Add meta to intel 2023

Add meta to packages
Add maintainers
2025-10-10 12:29:55 +02:00 · 2025-10-10 12:29:55 +02:00 · 2025-10-10 12:29:55 +02:00
50 changed files with 424 additions and 1221 deletions
--- a/doc/maintainers.md
+++ b/doc/maintainers.md
@@ -1,30 +0,0 @@
 # Maintainers
 ## Role of a maintainer
 The responsibilities of maintainers are quite lax, and similar in spirit to
 [nixpkgs' maintainers][1]:
    The main responsibility of a maintainer is to keep the packages they
    maintain in a functioning state, and keep up with updates. In order to do
    that, they are empowered to make decisions over the packages they maintain.
    That being said, the maintainer is not alone in proposing changes to the
    packages. Anybody (both bots and humans) can send PRs to bump or tweak the
    package.
 In practice, this means that when updating or proposing changes to a package,
 we will notify maintainers by mentioning them in Gitea so they can test changes
 and give feedback.
 Since we do bi-yearly release cycles, there is no expectation from maintainers
 to update packages at each upstream release. Nevertheless, on each release cycle
 we may request help from maintainers when updating or testing their packages.
 ## Becoming a maintainer
 You'll have to add yourself in the `maintainers.nix` list; your username should
 match your `bsc.es` email. Then you can add yourself to the `meta.maintainers`
 of any package you are interested in maintaining.
 [1]: [https://github.com/NixOS/nixpkgs/tree/nixos-25.05/maintainers]
--- a/flake.lock
+++ b/flake.lock
@@ -1,5 +1,71 @@
 {
  "nodes": {
    "agenix": {
      "inputs": {
        "darwin": "darwin",
        "home-manager": "home-manager",
        "nixpkgs": [
          "nixpkgs"
        ],
        "systems": "systems"
      },
      "locked": {
        "lastModified": 1750173260,
        "narHash": "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=",
        "owner": "ryantm",
        "repo": "agenix",
        "rev": "531beac616433bac6f9e2a19feb8e99a22a66baf",
        "type": "github"
      },
      "original": {
        "owner": "ryantm",
        "repo": "agenix",
        "type": "github"
      }
    },
    "darwin": {
      "inputs": {
        "nixpkgs": [
          "agenix",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1744478979,
        "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=",
        "owner": "lnl7",
        "repo": "nix-darwin",
        "rev": "43975d782b418ebf4969e9ccba82466728c2851b",
        "type": "github"
      },
      "original": {
        "owner": "lnl7",
        "ref": "master",
        "repo": "nix-darwin",
        "type": "github"
      }
    },
    "home-manager": {
      "inputs": {
        "nixpkgs": [
          "agenix",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1745494811,
        "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=",
        "owner": "nix-community",
        "repo": "home-manager",
        "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "home-manager",
        "type": "github"
      }
    },
    "nixpkgs": {
      "locked": {
        "lastModified": 1752436162,
@@ -18,8 +84,24 @@
    },
    "root": {
      "inputs": {
        "agenix": "agenix",
        "nixpkgs": "nixpkgs"
      }
    },
    "systems": {
      "locked": {
        "lastModified": 1681028828,
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
        "owner": "nix-systems",
        "repo": "default",
        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
        "type": "github"
      },
      "original": {
        "owner": "nix-systems",
        "repo": "default",
        "type": "github"
      }
    }
  },
  "root": "root",
--- a/flake.nix
+++ b/flake.nix
@@ -1,13 +1,15 @@
 {
  inputs = {
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05";
    agenix.url = "github:ryantm/agenix";
    agenix.inputs.nixpkgs.follows = "nixpkgs";
  };
-  outputs = { self, nixpkgs, ... }:
+  outputs = { self, nixpkgs, agenix, ... }:
 let
  mkConf = name: nixpkgs.lib.nixosSystem {
    system = "x86_64-linux";
-    specialArgs = { inherit nixpkgs; theFlake = self; };
+    specialArgs = { inherit nixpkgs agenix; theFlake = self; };
    modules = [ "${self.outPath}/m/${name}/configuration.nix" ];
  };
  # For now we only support x86
--- a/m/common/base/agenix.nix
+++ b/m/common/base/agenix.nix
@@ -1,8 +1,9 @@
-{ pkgs, ... }:
+{ agenix, ... }:
 {
-  imports = [ ../../module/agenix.nix ];
+  imports = [ agenix.nixosModules.default ];
-  # Add agenix to system packages
+  environment.systemPackages = [
-  environment.systemPackages = [ pkgs.agenix ];
+    agenix.packages.x86_64-linux.default
  ];
 }
--- a/m/common/base/env.nix
+++ b/m/common/base/env.nix
@@ -5,8 +5,8 @@
    vim wget git htop tmux pciutils tcpdump ripgrep nix-index nixos-option
    nix-diff ipmitool freeipmi ethtool lm_sensors cmake gnumake file tree
    ncdu config.boot.kernelPackages.perf ldns pv
-    # From jungle overlay
+    # From bsckgs overlay
-    osumb nixgen
+    osumb
  ];
  programs.direnv.enable = true;
--- a/m/common/base/users.nix
+++ b/m/common/base/users.nix
@@ -180,19 +180,6 @@
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFmMqKqPg4uocNOr3O41kLbZMOMJn3m2ZdN1JvTR96z3 bsccns@arnau-bsc"
        ];
      };
      aaguirre = {
        uid = 9655;
        isNormalUser = true;
        home = "/home/Computational/aaguirre";
        description = "Alejandro Aguirre";
        group = "Computational";
        hosts = [ "apex" "hut" ];
        hashedPassword = "$6$TXRXQT6jjBvxkxU6$E.sh5KspAm1qeG5Ct7OPHpo8REmbGDwjFGvqeGgTVz3GASGOAnPL7UMZsMAsAKBoahOw.v8LNno6XGrTEPzZH1";
        openssh.authorizedKeys.keys = [
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOlRX7ZCnqtUJYCxKgWmgSrFCYuA2LHY96rVwqxXPl86 aaguirre@BSC-8488184117"
        ];
      };
    };
    groups = {
--- a/m/fox/configuration.nix
+++ b/m/fox/configuration.nix
@@ -93,4 +93,20 @@
    wantedBy = [ "multi-user.target" ];
    serviceConfig.ExecStart = script;
  };
  # Only allow SSH connections from users who have a SLURM allocation
  # See: https://slurm.schedmd.com/pam_slurm_adopt.html
  security.pam.services.sshd.rules.account.slurm = {
    control = "required";
    enable = true;
    modulePath = "${pkgs.slurm}/lib/security/pam_slurm_adopt.so";
    args = [ "log_level=debug5" ];
    order = 999999; # Make it last one
  };
  # Disable systemd session (pam_systemd.so) as it will conflict with the
  # pam_slurm_adopt.so module. What happens is that the shell is first adopted
  # into the slurmstepd task and then into the systemd session, which is not
  # what we want, otherwise it will linger even if all jobs are gone.
  security.pam.services.sshd.startSession = lib.mkForce false;
 }
--- a/m/hut/configuration.nix
+++ b/m/hut/configuration.nix
@@ -17,7 +17,6 @@
    ./postgresql.nix
    ./nginx.nix
    ./p.nix
    ./ompss2-timer.nix
    #./pxe.nix
  ];
--- a/m/hut/gitea.nix
+++ b/m/hut/gitea.nix
@@ -29,9 +29,6 @@
    };
  };
  # Allow gitea user to send mail
  users.users.gitea.extraGroups = [ "mail-robot" ];
  services.gitea-actions-runner.instances = {
    runrun = {
      enable = true;
--- a/m/hut/msmtp.nix
+++ b/m/hut/msmtp.nix
@@ -1,11 +1,8 @@
 { config, lib, ... }:
 {
  # Robot user that can see the password to send mail from jungle-robot
  users.groups.mail-robot = {};
  age.secrets.jungleRobotPassword = {
    file = ../../secrets/jungle-robot-password.age;
-    group = "mail-robot";
+    group = "gitea";
    mode = "440";
  };
--- a/m/hut/nginx.nix
+++ b/m/hut/nginx.nix
@@ -4,8 +4,8 @@ let
    name = "jungle-web";
    src = pkgs.fetchgit {
      url = "https://jungle.bsc.es/git/rarias/jungle-website.git";
-      rev = "52abaf4d71652a9ef77a0b098db14ca33bffff4c";
+      rev = "739bf0175a7f05380fe7ad7023ff1d60db1710e1";
-      hash = "sha256-/ul9GazbOrOkmlvSgDz/+2W+V+ir5725Y7mVLc3rb0M=";
+      hash = "sha256-ea5DzhYTzZ9TmqD+x95rdNdLbxPnBluqlYH2NmBYmc4=";
    };
    buildInputs = [ pkgs.hugo ];
    buildPhase = ''
--- a/m/hut/ompss2-timer.nix
+++ b/m/hut/ompss2-timer.nix
@@ -1,85 +0,0 @@
 { config, pkgs, ... }:
 {
  systemd.timers = {
    "ompss2-closing" = {
      wantedBy = [ "timers.target" ];
      timerConfig = {
        Unit = "ompss2-closing.service";
        OnCalendar = [ "*-03-15 07:00:00" "*-09-15 07:00:00"];
      };
    };
    "ompss2-freeze" = {
      wantedBy = [ "timers.target" ];
      timerConfig = {
        Unit = "ompss2-freeze.service";
        OnCalendar = [ "*-04-15 07:00:00" "*-10-15 07:00:00" ];
      };
    };
    "ompss2-release" = {
      wantedBy = [ "timers.target" ];
      timerConfig = {
        Unit = "ompss2-release.service";
        OnCalendar = [ "*-05-15 07:00:00" "*-11-15 07:00:00" ];
      };
    };
  };
  systemd.services =
  let
    closing = pkgs.writeText "closing.txt"
    ''
      Subject: OmpSs-2 release enters closing period
      Hi,
      You have one month to merge the remaining features for the next OmpSs-2
      release. Please, identify what needs to be merged and discuss it in the next
      OmpSs-2 meeting.
