Move vlopez user to jungleUsers for koro host

Access to other machines can be easily added into the "hosts" attribute without the need to replicate the configuration.
Add raccoon motd file
2024-06-07 10:47:13 +02:00 · 2024-06-07 10:47:13 +02:00 · 2024-06-07 10:47:13 +02:00 · 2024-06-07 10:47:10 +02:00 · 2024-06-07 10:45:46 +02:00 · 2024-06-07 10:45:46 +02:00
32 changed files with 121 additions and 209 deletions
--- a/flake.lock
+++ b/flake.lock
@@ -10,11 +10,11 @@
        "systems": "systems"
      },
      "locked": {
-        "lastModified": 1720546205,
-        "narHash": "sha256-boCXsjYVxDviyzoEyAk624600f3ZBo/DKtUdvMTpbGY=",
+        "lastModified": 1712079060,
+        "narHash": "sha256-/JdiT9t+zzjChc5qQiF+jhrVhRt8figYH29rZO7pFe4=",
        "owner": "ryantm",
        "repo": "agenix",
-        "rev": "de96bd907d5fbc3b14fc33ad37d1b9a3cb15edc6",
+        "rev": "1381a759b205dff7a6818733118d02253340fd5e",
        "type": "github"
      },
      "original": {
@@ -88,11 +88,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1720957393,
-        "narHash": "sha256-oedh2RwpjEa+TNxhg5Je9Ch6d3W1NKi7DbRO1ziHemA=",
+        "lastModified": 1713714899,
+        "narHash": "sha256-+z/XjO3QJs5rLE5UOf015gdVauVRQd2vZtsFkaXBq2Y=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "693bc46d169f5af9c992095736e82c3488bf7dbb",
+        "rev": "6143fc5eeb9c4f00163267708e26191d1e918932",
        "type": "github"
      },
      "original": {
--- a/m/bay/configuration.nix
+++ b/m/bay/configuration.nix
@@ -9,10 +9,6 @@
  # Select the this using the ID to avoid mismatches
  boot.loader.grub.device = "/dev/disk/by-id/wwn-0x55cd2e414d53562d";

-  boot.kernel.sysctl = {
-    "kernel.yama.ptrace_scope" = lib.mkForce "1";
-  };
-
  environment.systemPackages = with pkgs; [
    ceph
  ];
--- a/m/common/base.nix
+++ b/m/common/base.nix
@@ -3,7 +3,6 @@
  # Includes the basic configuration for an Intel server.
  imports = [
    ./base/agenix.nix
-    ./base/august-shutdown.nix
    ./base/boot.nix
    ./base/env.nix
    ./base/fs.nix
--- a/m/common/base/august-shutdown.nix
+++ b/m/common/base/august-shutdown.nix
@@ -1,14 +0,0 @@
-{
-  # Shutdown all machines on August 2nd at 11:00 AM, so we can protect the
-  # hardware from spurious electrical peaks on the yearly electrical cut for
-  # manteinance that starts on August 4th.
-  systemd.timers.august-shutdown = {
-    description = "Shutdown on August 2nd for maintenance";
-    wantedBy = [ "timers.target" ];
-    timerConfig = {
-      OnCalendar = "*-08-02 11:00:00";
-      RandomizedDelaySec = "10min";
-      Unit = "systemd-poweroff.service";
-    };
-  };
-}
--- a/m/common/base/boot.nix
+++ b/m/common/base/boot.nix
@@ -11,12 +11,14 @@
    terminal_output --append serial
  '';

+  # Enable serial console
+  boot.kernelParams = [
+    "console=tty1"
+    "console=ttyS0,115200"
+  ];
+
  boot.kernel.sysctl = {
    "kernel.perf_event_paranoid" = lib.mkDefault "-1";
-
-    # Allow ptracing (i.e. attach with GDB) any process of the same user, see:
-    # https://www.kernel.org/doc/Documentation/security/Yama.txt
-    "kernel.yama.ptrace_scope" = "0";
  };

  boot.kernelPackages = pkgs.linuxPackages_latest;
--- a/m/common/base/net.nix
+++ b/m/common/base/net.nix
@@ -12,7 +12,7 @@

