (push) Has been cancelled Details CI / build:all (pull_request) Successful in 1h38m5s Details CI / build:cross (pull_request) Successful in 1h38m3s Details Reviewed-by: Aleix Boné <abonerib@bsc.es>	2026-01-07 13:14:34 +01:00
Rodrigo Arias Mallo	f921f0a4bd	Disable password login via SSH in apex Reviewed-by: Aleix Boné <abonerib@bsc.es>	2026-01-07 13:14:30 +01:00
Rodrigo Arias Mallo	aa16bfc0bc	Enable fail2ban in apex login node We are seeing a lot of failed attempts from the same IPs: apex% sudo journalctl -u sshd -b0 \| grep 'Failed password' \| wc -l 2441 Reviewed-by: Aleix Boné <abonerib@bsc.es>	2026-01-07 13:14:22 +01:00