      Thanks!,
      Jungle robot
    '';
    freeze = pkgs.writeText "freeze.txt"
    ''
      Subject: OmpSs-2 release enters freeze period
      Hi,
      The period to introduce new features or breaking changes is over, only bug
      fixes are allowed now. During this time, please prepare the release notes
      to be included in the next OmpSs-2 release.
      Thanks!,
      Jungle robot
    '';
    release = pkgs.writeText "release.txt"
    ''
      Subject: OmpSs-2 release now
      Hi,
      The period to introduce bug fixes is now over. Please, proceed to do the
      OmpSs-2 release.
      Thanks!,
      Jungle robot
    '';
    mkServ = name: mail: {
      "ompss2-${name}" = {
        script = ''
          set -eu
          set -o pipefail
          cat ${mail} | ${config.security.wrapperDir}/sendmail star@bsc.es
        '';
        serviceConfig = {
          Type = "oneshot";
          DynamicUser = true;
          Group = "mail-robot";
        };
      };
    };
  in
    (mkServ "closing" closing) //
    (mkServ "freeze" freeze) //
    (mkServ "release" release);
 }
--- a/m/module/agenix.nix
+++ b/m/module/agenix.nix
@@ -1,357 +0,0 @@
 {
  config,
  options,
  lib,
  pkgs,
  ...
 }:
 with lib;
 let
  cfg = config.age;
  isDarwin = lib.attrsets.hasAttrByPath [ "environment" "darwinConfig" ] options;
  ageBin = config.age.ageBin;
  users = config.users.users;
  sysusersEnabled =
    if isDarwin then
      false
    else
      options.systemd ? sysusers && (config.systemd.sysusers.enable || config.services.userborn.enable);
  mountCommand =
    if isDarwin then
      ''
        if ! diskutil info "${cfg.secretsMountPoint}" &> /dev/null; then
            num_sectors=1048576
            dev=$(hdiutil attach -nomount ram://"$num_sectors" | sed 's/[[:space:]]*$//')
            newfs_hfs -v agenix "$dev"
            mount -t hfs -o nobrowse,nodev,nosuid,-m=0751 "$dev" "${cfg.secretsMountPoint}"
        fi
      ''
    else
      ''
        grep -q "${cfg.secretsMountPoint} ramfs" /proc/mounts ||
          mount -t ramfs none "${cfg.secretsMountPoint}" -o nodev,nosuid,mode=0751
      '';
  newGeneration = ''
    _agenix_generation="$(basename "$(readlink ${cfg.secretsDir})" || echo 0)"
    (( ++_agenix_generation ))
    echo "[agenix] creating new generation in ${cfg.secretsMountPoint}/$_agenix_generation"
    mkdir -p "${cfg.secretsMountPoint}"
    chmod 0751 "${cfg.secretsMountPoint}"
    ${mountCommand}
    mkdir -p "${cfg.secretsMountPoint}/$_agenix_generation"
    chmod 0751 "${cfg.secretsMountPoint}/$_agenix_generation"
  '';
  chownGroup = if isDarwin then "admin" else "keys";
  # chown the secrets mountpoint and the current generation to the keys group
  # instead of leaving it root:root.
  chownMountPoint = ''
    chown :${chownGroup} "${cfg.secretsMountPoint}" "${cfg.secretsMountPoint}/$_agenix_generation"
  '';
  setTruePath = secretType: ''
    ${
      if secretType.symlink then
        ''
          _truePath="${cfg.secretsMountPoint}/$_agenix_generation/${secretType.name}"
        ''
      else
        ''
          _truePath="${secretType.path}"
        ''
    }
  '';
  installSecret = secretType: ''
    ${setTruePath secretType}
    echo "decrypting '${secretType.file}' to '$_truePath'..."
    TMP_FILE="$_truePath.tmp"
    IDENTITIES=()
    for identity in ${toString cfg.identityPaths}; do
      test -r "$identity" || continue
      test -s "$identity" || continue
      IDENTITIES+=(-i)
      IDENTITIES+=("$identity")
    done
    test "''${#IDENTITIES[@]}" -eq 0 && echo "[agenix] WARNING: no readable identities found!"
    mkdir -p "$(dirname "$_truePath")"
    [ "${secretType.path}" != "${cfg.secretsDir}/${secretType.name}" ] && mkdir -p "$(dirname "${secretType.path}")"
    (
      umask u=r,g=,o=
      test -f "${secretType.file}" || echo '[agenix] WARNING: encrypted file ${secretType.file} does not exist!'
      test -d "$(dirname "$TMP_FILE")" || echo "[agenix] WARNING: $(dirname "$TMP_FILE") does not exist!"
      LANG=${
        config.i18n.defaultLocale or "C"
      } ${ageBin} --decrypt "''${IDENTITIES[@]}" -o "$TMP_FILE" "${secretType.file}"
    )
    chmod ${secretType.mode} "$TMP_FILE"
    mv -f "$TMP_FILE" "$_truePath"
    ${optionalString secretType.symlink ''
      [ "${secretType.path}" != "${cfg.secretsDir}/${secretType.name}" ] && ln -sfT "${cfg.secretsDir}/${secretType.name}" "${secretType.path}"
    ''}
  '';
  testIdentities = map (path: ''
    test -f ${path} || echo '[agenix] WARNING: config.age.identityPaths entry ${path} not present!'
  '') cfg.identityPaths;
  cleanupAndLink = ''
    _agenix_generation="$(basename "$(readlink ${cfg.secretsDir})" || echo 0)"
    (( ++_agenix_generation ))
    echo "[agenix] symlinking new secrets to ${cfg.secretsDir} (generation $_agenix_generation)..."
    ln -sfT "${cfg.secretsMountPoint}/$_agenix_generation" ${cfg.secretsDir}
    (( _agenix_generation > 1 )) && {
    echo "[agenix] removing old secrets (generation $(( _agenix_generation - 1 )))..."
    rm -rf "${cfg.secretsMountPoint}/$(( _agenix_generation - 1 ))"
    }
  '';
  installSecrets = builtins.concatStringsSep "\n" (
    [ "echo '[agenix] decrypting secrets...'" ]
    ++ testIdentities
    ++ (map installSecret (builtins.attrValues cfg.secrets))
    ++ [ cleanupAndLink ]
  );
  chownSecret = secretType: ''
    ${setTruePath secretType}
    chown ${secretType.owner}:${secretType.group} "$_truePath"
  '';
  chownSecrets = builtins.concatStringsSep "\n" (
    [ "echo '[agenix] chowning...'" ]
    ++ [ chownMountPoint ]
    ++ (map chownSecret (builtins.attrValues cfg.secrets))
  );
  secretType = types.submodule (
    { config, ... }:
    {
      options = {
        name = mkOption {
          type = types.str;
          default = config._module.args.name;
          defaultText = literalExpression "config._module.args.name";
          description = ''
            Name of the file used in {option}`age.secretsDir`
          '';
        };
        file = mkOption {
          type = types.path;
          description = ''
            Age file the secret is loaded from.
          '';
        };
        path = mkOption {
          type = types.str;
          default = "${cfg.secretsDir}/${config.name}";
          defaultText = literalExpression ''
            "''${cfg.secretsDir}/''${config.name}"
          '';
          description = ''
            Path where the decrypted secret is installed.
          '';
        };
        mode = mkOption {
          type = types.str;
          default = "0400";
          description = ''
            Permissions mode of the decrypted secret in a format understood by chmod.
          '';
        };
        owner = mkOption {
          type = types.str;
          default = "0";
          description = ''
            User of the decrypted secret.
          '';
        };
        group = mkOption {
          type = types.str;
          default = users.${config.owner}.group or "0";
          defaultText = literalExpression ''
            users.''${config.owner}.group or "0"
          '';
          description = ''
            Group of the decrypted secret.
          '';
        };
        symlink = mkEnableOption "symlinking secrets to their destination" // {
          default = true;
        };
      };
    }
  );
 in
 {
  imports = [
    (mkRenamedOptionModule [ "age" "sshKeyPaths" ] [ "age" "identityPaths" ])
  ];
  options.age = {
    ageBin = mkOption {
      type = types.str;
      default = "${pkgs.age}/bin/age";
      defaultText = literalExpression ''
        "''${pkgs.age}/bin/age"
      '';
      description = ''
        The age executable to use.
      '';
    };
    secrets = mkOption {
      type = types.attrsOf secretType;
      default = { };
      description = ''
        Attrset of secrets.
      '';
    };
    secretsDir = mkOption {
      type = types.path;
      default = "/run/agenix";
      description = ''
        Folder where secrets are symlinked to
      '';
    };
    secretsMountPoint = mkOption {
      type =
        types.addCheck types.str (
          s:
          (builtins.match "[ \t\n]*" s) == null # non-empty
          && (builtins.match ".+/" s) == null
        ) # without trailing slash
        // {
          description = "${types.str.description} (with check: non-empty without trailing slash)";
        };
      default = "/run/agenix.d";
      description = ''
        Where secrets are created before they are symlinked to {option}`age.secretsDir`
      '';
    };
    identityPaths = mkOption {
      type = types.listOf types.path;
      default =
        if isDarwin then
          [
            "/etc/ssh/ssh_host_ed25519_key"
            "/etc/ssh/ssh_host_rsa_key"
          ]
        else if (config.services.openssh.enable or false) then
          map (e: e.path) (
            lib.filter (e: e.type == "rsa" || e.type == "ed25519") config.services.openssh.hostKeys
          )
        else
          [ ];
      defaultText = literalExpression ''
        if isDarwin
        then [
          "/etc/ssh/ssh_host_ed25519_key"
          "/etc/ssh/ssh_host_rsa_key"
        ]
        else if (config.services.openssh.enable or false)
        then map (e: e.path) (lib.filter (e: e.type == "rsa" || e.type == "ed25519") config.services.openssh.hostKeys)
        else [];
      '';
      description = ''
        Path to SSH keys to be used as identities in age decryption.