    hosts = {
      "84.88.53.236" = [ "ssfhead.bsc.es" "ssfhead" ];
-      "84.88.51.152" = [ "raccoon" ];
+      "84.88.51.152" = [ "knights3.bsc.es" "raccoon" ];
      "84.88.51.142" = [ "raccoon-ipmi" ];
    };
  };
--- a/m/common/base/ssh.nix
+++ b/m/common/base/ssh.nix
@@ -12,7 +12,7 @@ in
  programs.ssh.extraConfig = ''
    Host bscpm02.bsc.es bscpm03.bsc.es gitlab-internal.bsc.es alya.gitlab.bsc.es
      User git
-      ProxyCommand nc -X connect -x hut:23080 %h %p
+      ProxyCommand nc -X connect -x localhost:23080 %h %p
  '';

  programs.ssh.knownHosts = hostsKeys // {
--- a/m/common/base/users.nix
+++ b/m/common/base/users.nix
@@ -55,7 +55,7 @@
        home = "/home/Computational/rpenacob";
        description = "Raúl Peñacoba";
        group = "Computational";
-        hosts = [ "owl1" "owl2" "hut" ];
+        hosts = [ "hut" ];
        hashedPassword = "$6$TZm3bDIFyPrMhj1E$uEDXoYYd1z2Wd5mMPfh3DZAjP7ztVjJ4ezIcn82C0ImqafPA.AnTmcVftHEzLB3tbe2O4SxDyPSDEQgJ4GOtj/";
        openssh.authorizedKeys.keys = [
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFYfXg37mauGeurqsLpedgA2XQ9d4Nm0ZGo/hI1f7wwH rpenacob@bsc"
@@ -75,19 +75,6 @@
        ];
      };

-      abonerib = {
-        uid = 4541;
-        isNormalUser = true;
-        home = "/home/Computational/abonerib";
-        description = "Aleix Boné";
-        group = "Computational";
-        hosts = [ "owl1" "owl2" "hut" "raccoon" ];
-        hashedPassword = "$6$V1EQWJr474whv7XJ$OfJ0wueM2l.dgiJiiah0Tip9ITcJ7S7qDvtSycsiQ43QBFyP4lU0e0HaXWps85nqB4TypttYR4hNLoz3bz662/";
-        openssh.authorizedKeys.keys = [
-          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIIFiqXqt88VuUfyANkZyLJNiuroIITaGlOOTMhVDKjf abonerib@bsc"
-        ];
-      };
-
      vlopez = {
        uid = 4334;
        isNormalUser = true;
--- a/m/common/xeon.nix
+++ b/m/common/xeon.nix
@@ -3,7 +3,7 @@
  imports = [
    ./base.nix
    ./xeon/fs.nix
-    ./xeon/console.nix
+    ./xeon/getty.nix
    ./xeon/net.nix
  ];
 }
--- a/m/common/xeon/console.nix
+++ b/m/common/xeon/console.nix
@@ -5,10 +5,4 @@
    wantedBy = [ "getty.target" ];
    serviceConfig.Restart = "always";
  };
-
-  # Enable serial console
-  boot.kernelParams = [
-    "console=tty1"
-    "console=ttyS0,115200"
-  ];
 }
--- a/m/common/xeon/net.nix
+++ b/m/common/xeon/net.nix
@@ -10,7 +10,7 @@
    nameservers = ["8.8.8.8"];

    proxy = {
-      default = "http://hut:23080/";
+      default = "http://localhost:23080/";
      noProxy = "127.0.0.1,localhost,internal.domain,10.0.40.40";
      # Don't set all_proxy as go complains and breaks the gitlab runner, see:
      # https://github.com/golang/go/issues/16715
--- a/m/eudy/kernel/kernel.nix
+++ b/m/eudy/kernel/kernel.nix
@@ -21,9 +21,9 @@ let
  #   configfile = if lockdep then ./configs/lockdep else ./configs/defconfig;
  #};

-  kernel = nixos-fcs;
+  kernel = nixos-fcsv3;

-  nixos-fcs-kernel = lib.makeOverridable ({gitCommit, lockStat ? false, preempt ? false, branch ? "fcs"}: pkgs.linuxPackagesFor (pkgs.buildLinux rec {
+  nixos-fcs-kernel = {gitCommit, lockStat ? false, preempt ? false, branch ? "fcs"}: pkgs.linuxPackagesFor (pkgs.buildLinux rec {
    version = "6.2.8";
    src = builtins.fetchGit {
      url = "git@bscpm03.bsc.es:ompss-kernel/linux.git";
@@ -40,13 +40,35 @@ let
    };
    kernelPatches = [];
    extraMeta.branch = lib.versions.majorMinor version;
-  }));
+  });