      '';
    };
  };
  config = mkIf (cfg.secrets != { }) (mkMerge [
    {
      assertions = [
        {
          assertion = cfg.identityPaths != [ ];
          message = "age.identityPaths must be set, for example by enabling openssh.";
        }
      ];
    }
    (optionalAttrs (!isDarwin) {
      # When using sysusers we no longer be started as an activation script
      # because those are started in initrd while sysusers is started later.
      systemd.services.agenix-install-secrets = mkIf sysusersEnabled {
        wantedBy = [ "sysinit.target" ];
        after = [ "systemd-sysusers.service" ];
        unitConfig.DefaultDependencies = "no";
        path = [ pkgs.mount ];
        serviceConfig = {
          Type = "oneshot";
          ExecStart = pkgs.writeShellScript "agenix-install" (concatLines [
            newGeneration
            installSecrets
            chownSecrets
          ]);
          RemainAfterExit = true;
        };
      };
      # Create a new directory full of secrets for symlinking (this helps
      # ensure removed secrets are actually removed, or at least become
      # invalid symlinks).
      system.activationScripts = mkIf (!sysusersEnabled) {
        agenixNewGeneration = {
          text = newGeneration;
          deps = [
            "specialfs"
          ];
        };
        agenixInstall = {
          text = installSecrets;
          deps = [
            "agenixNewGeneration"
            "specialfs"
          ];
        };
        # So user passwords can be encrypted.
        users.deps = [ "agenixInstall" ];
        # Change ownership and group after users and groups are made.
        agenixChown = {
          text = chownSecrets;
          deps = [
            "users"
            "groups"
          ];
        };
        # So other activation scripts can depend on agenix being done.
        agenix = {
          text = "";
          deps = [ "agenixChown" ];
        };
      };
    })
    (optionalAttrs isDarwin {
      launchd.daemons.activate-agenix = {
        script = ''
          set -e
          set -o pipefail
          export PATH="${pkgs.gnugrep}/bin:${pkgs.coreutils}/bin:@out@/sw/bin:/usr/bin:/bin:/usr/sbin:/sbin"
          ${newGeneration}
          ${installSecrets}
          ${chownSecrets}
          exit 0
        '';
        serviceConfig = {
          RunAtLoad = true;
          KeepAlive.SuccessfulExit = false;
        };
      };
    })
  ]);
 }
--- a/m/module/slurm-client.nix
+++ b/m/module/slurm-client.nix
@@ -1,4 +1,4 @@
-{ lib, pkgs, ... }:
+{ lib, ... }:
 {
  imports = [
@@ -21,20 +21,4 @@
  };
  services.slurm.client.enable = true;
  # Only allow SSH connections from users who have a SLURM allocation
  # See: https://slurm.schedmd.com/pam_slurm_adopt.html
  security.pam.services.sshd.rules.account.slurm = {
    control = "required";
    enable = true;
    modulePath = "${pkgs.slurm}/lib/security/pam_slurm_adopt.so";
    args = [ "log_level=debug5" ];
    order = 999999; # Make it last one
  };
  # Disable systemd session (pam_systemd.so) as it will conflict with the
  # pam_slurm_adopt.so module. What happens is that the shell is first adopted
  # into the slurmstepd task and then into the systemd session, which is not
  # what we want, otherwise it will linger even if all jobs are gone.
  security.pam.services.sshd.startSession = lib.mkForce false;
 }
--- a/m/module/slurm-common.nix
+++ b/m/module/slurm-common.nix
@@ -1,6 +1,31 @@
 { config, pkgs, ... }:
-{
+let
  suspendProgram = pkgs.writeShellScript "suspend.sh" ''
    exec 1>>/var/log/power_save.log 2>>/var/log/power_save.log
    set -x
    export "PATH=/run/current-system/sw/bin:$PATH"
    echo "$(date) Suspend invoked $0 $*" >> /var/log/power_save.log
    hosts=$(scontrol show hostnames $1)
    for host in $hosts; do
      echo Shutting down host: $host
      ipmitool -I lanplus -H ''${host}-ipmi -P "" -U "" chassis power off
    done
  '';
  resumeProgram = pkgs.writeShellScript "resume.sh" ''
    exec 1>>/var/log/power_save.log 2>>/var/log/power_save.log
    set -x
    export "PATH=/run/current-system/sw/bin:$PATH"
    echo "$(date) Suspend invoked $0 $*" >> /var/log/power_save.log
    hosts=$(scontrol show hostnames $1)
    for host in $hosts; do
      echo Starting host: $host
      ipmitool -I lanplus -H ''${host}-ipmi -P "" -U "" chassis power on
    done
  '';
 in {
  services.slurm = {
    controlMachine = "apex";
    clusterName = "jungle";
@@ -34,6 +59,16 @@
      # the resources. Use the task/cgroup plugin to enable process containment.
      TaskPlugin=task/affinity,task/cgroup
      # Power off unused nodes until they are requested
      SuspendProgram=${suspendProgram}
      SuspendTimeout=60
      ResumeProgram=${resumeProgram}
      ResumeTimeout=300
      SuspendExcNodes=fox
      # Turn the nodes off after 1 hour of inactivity
      SuspendTime=3600
      # Reduce port range so we can allow only this range in the firewall
      SrunPortRange=60000-61000
@@ -51,7 +86,9 @@
      # when a task runs (srun) so we can ssh early.
      PrologFlags=Alloc,Contain,X11
-      LaunchParameters=use_interactive_step
+      # LaunchParameters=ulimit_pam_adopt will set RLIMIT_RSS in processes
      # adopted by the external step, similar to tasks running in regular steps
      # LaunchParameters=ulimit_pam_adopt
      SlurmdDebug=debug5
      #DebugFlags=Protocol,Cgroup
    '';
--- a/m/tent/nginx.nix
+++ b/m/tent/nginx.nix
@@ -4,8 +4,8 @@ let
    name = "jungle-web";
    src = pkgs.fetchgit {
      url = "https://jungle.bsc.es/git/rarias/jungle-website.git";
-      rev = "52abaf4d71652a9ef77a0b098db14ca33bffff4c";
+      rev = "739bf0175a7f05380fe7ad7023ff1d60db1710e1";
-      hash = "sha256-/ul9GazbOrOkmlvSgDz/+2W+V+ir5725Y7mVLc3rb0M=";
+      hash = "sha256-ea5DzhYTzZ9TmqD+x95rdNdLbxPnBluqlYH2NmBYmc4=";
    };
    buildInputs = [ pkgs.hugo ];
    buildPhase = ''
--- a/overlay.nix
+++ b/overlay.nix
@@ -1,12 +1,12 @@
 final: /* Future last stage */
 prev:  /* Previous stage */
 with final.lib;
 let
  lib = prev.lib;
  callPackage = final.callPackage;
  bscPkgs = {
    agenix = prev.callPackage ./pkgs/agenix/default.nix { };
    amd-uprof = prev.callPackage ./pkgs/amd-uprof/default.nix { };
    bench6 = callPackage ./pkgs/bench6/default.nix { };
    bigotes = callPackage ./pkgs/bigotes/default.nix { };
@@ -35,9 +35,7 @@ let
    mpich = callPackage ./pkgs/mpich/default.nix { mpich = prev.mpich; };
    nanos6 = callPackage ./pkgs/nanos6/default.nix { };
    nanos6Debug = final.nanos6.override { enableDebug = true; };
    nix = callPackage ./pkgs/nix/default.nix { nix = prev.nix; };
    nixtools = callPackage ./pkgs/nixtools/default.nix { };
    nixgen = callPackage ./pkgs/nixgen/default.nix { };
    # Broken because of pkgsStatic.libcap
    # See: https://github.com/NixOS/nixpkgs/pull/268791
    #nix-wrap = callPackage ./pkgs/nix-wrap/default.nix { };
@@ -52,7 +50,6 @@ let
    prometheus-slurm-exporter = prev.callPackage ./pkgs/slurm-exporter/default.nix { };
    #pscom = callPackage ./pkgs/parastation/pscom.nix { }; # Unmaintaned
    #psmpi = callPackage ./pkgs/parastation/psmpi.nix { }; # Unmaintaned
    slurm = import ./pkgs/slurm/default.nix { slurm = prev.slurm; };
    sonar = callPackage ./pkgs/sonar/default.nix { };
    stdenvClangOmpss2 = final.stdenv.override { cc = final.clangOmpss2; allowedRequisites = null; };
    stdenvClangOmpss2Nanos6 = final.stdenv.override { cc = final.clangOmpss2Nanos6; allowedRequisites = null; };
@@ -97,23 +94,18 @@ let
    };
  };
  # Load our custom lib functions with import, callPackage fails.
  lib' = import ./pkgs/lib.nix { lib = prev.lib; };
  # For now, only build toplevel packages in CI/Hydra
-  pkgsTopLevel = lib.filterAttrs (_: lib.isDerivation) bscPkgs;
+  pkgsTopLevel = filterAttrs (_: isDerivation) bscPkgs;
  # Native build in that platform doesn't imply cross build works
-  canCrossCompile = platform: default: pkg:
+  canCrossCompile = platform: pkg:
-    (lib.isDerivation pkg) &&
+    (isDerivation pkg) &&
-    # If meta.cross is undefined, use default
+    # Must be defined explicitly
-    (pkg.meta.cross or default) &&
+    (pkg.meta.cross or false) &&
-    (lib.meta.availableOn final.pkgsCross.${platform}.stdenv.hostPlatform pkg);
+    (meta.availableOn platform pkg);
  # For now only RISC-V
-  crossSet = lib.genAttrs [ "riscv64" ] (platform:
+  crossSet = { riscv64 = final.pkgsCross.riscv64.bsc.pkgsTopLevel; };
    lib.filterAttrs (_: canCrossCompile platform true)
      final.pkgsCross.${platform}.bsc.pkgsTopLevel);
  buildList = name: paths:
    final.runCommandLocal name { } ''
@@ -128,17 +120,21 @@ let
    '';
  pkgsList = buildList "ci-pkgs" (builtins.attrValues pkgsTopLevel);
-  testsList = buildList "ci-tests" (lib.collect lib.isDerivation tests);
+  testsList = buildList "ci-tests" (collect isDerivation tests);
  allList = buildList' "ci-all" [ pkgsList testsList ];
  # For now only RISC-V
  crossList = buildList "ci-cross"
-    (lib.filter
+    (filter
-      (canCrossCompile "riscv64" false) # opt-in (pkgs with: meta.cross = true)
+      (canCrossCompile final.pkgsCross.riscv64.stdenv.hostPlatform)
        (builtins.attrValues crossSet.riscv64));
 in bscPkgs // {
-  lib = lib';
+  lib = prev.lib // {
    maintainers = prev.lib.maintainers // {
      bsc = import ./pkgs/maintainers.nix;
    };
  };
  # Prevent accidental usage of bsc-ci attribute
  bsc-ci = throw "the bsc-ci attribute is deprecated, use bsc.ci";
--- a/pkgs/agenix/agenix.sh
+++ b/pkgs/agenix/agenix.sh
@@ -1,212 +0,0 @@
 #!/usr/bin/env bash
 set -Eeuo pipefail
 PACKAGE="agenix"
 function show_help () {
  echo "$PACKAGE - edit and rekey age secret files"
  echo " "
  echo "$PACKAGE -e FILE [-i PRIVATE_KEY]"
  echo "$PACKAGE -r [-i PRIVATE_KEY]"
  echo ' '
  echo 'options:'
  echo '-h, --help                show help'
  # shellcheck disable=SC2016
  echo '-e, --edit FILE           edits FILE using $EDITOR'
  echo '-r, --rekey               re-encrypts all secrets with specified recipients'
  echo '-d, --decrypt FILE        decrypts FILE to STDOUT'
  echo '-i, --identity            identity to use when decrypting'
  echo '-v, --verbose             verbose output'
  echo ' '
  echo 'FILE an age-encrypted file'
  echo ' '
  echo 'PRIVATE_KEY a path to a private SSH key used to decrypt file'
  echo ' '
  echo 'EDITOR environment variable of editor to use when editing FILE'
  echo ' '
  echo 'If STDIN is not interactive, EDITOR will be set to "cp /dev/stdin"'
  echo ' '
  echo 'RULES environment variable with path to Nix file specifying recipient public keys.'