-  nixos-fcs = nixos-fcs-kernel {gitCommit = "8a09822dfcc8f0626b209d6d2aec8b5da459dfee";};
-  nixos-fcs-lockstat = nixos-fcs.override {
+  nixos-fcsv1 = nixos-fcs-kernel {gitCommit = "bc11660676d3d68ce2459b9fb5d5e654e3f413be";};
+  nixos-fcsv2 = nixos-fcs-kernel {gitCommit = "db0f2eca0cd57a58bf456d7d2c7d5d8fdb25dfb1";};
+  nixos-fcsv3 = nixos-fcs-kernel {gitCommit = "6c17394890704c3345ac1a521bb547164b36b154";};
+
+  # always use fcs_sched_setaffinity
+  #nixos-debug = nixos-fcs-kernel {gitCommit = "7d0bf285fca92badc8df3c9907a9ab30db4418aa";};
+  # remove need_check_cgroup
+  #nixos-debug = nixos-fcs-kernel {gitCommit = "4cc4efaab5e4a0bfa3089e935215b981c1922919";};
+  # merge again fcs_wake and fcs_wait
+  #nixos-debug = nixos-fcs-kernel {gitCommit = "40c6f72f4ae54b0b636b193ac0648fb5730c810d";};
+  # start from scratch, this is the working version with split fcs_wake and fcs_wait
+  nixos-debug = nixos-fcs-kernel {gitCommit = "c9a39d6a4ca83845b4e71fcc268fb0a76aff1bdf"; branch = "fcs-test"; };
+
+  nixos-fcsv1-lockstat = nixos-fcs-kernel {
+    gitCommit = "bc11660676d3d68ce2459b9fb5d5e654e3f413be";
    lockStat = true;
  };
-  nixos-fcs-lockstat-preempt = nixos-fcs.override {
+  nixos-fcsv2-lockstat = nixos-fcs-kernel {
+    gitCommit = "db0f2eca0cd57a58bf456d7d2c7d5d8fdb25dfb1";
+    lockStat = true;
+  };
+  nixos-fcsv3-lockstat = nixos-fcs-kernel {
+    gitCommit = "6c17394890704c3345ac1a521bb547164b36b154";
+    lockStat = true;
+  };
+  nixos-fcsv3-lockstat-preempt = nixos-fcs-kernel {
+    gitCommit = "6c17394890704c3345ac1a521bb547164b36b154";
    lockStat = true;
    preempt = true;
  };
--- a/m/hut/configuration.nix
+++ b/m/hut/configuration.nix
@@ -6,7 +6,6 @@

    ../module/ceph.nix
    ../module/debuginfod.nix
-    ../module/emulation.nix
    ../module/slurm-client.nix
    ./gitlab-runner.nix
    ./monitoring.nix
@@ -17,19 +16,14 @@
    ./gitea.nix
    ./msmtp.nix
    ./postgresql.nix
-    ./nginx.nix
-    ./p.nix
    #./pxe.nix
  ];

+  boot.binfmt.emulatedSystems = [ "aarch64-linux" "powerpc64le-linux" "riscv64-linux" ];
+
  # Select the this using the ID to avoid mismatches
  boot.loader.grub.device = "/dev/disk/by-id/ata-INTEL_SSDSC2BB240G7_PHDV6462004Y240AGN";

-  fileSystems."/nvme" = {
-    fsType = "ext4";
-    device = "/dev/disk/by-label/nvme";
-  };
-
  networking = {
    hostName = "hut";
    interfaces.eno1.ipv4.addresses = [ {
@@ -40,15 +34,5 @@
      address = "10.0.42.7";
      prefixLength = 24;
    } ];
-    firewall = {
-      extraCommands = ''
-        # Accept all proxy traffic from compute nodes but not the login
-        iptables -A nixos-fw -p tcp -s 10.0.40.30 --dport 23080 -j nixos-fw-log-refuse
-        iptables -A nixos-fw -p tcp -s 10.0.40.0/24 --dport 23080 -j nixos-fw-accept
-      '';
-    };
  };
-
-  # Allow proxy to bind to the ethernet interface
-  services.openssh.settings.GatewayPorts = "clientspecified";
 }
--- a/m/hut/gitea.nix
+++ b/m/hut/gitea.nix
@@ -17,7 +17,6 @@
        REGISTER_MANUAL_CONFIRM = true;
        ENABLE_NOTIFY_MAIL = true;
      };
-      log.LEVEL = "Warn";