  echo "Defaults to './secrets.nix'"
  echo ' '
  echo "agenix version: @version@"
  echo "age binary path: @ageBin@"
  echo "age version: $(@ageBin@ --version)"
 }
 function warn() {
  printf '%s\n' "$*" >&2
 }
 function err() {
  warn "$*"
  exit 1
 }
 test $# -eq 0 && (show_help && exit 1)
 REKEY=0
 DECRYPT_ONLY=0
 DEFAULT_DECRYPT=(--decrypt)
 while test $# -gt 0; do
  case "$1" in
    -h|--help)
      show_help
      exit 0
      ;;
    -e|--edit)
      shift
      if test $# -gt 0; then
        export FILE=$1
      else
        echo "no FILE specified"
        exit 1
      fi
      shift
      ;;
    -i|--identity)
      shift
      if test $# -gt 0; then
        DEFAULT_DECRYPT+=(--identity "$1")
      else
        echo "no PRIVATE_KEY specified"
        exit 1
      fi
      shift
      ;;
    -r|--rekey)
      shift
      REKEY=1
      ;;
    -d|--decrypt)
      shift
      DECRYPT_ONLY=1
      if test $# -gt 0; then
        export FILE=$1
      else
        echo "no FILE specified"
        exit 1
      fi
      shift
      ;;
    -v|--verbose)
      shift
      set -x
      ;;
    *)
      show_help
      exit 1
      ;;
  esac
 done
 RULES=${RULES:-./secrets.nix}
 function cleanup {
    if [ -n "${CLEARTEXT_DIR+x}" ]
    then
        rm -rf -- "$CLEARTEXT_DIR"
    fi
    if [ -n "${REENCRYPTED_DIR+x}" ]
    then
        rm -rf -- "$REENCRYPTED_DIR"
    fi
 }
 trap "cleanup" 0 2 3 15
 function keys {
    (@nixInstantiate@ --json --eval --strict -E "(let rules = import $RULES; in rules.\"$1\".publicKeys)" | @jqBin@ -r .[]) || exit 1
 }
 function armor {
    (@nixInstantiate@ --json --eval --strict -E "(let rules = import $RULES; in (builtins.hasAttr \"armor\" rules.\"$1\" && rules.\"$1\".armor))") || exit 1
 }
 function decrypt {
    FILE=$1
    KEYS=$2
    if [ -z "$KEYS" ]
    then
        err "There is no rule for $FILE in $RULES."
    fi
    if [ -f "$FILE" ]
    then
        DECRYPT=("${DEFAULT_DECRYPT[@]}")
        if [[ "${DECRYPT[*]}" != *"--identity"* ]]; then
            if [ -f "$HOME/.ssh/id_rsa" ]; then
                DECRYPT+=(--identity "$HOME/.ssh/id_rsa")
            fi
            if [ -f "$HOME/.ssh/id_ed25519" ]; then
                DECRYPT+=(--identity "$HOME/.ssh/id_ed25519")
            fi
        fi
        if [[ "${DECRYPT[*]}" != *"--identity"* ]]; then
          err "No identity found to decrypt $FILE. Try adding an SSH key at $HOME/.ssh/id_rsa or $HOME/.ssh/id_ed25519 or using the --identity flag to specify a file."
        fi
        @ageBin@ "${DECRYPT[@]}" -- "$FILE" || exit 1
    fi
 }
 function edit {
    FILE=$1
    KEYS=$(keys "$FILE") || exit 1
    ARMOR=$(armor "$FILE") || exit 1
    CLEARTEXT_DIR=$(@mktempBin@ -d)
    CLEARTEXT_FILE="$CLEARTEXT_DIR/$(basename -- "$FILE")"
    DEFAULT_DECRYPT+=(-o "$CLEARTEXT_FILE")
    decrypt "$FILE" "$KEYS" || exit 1
    [ ! -f "$CLEARTEXT_FILE" ] || cp -- "$CLEARTEXT_FILE" "$CLEARTEXT_FILE.before"
    [ -t 0 ] || EDITOR='cp -- /dev/stdin'
    $EDITOR "$CLEARTEXT_FILE"
    if [ ! -f "$CLEARTEXT_FILE" ]
    then
      warn "$FILE wasn't created."
      return
    fi
    [ -f "$FILE" ] && [ "$EDITOR" != ":" ] && @diffBin@ -q -- "$CLEARTEXT_FILE.before" "$CLEARTEXT_FILE" && warn "$FILE wasn't changed, skipping re-encryption." && return
    ENCRYPT=()
    if [[ "$ARMOR" == "true" ]]; then
        ENCRYPT+=(--armor)
    fi
    while IFS= read -r key
    do
        if [ -n "$key" ]; then
            ENCRYPT+=(--recipient "$key")
        fi
    done <<< "$KEYS"
    REENCRYPTED_DIR=$(@mktempBin@ -d)
    REENCRYPTED_FILE="$REENCRYPTED_DIR/$(basename -- "$FILE")"
    ENCRYPT+=(-o "$REENCRYPTED_FILE")
    @ageBin@ "${ENCRYPT[@]}" <"$CLEARTEXT_FILE" || exit 1
    mkdir -p -- "$(dirname -- "$FILE")"
    mv -f -- "$REENCRYPTED_FILE" "$FILE"
 }
 function rekey {
    FILES=$( (@nixInstantiate@ --json --eval -E "(let rules = import $RULES; in builtins.attrNames rules)"  | @jqBin@ -r .[]) || exit 1)
    for FILE in $FILES
    do
        warn "rekeying $FILE..."
        EDITOR=: edit "$FILE"
        cleanup
    done
 }
 [ $REKEY -eq 1 ] && rekey && exit 0
 [ $DECRYPT_ONLY -eq 1 ] && DEFAULT_DECRYPT+=("-o" "-") && decrypt "${FILE}" "$(keys "$FILE")" && exit 0
 edit "$FILE" && cleanup && exit 0
--- a/pkgs/agenix/default.nix
+++ b/pkgs/agenix/default.nix
@@ -1,66 +0,0 @@
 {
  lib,
  stdenv,
  age,
  jq,
  nix,
  mktemp,
  diffutils,
  replaceVars,
  ageBin ? "${age}/bin/age",
  shellcheck,
 }:
 let
  bin = "${placeholder "out"}/bin/agenix";
 in
 stdenv.mkDerivation rec {
  pname = "agenix";
  version = "0.15.0";
  src = replaceVars ./agenix.sh {
    inherit ageBin version;
    jqBin = "${jq}/bin/jq";
    nixInstantiate = "${nix}/bin/nix-instantiate";
    mktempBin = "${mktemp}/bin/mktemp";
    diffBin = "${diffutils}/bin/diff";
  };
  dontUnpack = true;
  doInstallCheck = true;
  installCheckInputs = [ shellcheck ];
  postInstallCheck = ''
    shellcheck ${bin}
    ${bin} -h | grep ${version}
    test_tmp=$(mktemp -d 2>/dev/null || mktemp -d -t 'mytmpdir')
    export HOME="$test_tmp/home"
    export NIX_STORE_DIR="$test_tmp/nix/store"
    export NIX_STATE_DIR="$test_tmp/nix/var"
    mkdir -p "$HOME" "$NIX_STORE_DIR" "$NIX_STATE_DIR"
    function cleanup {
      rm -rf "$test_tmp"
    }
    trap "cleanup" 0 2 3 15
    mkdir -p $HOME/.ssh
    cp -r "${./example}" $HOME/secrets
    chmod -R u+rw $HOME/secrets
    (
    umask u=rw,g=r,o=r
    cp ${./example_keys/user1.pub} $HOME/.ssh/id_ed25519.pub
    chown $UID $HOME/.ssh/id_ed25519.pub
    )
    (
    umask u=rw,g=,o=
    cp ${./example_keys/user1} $HOME/.ssh/id_ed25519
    chown $UID $HOME/.ssh/id_ed25519
    )
    cd $HOME/secrets
    test $(${bin} -d secret1.age) = "hello"
  '';
  installPhase = ''
    install -D $src ${bin}
  '';
  meta.description = "age-encrypted secrets for NixOS";
 }
--- a/pkgs/agenix/example/-leading-hyphen-filename.age
+++ b/pkgs/agenix/example/-leading-hyphen-filename.age
@@ -1,7 +0,0 @@
 age-encryption.org/v1
 -> ssh-ed25519 V3XmEA zirqdzZZ1E+sedBn7fbEHq4ntLEkokZ4GctarBBOHXY
 Rvs5YHaAUeCZyNwPedubPcHClWYIuXXWA5zadXPWY6w
 -> ssh-ed25519 KLPP8w BVp4rDkOYSQyn8oVeHFeinSqW+pdVtxBF9+5VM1yORY
 bMwppAi8Nhz0328taU4AzUkTVyWtSLvFZG6c5W/Fs78
 --- xCbqLhXAcOziO2wmbjTiSQfZvt5Rlsc4SCvF+iEzpQA
 <EFBFBD>KB<EFBFBD><EFBFBD>/<2F>Z<><5A>r<EFBFBD>%<01><>4<EFBFBD><34><EFBFBD>Mq5<71><35>_<EFBFBD><5F>ݒ<><DD92><EFBFBD><EFBFBD><EFBFBD>11ܨqM;& <20><>Lr<4C><72><EFBFBD>f<EFBFBD><66><EFBFBD>]>N
--- a/pkgs/agenix/example/armored-secret.age
+++ b/pkgs/agenix/example/armored-secret.age
@@ -1,7 +0,0 @@
 -----BEGIN AGE ENCRYPTED FILE-----
 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFYzWG1FQSBpZkZW
 aFpLNnJxc0VUMHRmZ2dZS0pjMGVENnR3OHd5K0RiT1RjRUhibFZBCnN5UG5vUjA3
 SXpsNGtiVUw4T0tIVFo5Wkk5QS9NQlBndzVvektiQ0ozc0kKLS0tIGxyY1Q4dEZ1
 VGZEanJyTFNta2JNRmpZb2FnK2JyS1hSVml1UGdMNWZKQXMKYla+wTXcRedyZoEb
 LVWaSx49WoUTU0KBPJg9RArxaeC23GoCDzR/aM/1DvYU
 -----END AGE ENCRYPTED FILE-----
--- a/pkgs/agenix/example/passwordfile-user1.age
+++ b/pkgs/agenix/example/passwordfile-user1.age
@@ -1,9 +0,0 @@
 age-encryption.org/v1
 -> ssh-ed25519 KLPP8w s1DYZRlZuSsyhmZCF1lFB+E9vB8bZ/+ZhBRlx8nprwE
 nmYVCsVBrX2CFXXPU+D+bbkkIe/foofp+xoUrg9DHZw
 -> ssh-ed25519 V3XmEA Pwv3oCwcY0DX8rY48UNfsj9RumWsn4dbgorYHCwObgI
 FKxRYkL3JHtJxUwymWDF0rAtJ33BivDI6IfPsfumM90
 -> V'v(/u$-grease em/Vgf 2qDuk
 7I3iiQLPGi1COML9u/JeYkr7EqbSLoU
 --- 57WJRigUGtmcObrssS3s4PvmR8wgh1AOC/ijJn1s3xI
 <EFBFBD>'K<>ƷY&<26>7G<37>O<EFBFBD><4F>Fj<13>k<EFBFBD>X<EFBFBD><58>BnuJ<75><4A>:9<>(<><7F><EFBFBD>X<EFBFBD>#<23>A<EFBFBD><41><EFBFBD><EFBFBD>ڧj<DAA7>,<02>_<17><><EFBFBD>?<3F>Z<EFBFBD><17>v<EFBFBD><76>V<EFBFBD>96]oks~%<25>c	<04>e^C<>%JQ5<51><H<>z}<7D>C<EFBFBD>,<2C>p<EFBFBD><70>*!W<><57><EFBFBD>A<EFBFBD><41><EFBFBD>҅dC<15>K)<10><>-<2D>y
--- a/pkgs/agenix/example/secret1.age
+++ b/pkgs/agenix/example/secret1.age
--- a/pkgs/agenix/example/secret2.age
+++ b/pkgs/agenix/example/secret2.age
@@ -1,5 +0,0 @@
 age-encryption.org/v1
 -> ssh-ed25519 V3XmEA OB4+1FbPhQ3r6iGksM7peWX5it8NClpXIq/o5nnP7GA
 FmHVUj+A5i5+bDFgySQskmlvynnosJiWUTJmBRiNA9I
 --- tP+3mFVtd7ogVu1Lkboh55zoi5a77Ht08Uc/QuIviv4
 <EFBFBD><EFBFBD>X<EFBFBD>{<7B><>O<EFBFBD><4F><1F><04>tMXx<58>vӪ(<28>I<EFBFBD>myP<79><50><EFBFBD><EFBFBD>+3<>S3i
--- a/pkgs/agenix/example/secrets.nix
+++ b/pkgs/agenix/example/secrets.nix
@@ -1,23 +0,0 @@
 let
  user1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL0idNvgGiucWgup/mP78zyC23uFjYq0evcWdjGQUaBH";
  system1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPJDyIr/FSz1cJdcoW69R+NrWzwGK/+3gJpqD1t8L2zE";
 in
 {
  "secret1.age".publicKeys = [
    user1
    system1
  ];
  "secret2.age".publicKeys = [ user1 ];
  "passwordfile-user1.age".publicKeys = [
    user1
    system1
  ];
  "-leading-hyphen-filename.age".publicKeys = [
    user1
    system1
  ];
  "armored-secret.age" = {
    publicKeys = [ user1 ];
    armor = true;
  };
 }
--- a/pkgs/agenix/example_keys/system1
+++ b/pkgs/agenix/example_keys/system1
@@ -1,7 +0,0 @@
 -----BEGIN OPENSSH PRIVATE KEY-----
 b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
 QyNTUxOQAAACDyQ8iK/xUs9XCXXKFuvUfja1s8Biv/t4Caag9bfC9sxAAAAJA3yvCWN8rw
 lgAAAAtzc2gtZWQyNTUxOQAAACDyQ8iK/xUs9XCXXKFuvUfja1s8Biv/t4Caag9bfC9sxA
 AAAEA+J2V6AG1NriAIvnNKRauIEh1JE9HSdhvKJ68a5Fm0w/JDyIr/FSz1cJdcoW69R+Nr
 WzwGK/+3gJpqD1t8L2zEAAAADHJ5YW50bUBob21lMQE=
 -----END OPENSSH PRIVATE KEY-----
--- a/pkgs/agenix/example_keys/system1.pub
+++ b/pkgs/agenix/example_keys/system1.pub
@@ -1 +0,0 @@
 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPJDyIr/FSz1cJdcoW69R+NrWzwGK/+3gJpqD1t8L2zE
--- a/pkgs/agenix/example_keys/user1
+++ b/pkgs/agenix/example_keys/user1
@@ -1,7 +0,0 @@
 -----BEGIN OPENSSH PRIVATE KEY-----
 b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
 QyNTUxOQAAACC9InTb4BornFoLqf5j+/M8gtt7hY2KtHr3FnYxkFGgRwAAAJC2JJ8htiSf
 IQAAAAtzc2gtZWQyNTUxOQAAACC9InTb4BornFoLqf5j+/M8gtt7hY2KtHr3FnYxkFGgRw
 AAAEDxt5gC/s53IxiKAjfZJVCCcFIsdeERdIgbYhLO719+Kb0idNvgGiucWgup/mP78zyC
 23uFjYq0evcWdjGQUaBHAAAADHJ5YW50bUBob21lMQE=
 -----END OPENSSH PRIVATE KEY-----
--- a/pkgs/agenix/example_keys/user1.pub
+++ b/pkgs/agenix/example_keys/user1.pub
@@ -1 +0,0 @@
 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL0idNvgGiucWgup/mP78zyC23uFjYq0evcWdjGQUaBH
--- a/pkgs/agenix/update.sh
+++ b/pkgs/agenix/update.sh
@@ -1,23 +0,0 @@
 #!/bin/sh
 set -e
 # All operations are done relative to root
 GITROOT=$(git rev-parse --show-toplevel)
 cd "$GITROOT"
 REVISION=${1:-main}
 TMPCLONE=$(mktemp -d)
 trap "rm -rf ${TMPCLONE}" EXIT
 git clone https://github.com/ryantm/agenix.git --revision="$REVISION" "$TMPCLONE" --depth=1
 cp "${TMPCLONE}/pkgs/agenix.sh" pkgs/agenix/agenix.sh
 cp "${TMPCLONE}/pkgs/agenix.nix" pkgs/agenix/default.nix
 sed -i 's#../example#./example#' pkgs/agenix/default.nix
 cp "${TMPCLONE}/example/"* pkgs/agenix/example/
 cp "${TMPCLONE}/example_keys/"* pkgs/agenix/example_keys/
 cp "${TMPCLONE}/modules/age.nix" m/module/agenix.nix
--- a/pkgs/amd-uprof/default.nix
+++ b/pkgs/amd-uprof/default.nix
@@ -86,13 +86,4 @@ in
      patchelf --add-needed libnuma.so $out/bin/AMDuProfPcm
      set +x
    '';
    meta = {
      description = "Performance analysis tool-suite for x86 based applications";
      homepage = "https://www.amd.com/es/developer/uprof.html";
      platforms = [ "x86_64-linux" ];
      license = lib.licenses.unfree;
      maintainers = with lib.maintainers.bsc; [ rarias varcila ];
    };
  }
--- a/pkgs/amd-uprof/driver.nix
+++ b/pkgs/amd-uprof/driver.nix
@@ -30,6 +30,6 @@ in stdenv.mkDerivation {
    homepage = "https://www.amd.com/es/developer/uprof.html";
    platforms = lib.platforms.linux;
    license = lib.licenses.unfree;
-    maintainers = with lib.maintainers.bsc; [ rarias varcila ];
+    maintainers = with lib.maintainers.bsc; [ rarias ];
  };
 }
--- a/pkgs/bench6/default.nix
+++ b/pkgs/bench6/default.nix
@@ -14,19 +14,16 @@
 , openblas
 , ovni
 , gitBranch ? "master"
 , gitURL ? "ssh://git@bscpm04.bsc.es/rarias/bench6.git"
 , gitCommit ? "bf29a53113737c3aa74d2fe3d55f59868faea7b4"
 , gitUrls ? [
  "ssh://git@bscpm04.bsc.es/rarias/bench6.git"
  "https://github.com/rodarima/bench6.git"
 ]
 }:
 stdenv.mkDerivation rec {
  pname = "bench6";
  version = "${src.shortRev}";
-  src = lib.fetchGitMirror {
+  src = builtins.fetchGit {
-    urls = gitUrls;
+    url = gitURL;
    ref = gitBranch;
    rev = gitCommit;
  };
--- a/pkgs/cudainfo/default.nix
+++ b/pkgs/cudainfo/default.nix
@@ -1,6 +1,5 @@
 {
  stdenv
 , lib
 , cudatoolkit
 , cudaPackages
 , autoAddDriverRunpath
@@ -41,9 +40,4 @@ stdenv.mkDerivation (finalAttrs: {
    '';
    installPhase = "touch $out";
  };
  meta = {
    platforms = [ "x86_64-linux" ];
    maintainers = with lib.maintainers.bsc; [ rarias ];
  };
 })
--- a/pkgs/gpi-2/default.nix
+++ b/pkgs/gpi-2/default.nix
@@ -9,6 +9,7 @@
 , automake
 , libtool
 , mpi
 , rsync
 , gfortran
 }:
@@ -43,24 +44,13 @@ stdenv.mkDerivation rec {
  configureFlags = [
    "--with-infiniband=${rdma-core-all}"
-    "--with-mpi=yes" # fixes mpi detection when cross-compiling
+    "--with-mpi=${mpiAll}"
    "--with-slurm"
    "CFLAGS=-fPIC"
    "CXXFLAGS=-fPIC"
  ];
-  nativeBuildInputs = [
+  buildInputs = [ slurm mpiAll rdma-core-all autoconf automake libtool rsync gfortran ];
    autoconf
    automake
    gfortran
    libtool
  ];
  buildInputs = [
    slurm
    mpiAll
    rdma-core-all
  ];
  hardeningDisable = [ "all" ];
@@ -70,6 +60,5 @@ stdenv.mkDerivation rec {
    maintainers = with lib.maintainers.bsc; [ rarias ];
    platforms = lib.platforms.linux;
    license = lib.licenses.gpl3Plus;
    cross = false; # infiniband detection does not work
  };
 }
--- a/pkgs/lib.nix
+++ b/pkgs/lib.nix
@@ -1,30 +0,0 @@
 { lib }:
 let
  # If not supported, fall back to tryEval, which will fail in the first case.
  safeCatchAll = if (builtins ? catchAll)
    then builtins.catchAll
    else e: (builtins.tryEval e) // { msg = ""; };
 in lib.extend (_: lib: {
  # Same as fetchGit but accepts a list of mirror urls
  fetchGitMirror = { urls, ... } @ args:
  let
    cleanArgs = lib.removeAttrs args [ "urls" ];
    fetchUrl = url: builtins.fetchGit (cleanArgs // { inherit url; });
    safeFetch = url: safeCatchAll (fetchUrl url);
    complain = url:
    let
      r = safeFetch url;
    in
      if (r.success) then r
      else lib.warn "cannot fetch ${url}, trying next
      mirror:${builtins.replaceStrings ["\n" ] ["\n> "] ("\n"+r.msg)}" r;
    fetchList = lib.map (url: complain url) urls;
    bad = throw "cannot fetch from any mirror";
    good = lib.findFirst (e: e.success) bad fetchList;
  in good.value;
  maintainers = lib.maintainers // {
    bsc = import ./maintainers.nix;
  };
 })
--- a/pkgs/llvm-ompss2/clang.nix
+++ b/pkgs/llvm-ompss2/clang.nix
@@ -16,19 +16,19 @@
 , useGit ? false
 , gitUrl ? "ssh://git@bscpm04.bsc.es/llvm-ompss/llvm-mono.git"
 , gitBranch ? "master"
-, gitCommit ? "872ba63f86edaefc9787984ef3fae9f2f94e0124" # github-release-2025.11
+, gitCommit ? "880e2341c56bad1dc14e8c369fb3356bec19018e"
 }:
 let
  stdenv = llvmPackages_latest.stdenv;
  release = rec {
-    version = "2025.11";
+    version = "2025.06";
    src = fetchFromGitHub {
      owner = "bsc-pm";
      repo = "llvm";
      rev = "refs/tags/github-release-${version}";
-      hash = "sha256-UgwMTUkM9Z87dDH205swZFBeFhrcbLAxginViG40pBM=";
+      hash = "sha256-ww9PpRmtz/M9IyLiZ8rAehx2UW4VpQt+svf4XfKBzKo=";
    };
  };
--- a/pkgs/maintainers.nix
+++ b/pkgs/maintainers.nix
@@ -3,5 +3,4 @@ builtins.mapAttrs (name: value: { email = name + "@bsc.es"; } // value) {
  arocanon.name = "Aleix Roca";
  rarias.name = "Rodrigo Arias";
  rpenacob.name = "Raúl Peñacoba";
  varcila.name = "Vincent Arcila";
 }
--- a/pkgs/mpich/default.nix
+++ b/pkgs/mpich/default.nix
@@ -6,13 +6,6 @@
 , pmix
 , gfortran
 , symlinkJoin
 # Disabled when cross-compiling
 # To fix cross compilation, we should fill the values in:
 # https://github.com/pmodels/mpich/blob/main/maint/fcrosscompile/cross_values.txt.in
 # For each arch
 , enableFortran ? stdenv.hostPlatform == stdenv.buildPlatform
 , perl
 , targetPackages
 }:
 let
@@ -22,13 +15,10 @@ let
    paths = [ pmix.dev pmix.out ];
  };
 in mpich.overrideAttrs (old: {
-  buildInputs = old.buildInputs ++ [
+  buildInput = old.buildInputs ++ [
    libfabric
    pmixAll
  ];
  nativeBuildInputs = old.nativeBuildInputs ++ [
    perl
  ];
  configureFlags = [
    "--enable-shared"
    "--enable-sharedlib"
@@ -41,21 +31,10 @@ in mpich.overrideAttrs (old: {
  ] ++ lib.optionals (lib.versionAtLeast gfortran.version "10") [
    "FFLAGS=-fallow-argument-mismatch" # https://github.com/pmodels/mpich/issues/4300
    "FCFLAGS=-fallow-argument-mismatch"
  ] ++ lib.optionals (!enableFortran) [
    "--disable-fortran"
  ];
  preFixup = ''
    sed -i 's:^CC=.*:CC=${targetPackages.stdenv.cc}/bin/${targetPackages.stdenv.cc.targetPrefix}cc:' $out/bin/mpicc
    sed -i 's:^CXX=.*:CXX=${targetPackages.stdenv.cc}/bin/${targetPackages.stdenv.cc.targetPrefix}c++:' $out/bin/mpicxx
  '' + lib.optionalString enableFortran ''
    sed -i 's:^FC=.*:FC=${targetPackages.gfortran or gfortran}/bin/${targetPackages.gfortran.targetPrefix or gfortran.targetPrefix}gfortran:' $out/bin/mpifort
  '';
  hardeningDisable = [ "all" ];
  meta = old.meta // {
    maintainers = old.meta.maintainers ++ (with lib.maintainers.bsc; [ rarias ]);
    cross = true;
  };
 })
--- a/pkgs/nix/add-catchAll.patch
+++ b/pkgs/nix/add-catchAll.patch
@@ -1,64 +0,0 @@
 From 3aa73c21e3afc91522a6121b0d591af6925b4ba6 Mon Sep 17 00:00:00 2001
 From: Rodrigo Arias Mallo <rodarima@gmail.com>
 Date: Mon, 13 Oct 2025 16:05:30 +0200
 Subject: [PATCH] Add builtins.catchAll to catch all types of errors
 Allows fetching multiple Git repositories with builtin.fetchGit and
 catching any errors thrown by the builtin, in opposition to the builtin
 tryEval.
 ---
 src/libexpr/primops.cc | 38 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)
 diff --git a/src/libexpr/primops.cc b/src/libexpr/primops.cc
 index 36a67a39d..3b26f9f43 100644
 --- a/src/libexpr/primops.cc
 +++ b/src/libexpr/primops.cc
@@ -849,6 +849,44 @@ static RegisterPrimOp primop_tryEval({
     .fun = prim_tryEval,
 });
 +/* Like tryEval but catch all errors. Success => {success=true; value=something;},
 + * else => {success=false; value=false;} */
 +static void prim_catchAll(EvalState & state, const PosIdx pos, Value * * args, Value & v)
 +{
 +    auto attrs = state.buildBindings(3);
 +    try {
 +        state.forceValue(*args[0], pos);
 +        attrs.insert(state.sValue, args[0]);
 +        attrs.alloc("success").mkBool(true);
 +        attrs.alloc("msg").mkNull();
 +    } catch (Error & e) {
 +        attrs.alloc(state.sValue).mkBool(false);
 +        attrs.alloc("success").mkBool(false);
 +        attrs.alloc("msg").mkString(e.msg());
 +    }
 +    v.mkAttrs(attrs);
 +}
 +
 +static RegisterPrimOp primop_catchAll({
 +    .name = "__catchAll",
 +    .args = {"e"},
 +    .doc = R"(
 +      Try to shallowly evaluate *e*. Return a set containing the
 +      attributes `success` (`true` if *e* evaluated successfully,
 +      `false` if an error was thrown) and `value`, equalling *e* if
 +      successful and `false` otherwise. In contrast with `tryEval`,
 +      `catchAll` will prevent all errors from being thrown, including
 +      for those created by `abort` and type errors generated by
 +      builtins. Also note that this doesn't evaluate *e* deeply, so
 +      `let e = { x = throw ""; }; in (builtins.catchAll e).success`
 +      will be `true`. Using `builtins.deepSeq` one can get the expected
 +      result: `let e = { x = throw ""; }; in
 +      (builtins.catchAll (builtins.deepSeq e e)).success` will be
 +      `false`.
 +    )",
 +    .fun = prim_catchAll,
 +});
 +
 /* Return an environment variable.  Use with care. */
 static void prim_getEnv(EvalState & state, const PosIdx pos, Value * * args, Value & v)
 {
 -- 
 2.51.0
--- a/pkgs/nix/default.nix
+++ b/pkgs/nix/default.nix
@@ -1,7 +1,219 @@
-{ nix }:
+{ lib, fetchurl, fetchFromGitHub, callPackage
 , storeDir ? "/nix/store"
 , stateDir ? "/nix/var"
 , confDir ? "/etc"
 , boehmgc
 , stdenv, llvmPackages_6
 }:
-nix.overrideAttrs (old: {
+let
-  patches = (old.patches or []) ++ [
+
-    ./add-catchAll.patch
+common =
-  ];
+  { lib, stdenv, fetchpatch, perl, curl, bzip2, sqlite, openssl ? null, xz
-})
+  , bash, coreutils, gzip, gnutar
  , pkg-config, boehmgc, perlPackages, libsodium, brotli, boost, editline, nlohmann_json
  , autoreconfHook, autoconf-archive, bison, flex, libxml2, libxslt, docbook5, docbook_xsl_ns
  , jq, libarchive, rustc, cargo
  # Used by tests
  , gmock
  , busybox-sandbox-shell
  , storeDir
  , stateDir
  , confDir
  , withLibseccomp ? lib.any (lib.meta.platformMatch stdenv.hostPlatform) libseccomp.meta.platforms, libseccomp
  , withAWS ? stdenv.isLinux || stdenv.isDarwin, aws-sdk-cpp
  , name, suffix ? "", src, crates ? null
  }:
  let
     sh = busybox-sandbox-shell;
     nix = stdenv.mkDerivation rec {
      inherit name src;
      version = lib.getVersion name;
      is24 = lib.versionAtLeast version "2.4pre";
      isExactly23 = lib.versionAtLeast version "2.3" && lib.versionOlder version "2.4";
      VERSION_SUFFIX = suffix;
      outputs = [ "out" "dev" "man" "doc" ];
      nativeBuildInputs =
        [ pkg-config ]
        ++ lib.optionals is24 [ autoreconfHook autoconf-archive bison flex libxml2 libxslt
                                docbook5 docbook_xsl_ns jq gmock ];
      buildInputs =
        [ curl openssl sqlite xz bzip2 nlohmann_json
          brotli boost editline
        ]
        ++ lib.optional (stdenv.isLinux || stdenv.isDarwin) libsodium
        ++ lib.optionals is24 [ libarchive rustc cargo ]
        ++ lib.optional withLibseccomp libseccomp
        ++ lib.optional withAWS
            ((aws-sdk-cpp.override {
              apis = ["s3" "transfer"];
              customMemoryManagement = false;
            }).overrideDerivation (args: {
              patches = args.patches or [] ++ [(fetchpatch {
                url = "https://github.com/edolstra/aws-sdk-cpp/commit/7d58e303159b2fb343af9a1ec4512238efa147c7.patch";
                sha256 = "103phn6kyvs1yc7fibyin3lgxz699qakhw671kl207484im55id1";
              })];
            }));
      propagatedBuildInputs = [ boehmgc ];
      # Seems to be required when using std::atomic with 64-bit types
      NIX_LDFLAGS = lib.optionalString (stdenv.hostPlatform.system == "armv5tel-linux" || stdenv.hostPlatform.system == "armv6l-linux") "-latomic";
      preConfigure =
        # Copy libboost_context so we don't get all of Boost in our closure.
        # https://github.com/NixOS/nixpkgs/issues/45462
        ''
          mkdir -p $out/lib
          cp -pd ${boost}/lib/{libboost_context*,libboost_thread*,libboost_system*} $out/lib
          rm -f $out/lib/*.a
          ${lib.optionalString stdenv.isLinux ''
            chmod u+w $out/lib/*.so.*
            patchelf --set-rpath $out/lib:${stdenv.cc.cc.lib}/lib $out/lib/libboost_thread.so.*
          ''}
        '' +
        # Unpack the Rust crates.
        lib.optionalString is24 ''
          tar xvf ${crates} -C nix-rust/
          mv nix-rust/nix-vendored-crates* nix-rust/vendor
        '' +
        # For Nix-2.3, patch around an issue where the Nix configure step pulls in the
        # build system's bash and other utilities when cross-compiling
        lib.optionalString (stdenv.buildPlatform != stdenv.hostPlatform && isExactly23) ''
          mkdir tmp/
          substitute corepkgs/config.nix.in tmp/config.nix.in \
            --subst-var-by bash ${bash}/bin/bash \
            --subst-var-by coreutils ${coreutils}/bin \
            --subst-var-by bzip2 ${bzip2}/bin/bzip2 \
            --subst-var-by gzip ${gzip}/bin/gzip \
            --subst-var-by xz ${xz}/bin/xz \
            --subst-var-by tar ${gnutar}/bin/tar \
            --subst-var-by tr ${coreutils}/bin/tr
          mv tmp/config.nix.in corepkgs/config.nix.in
          '';
      configureFlags =
        [ "--with-store-dir=${storeDir}"
          "--localstatedir=${stateDir}"
          "--sysconfdir=${confDir}"
          "--disable-init-state"
          "--enable-gc"
        ]
        ++ lib.optionals stdenv.isLinux [
          "--with-sandbox-shell=${sh}/bin/busybox"
        ]
        ++ lib.optional (
            stdenv.hostPlatform != stdenv.buildPlatform && stdenv.hostPlatform ? nix && stdenv.hostPlatform.nix ? system
        ) ''--with-system=${stdenv.hostPlatform.nix.system}''
           # RISC-V support in progress https://github.com/seccomp/libseccomp/pull/50
        ++ lib.optional (!withLibseccomp) "--disable-seccomp-sandboxing";
      makeFlags = [ "profiledir=$(out)/etc/profile.d" ];
      installFlags = [ "sysconfdir=$(out)/etc" ];
      doInstallCheck = false;
      # socket path becomes too long otherwise
      #preInstallCheck = lib.optional stdenv.isDarwin ''
      #  export TMPDIR=$NIX_BUILD_TOP
      #'';
      separateDebugInfo = stdenv.isLinux;
      enableParallelBuilding = true;
      meta = {
        description = "Powerful package manager that makes package management reliable and reproducible";
        longDescription = ''
          Nix is a powerful package manager for Linux and other Unix systems that
          makes package management reliable and reproducible. It provides atomic
          upgrades and rollbacks, side-by-side installation of multiple versions of
          a package, multi-user package management and easy setup of build
          environments.
        '';
        homepage = "https://nixos.org/";
        license = lib.licenses.lgpl2Plus;
        maintainers = [ lib.maintainers.eelco ];
        platforms = lib.platforms.unix;
        outputsToInstall = [ "out" "man" ];
      };
      passthru = {
        perl-bindings = stdenv.mkDerivation {
          pname = "nix-perl";
          inherit version;
          inherit src;
          postUnpack = "sourceRoot=$sourceRoot/perl";
          # This is not cross-compile safe, don't have time to fix right now
          # but noting for future travellers.
          nativeBuildInputs =
            [ perl pkg-config curl nix libsodium boost autoreconfHook autoconf-archive ];
          configureFlags =
            [ "--with-dbi=${perlPackages.DBI}/${perl.libPrefix}"
              "--with-dbd-sqlite=${perlPackages.DBDSQLite}/${perl.libPrefix}"
            ];
          preConfigure = "export NIX_STATE_DIR=$TMPDIR";
          preBuild = "unset NIX_INDENT_MAKE";
        };
      };
    };
  in nix;
 in rec {
  nix = nixUnstable;
  nixUnstable = lib.lowPrio (callPackage common rec {
    name = "nix-2.4${suffix}";
    suffix = "pre7534_b92f58f6";
    #src = /home/Computational/rarias/nix/nix-rodarima;
    src = fetchFromGitHub {
      owner = "rodarima";
      repo = "nix";
      rev = "3a642187c33ed46d952d3a50a83b2576b704fab7";
      sha256 = "0s8is2czpkcj1x1kcjqgbnsbbl03w3fwjjiclsd44zh1ij3wb90s";
    };
    crates = fetchurl {
      url = "https://hydra.nixos.org/build/118797694/download/1/nix-vendored-crates-2.4pre7534_b92f58f6.tar.xz";
      sha256 = "a4c2612bbd81732bbb899bc0c230e07b16f6b6150ffbb19c4907dedbbc2bf9fc";
    };
    inherit storeDir stateDir confDir boehmgc;
  });
  nixFlakes = lib.lowPrio (callPackage common rec {
    name = "nix-2.4${suffix}";
    suffix = "pre20200521_00b562c";
    src = fetchFromGitHub {
      owner = "NixOS";
      repo = "nix";
      rev = "00b562c87ec4c3bbe514f5dc1f4d1c41f66f66bf";
      sha256 = "0s8is2czpkcj1x1kcjqgbnsbbl03w3fwjjiclsd44zh1ij3wb90s";
    };
    crates = fetchurl {
      url = "https://hydra.nixos.org/build/118093786/download/1/nix-vendored-crates-2.4pre20200501_941f952.tar.xz";
      sha256 = "060f4n5srdbb8vsj0m14aqch7im79a4h5g3nrs41p1xc602vhcdl";
    };
    inherit storeDir stateDir confDir boehmgc;
  });
 }
--- a/pkgs/nixgen/default.nix
+++ b/pkgs/nixgen/default.nix
@@ -1,22 +0,0 @@
 {
  stdenv
 , lib
 }:
 stdenv.mkDerivation {
  pname = "nixgen";
  version = "0.0.1";
  src = ./nixgen;
  dontUnpack = true;
  phases = [ "installPhase" ];
  installPhase = ''
    mkdir -p $out/bin
    cp -a $src $out/bin/nixgen
  '';
  meta = {
    description = "Quickly generate flake.nix from command line";
    maintainers = with lib.maintainers.bsc; [ rarias ];
    platforms = lib.platforms.linux;
    license = lib.licenses.gpl3Plus;
  };
 }
--- a/pkgs/nixgen/nixgen
+++ b/pkgs/nixgen/nixgen
@@ -1,97 +0,0 @@
 #!/bin/sh
 #
 # Copyright (c) 2025, Barcelona Supercomputing Center (BSC)
 # SPDX-License-Identifier: GPL-3.0+
 # Author: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
 function usage() {
  echo "USAGE: nixgen [-f] [package [...]] [-b package [...]]" >&2
  echo "  Generates a flake.nix file with the given packages." >&2
  echo "  After flake.nix is created, use 'nix develop' to enter the shell." >&2
  echo "OPTIONS" >&2
  echo "  -f               Overwrite existing flake.nix (default: no)." >&2
  echo "  packages...      Add these packages to the shell." >&2
  echo "  -b packages...   Add the dependencies needed to build these packages." >&2
  echo "EXAMPLE" >&2
  echo "  $ nixgen ovni bigotes -b nosv tampi" >&2
  echo "  Adds the packages ovni and bigotes as well as all required dependencies" >&2
  echo "  to build nosv and tampi." >&2
  echo "AUTHOR" >&2
  echo "  Rodrigo Arias Mallo <rodrigo.arias@bsc.es>" >&2
  exit 1
 }
 mode=package
 packages=
 inputsFrom=
 force=
 if [[ $# -eq 0 ]]; then
  usage
 fi
 while [[ $# -gt 0 ]]; do
    case $1 in -b)
      mode=build
      shift
      ;;
    -f)
      force=1
      shift
      ;;
    -h)
      usage
      ;;
    -*|--*)
      echo "error: unknown option $1" >&2
      exit 1
      ;;
    *)
      if [ "$mode" == "package" ]; then
        packages+="${packages:+ }$1"
      else
        inputsFrom+="${inputsFrom:+ }$1"
      fi
      shift
      ;;
  esac
 done
 if [ ! "$force" -a -e flake.nix ]; then
  echo "error: flake.nix exists, force overwrite with -f" >&2
  exit 1
 fi
 cat > flake.nix <<EOF
 {
  inputs.jungle.url = "git+https://jungle.bsc.es/git/rarias/jungle";
  outputs = { self, jungle }:
  let
    nixpkgs = jungle.inputs.nixpkgs;
    customOverlay = (final: prev: {
      # Example overlay, for now empty
    });
    pkgs = import nixpkgs {
      system = "x86_64-linux";
      overlays = [
        # Apply jungle overlay to get our BSC custom packages
        jungle.outputs.bscOverlay
        # And on top apply our local changes to customize for cluster
        customOverlay
      ];
    };
  in {
    devShells.x86_64-linux.default = pkgs.mkShell {
      pname = "devshell";
      # Include these packages in the shell
      packages = with pkgs; [
        $packages
      ];
      # The dependencies needed to build these packages will be also included
      inputsFrom = with pkgs; [
        $inputsFrom
      ];
    };
  };
 }
 EOF
--- a/pkgs/nodes/default.nix
+++ b/pkgs/nodes/default.nix
@@ -3,6 +3,7 @@
 , lib
 , fetchFromGitHub
 , pkg-config
 , perl
 , numactl
 , hwloc
 , boost
@@ -10,23 +11,22 @@
 , ovni
 , nosv
 , clangOmpss2
 , which
 , useGit ? false
 , gitUrl ? "ssh://git@gitlab-internal.bsc.es/nos-v/nodes.git"
 , gitBranch ? "master"
-, gitCommit ? "511489e71504a44381e0930562e7ac80ac69a848" # version-1.4
+, gitCommit ? "6002ec9ae6eb876d962cc34366952a3b26599ba6"
 }:
 with lib;
 let
  release = rec {
-    version = "1.4";
+    version = "1.3";
    src = fetchFromGitHub {
      owner = "bsc-pm";
      repo = "nodes";
      rev = "version-${version}";
-      hash = "sha256-+lR/R0l3fGZO3XG7whMorFW2y2YZ0ZFnLeOHyQYrAsQ=";
+      hash = "sha256-cFb9pxcjtkMmH0CsGgUO9LTdXDNh7MCqicgGWawLrsU=";
    };
  };
@@ -59,7 +59,6 @@ in
    doCheck = false;
    nativeCheckInputs = [
      clangOmpss2
      which
    ];
    # The "bindnow" flags are incompatible with ifunc resolution mechanism. We
@@ -86,7 +85,7 @@ in
    meta = {
      homepage = "https://gitlab.bsc.es/nos-v/nodes";
      description = "Runtime library designed to work on top of the nOS-V runtime";
-      maintainers = with lib.maintainers.bsc; [ abonerib rarias ];
+      maintainers = with lib.maintainers.bsc; [ rarias ];
      platforms = lib.platforms.linux;
      license = lib.licenses.gpl3Plus;
    };
--- a/pkgs/nosv/default.nix
+++ b/pkgs/nosv/default.nix
@@ -13,19 +13,19 @@
 , useGit ? false
 , gitUrl ? "git@gitlab-internal.bsc.es:nos-v/nos-v.git"
 , gitBranch ? "master"
-, gitCommit ? "1108e4786b58e0feb9a16fa093010b763eb2f8e8" # version 4.0.0
+, gitCommit ? "9f47063873c3aa9d6a47482a82c5000a8c813dd8"
 }:
 with lib;
 let
  release = rec {
-    version = "4.0.0";
+    version = "3.2.0";
    src = fetchFromGitHub {
      owner = "bsc-pm";
      repo = "nos-v";
      rev = "${version}";
-      hash = "sha256-llaq73bd/YxLVKNlMebnUHKa4z3sdcsuDUoVwUxNuw8=";
+      hash = "sha256-yaz92426EM8trdkBJlISmAoG9KJCDTvoAW/HKrasvOw=";
    };
  };
--- a/pkgs/osu/default.nix
+++ b/pkgs/osu/default.nix
@@ -32,11 +32,6 @@ stdenv.mkDerivation rec {
      "CXX=mpicxx"
  ];
  env = {
    MPICH_CC="${stdenv.cc}/bin/${stdenv.cc.targetPrefix}cc";
    MPICH_CXX="${stdenv.cc}/bin/${stdenv.cc.targetPrefix}c++";
  };
  postInstall = ''
    mkdir -p $out/bin
    for f in $(find $out -executable -type f); do
@@ -49,6 +44,5 @@ stdenv.mkDerivation rec {
    homepage = "http://mvapich.cse.ohio-state.edu/benchmarks/";
    maintainers = [ ];
    platforms = lib.platforms.all;
    cross = true;
  };
 }
--- a/pkgs/ovni/default.nix
+++ b/pkgs/ovni/default.nix
@@ -7,7 +7,7 @@
 , useGit ? false
 , gitBranch ? "master"
 , gitUrl ? "ssh://git@bscpm04.bsc.es/rarias/ovni.git"
-, gitCommit ? "06432668f346c8bdc1006fabc23e94ccb81b0d8b" # version 1.13.0
+, gitCommit ? "e4f62382076f0cf0b1d08175cf57cc0bc51abc61"
 , enableDebug ? false
 # Only enable MPI if the build is native (fails on cross-compilation)
 , useMpi ? (stdenv.buildPlatform.canExecute stdenv.hostPlatform)
@@ -15,13 +15,13 @@
 let
  release = rec {
-    version = "1.13.0";
+    version = "1.12.0";
    src = fetchFromGitHub {
      owner = "bsc-pm";
      repo = "ovni";
      rev = "${version}";
-      hash = "sha256-0l2ryIyWNiZqeYdVlnj/WnQGS3xFCY4ICG8JedX424w=";
+      hash = "sha256-H04JvsVKrdqr3ON7JhU0g17jjlg/jzQ7eTfx9vUNd3E=";
-    } // { shortRev = "0643266"; };
+    } // { shortRev = "a73afcf"; };
  };
  git = rec {
--- a/pkgs/sonar/default.nix
+++ b/pkgs/sonar/default.nix
@@ -35,6 +35,5 @@ stdenv.mkDerivation rec {
    maintainers = with lib.maintainers.bsc; [ rarias ];
    platforms = lib.platforms.linux;
    license = lib.licenses.mit;
    cross = true;
  };
 }
--- a/pkgs/tagaspi/default.nix
+++ b/pkgs/tagaspi/default.nix
@@ -5,14 +5,23 @@
 , automake
 , autoconf
 , libtool
 , mpi
 , autoreconfHook
 , gpi-2
 , boost
 , numactl
 , rdma-core
 , gfortran
 , symlinkJoin
 }:
 let
  mpiAll = symlinkJoin {
    name = "mpi-all";
    paths = [ mpi.all ];
  };
 in
 stdenv.mkDerivation rec {
  pname = "tagaspi";
  enableParallelBuilding = true;
@@ -26,18 +35,16 @@ stdenv.mkDerivation rec {
    hash = "sha256-RGG/Re2uM293HduZfGzKUWioDtwnSYYdfeG9pVrX9EM=";
  };
-  nativeBuildInputs = [
+  buildInputs = [
    autoreconfHook
    automake
    autoconf
    libtool
    gfortran
  ];
  buildInputs = [
    boost
    numactl
    rdma-core
    gfortran
    mpiAll
  ];
  dontDisableStatic = true;
@@ -56,6 +63,5 @@ stdenv.mkDerivation rec {
    maintainers = with lib.maintainers.bsc; [ rarias ];
    platforms = lib.platforms.linux;
    license = lib.licenses.gpl3Plus;
    cross = false; # gpi-2 cannot cross
  };
 }
--- a/pkgs/tampi/default.nix
+++ b/pkgs/tampi/default.nix
@@ -68,6 +68,5 @@ in stdenv.mkDerivation {
    maintainers = with lib.maintainers.bsc; [ rarias ];
    platforms = lib.platforms.linux;
    license = lib.licenses.gpl3Plus;
    cross = true;
  };
 }
Author	SHA1	Message	Date
Aleix Boné	dd7744358f	Add meta to intel 2023 All checks were successful CI / build:cross (pull_request) Successful in 6s Details CI / build:all (pull_request) Successful in 15s Details	2025-10-10 12:29:55 +02:00
Aleix Boné	fee9c0ffe7	Add meta to packages	2025-10-10 12:29:55 +02:00
Aleix Boné	a2e47e666a	Add maintainers	2025-10-10 12:29:55 +02:00
		`@@ -1 +0,0 @@`
			`ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPJDyIr/FSz1cJdcoW69R+NrWzwGK/+3gJpqD1t8L2zE`
		`@@ -1 +0,0 @@`
			`ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL0idNvgGiucWgup/mP78zyC23uFjYq0evcWdjGQUaBH`