      mailer = {
        ENABLED       = true;
--- a/m/hut/gitlab-runner.nix
+++ b/m/hut/gitlab-runner.nix
@@ -1,8 +1,9 @@
 { pkgs, lib, config, ... }:

 {
-  age.secrets.gitlabRunnerShellToken.file = ../../secrets/gitlab-runner-shell-token.age;
-  age.secrets.gitlabRunnerDockerToken.file = ../../secrets/gitlab-runner-docker-token.age;
+  age.secrets.ovniToken.file = ../../secrets/ovni-token.age;
+  age.secrets.gitlabToken.file = ../../secrets/gitlab-bsc-es-token.age;
+  age.secrets.nosvToken.file = ../../secrets/nosv-token.age;

  services.gitlab-runner = {
    enable = true;
@@ -10,14 +11,20 @@
    services = let
      common-shell = {
        executor = "shell";
+        tagList = [ "nix" "xeon" ];
+        registrationFlags = [
+          # Using space doesn't work, and causes it to misread the next flag
+          "--locked='false'"
+        ];
        environmentVariables = {
          SHELL = "${pkgs.bash}/bin/bash";
        };
      };
      common-docker = {
-        executor = "docker";
        dockerImage = "debian:stable";
+        tagList = [ "docker" "xeon" ];
        registrationFlags = [
+          "--locked='false'"
          "--docker-network-mode host"
        ];
        environmentVariables = {
@@ -26,12 +33,19 @@
        };
      };
    in {
+      # For gitlab.bsc.es
+      gitlab-bsc-es-shell = common-shell // {
+        registrationConfigFile = config.age.secrets.gitlabToken.path;
+      };
+      gitlab-bsc-es-docker = common-docker // {
+        registrationConfigFile = config.age.secrets.gitlabToken.path;
+      };
      # For pm.bsc.es/gitlab
      gitlab-pm-shell = common-shell // {
-        authenticationTokenConfigFile = config.age.secrets.gitlabRunnerShellToken.path;
+        registrationConfigFile = config.age.secrets.ovniToken.path;
      };
      gitlab-pm-docker = common-docker // {
-        authenticationTokenConfigFile = config.age.secrets.gitlabRunnerDockerToken.path;
+        registrationConfigFile = config.age.secrets.ovniToken.path;
      };
    };
  };
--- a/m/hut/monitoring.nix
+++ b/m/hut/monitoring.nix
@@ -31,7 +31,6 @@
      };
      feature_toggles.publicDashboards = true;
      "auth.anonymous".enabled = true;
-      log.level = "warn";
    };
  };

@@ -233,17 +232,6 @@
          }
        ];
      }
-      {
-        job_name = "ipmi-raccoon";
-        metrics_path = "/ipmi";
-        static_configs = [
-          { targets = [ "127.0.0.1:9291" ]; }
-        ];
-        params = {
-          target = [ "84.88.51.142" ];
-          module = [ "raccoon" ];
-        };
-      }
    ];
  };
 }
--- a/m/hut/nginx.nix
+++ b/m/hut/nginx.nix
@@ -1,14 +0,0 @@
-{
-  services.nginx = {
-    enable = true;
-    virtualHosts."jungle.bsc.es" = {
-      listen = [
-        {
-          addr = "127.0.0.1";
-          port = 8123;
-        }
-      ];
-      locations."/p/".alias = "/ceph/p/";
-    };
-  };
-}
--- a/m/hut/p.nix
+++ b/m/hut/p.nix
@@ -1,22 +0,0 @@
-{ pkgs, ... }:
-let
-  p = pkgs.writeShellScriptBin "p" ''
-    set -e
-    cd /ceph
-    pastedir="p/$USER"
-    mkdir -p "$pastedir"
-
-    if [ -n "$1" ]; then
-            out="$pastedir/$1"
-    else
-            out=$(mktemp "$pastedir/XXXXXXXX.txt")
-    fi
-
-    cat > "$out"
-    chmod go+r "$out"
-    echo "https://jungle.bsc.es/$out"
-  '';
-in
-{
-  environment.systemPackages = with pkgs; [ p ];
-}
--- a/m/koro/kernel.nix
+++ b/m/koro/kernel.nix
@@ -1,29 +1,9 @@
 { pkgs, lib, ... }:

 let
-  #fcs-devel = pkgs.linuxPackages_custom {
-  #   version = "6.2.8";
-  #   src = /mnt/data/kernel/fcs/kernel/src;
-  #   configfile = /mnt/data/kernel/fcs/kernel/configs/defconfig;
-  #};
+  kernel = nixos-fcsv4;

-  #fcsv1 = fcs-kernel "bc11660676d3d68ce2459b9fb5d5e654e3f413be" false;
-  #fcsv2 = fcs-kernel "db0f2eca0cd57a58bf456d7d2c7d5d8fdb25dfb1" false;
-  #fcsv1-lockdep = fcs-kernel "bc11660676d3d68ce2459b9fb5d5e654e3f413be" true;
-  #fcsv2-lockdep = fcs-kernel "db0f2eca0cd57a58bf456d7d2c7d5d8fdb25dfb1" true;
-  #fcs-kernel = gitCommit: lockdep: pkgs.linuxPackages_custom {
-  #   version = "6.2.8";
-  #   src = builtins.fetchGit {
-  #     url = "git@bscpm03.bsc.es:ompss-kernel/linux.git";
-  #     rev = gitCommit;
-  #     ref = "fcs";
-  #   };
-  #   configfile = if lockdep then ./configs/lockdep else ./configs/defconfig;
-  #};
-
-  kernel = nixos-fcs;
-
-  nixos-fcs-kernel = lib.makeOverridable ({gitCommit, lockStat ? false, preempt ? false, branch ? "fcs"}: pkgs.linuxPackagesFor (pkgs.buildLinux rec {
+  nixos-fcs-kernel = {gitCommit, lockStat ? false, preempt ? false, branch ? "fcs"}: pkgs.linuxPackagesFor (pkgs.buildLinux rec {
    version = "6.2.8";
    src = builtins.fetchGit {
      url = "git@bscpm03.bsc.es:ompss-kernel/linux.git";
@@ -40,13 +20,27 @@ let
    };
    kernelPatches = [];
    extraMeta.branch = lib.versions.majorMinor version;
-  }));
+  });

-  nixos-fcs = nixos-fcs-kernel {gitCommit = "8a09822dfcc8f0626b209d6d2aec8b5da459dfee";};
-  nixos-fcs-lockstat = nixos-fcs.override {
+  nixos-fcsv1 = nixos-fcs-kernel {gitCommit = "bc11660676d3d68ce2459b9fb5d5e654e3f413be";};
+  nixos-fcsv2 = nixos-fcs-kernel {gitCommit = "db0f2eca0cd57a58bf456d7d2c7d5d8fdb25dfb1";};
+  nixos-fcsv3 = nixos-fcs-kernel {gitCommit = "6c17394890704c3345ac1a521bb547164b36b154";};
+  nixos-fcsv4 = nixos-fcs-kernel {gitCommit = "c94c3d946f33ac3e5782a02ee002cc1164c0cb4f";};
+
+  nixos-fcsv1-lockstat = nixos-fcs-kernel {
+    gitCommit = "bc11660676d3d68ce2459b9fb5d5e654e3f413be";
    lockStat = true;
  };
-  nixos-fcs-lockstat-preempt = nixos-fcs.override {
+  nixos-fcsv2-lockstat = nixos-fcs-kernel {
+    gitCommit = "db0f2eca0cd57a58bf456d7d2c7d5d8fdb25dfb1";
+    lockStat = true;
+  };
+  nixos-fcsv3-lockstat = nixos-fcs-kernel {
+    gitCommit = "6c17394890704c3345ac1a521bb547164b36b154";
+    lockStat = true;
+  };
+  nixos-fcsv3-lockstat-preempt = nixos-fcs-kernel {
+    gitCommit = "6c17394890704c3345ac1a521bb547164b36b154";
    lockStat = true;
    preempt = true;
  };
@@ -66,5 +60,5 @@ in {
  
  # enable memory overcommit, needed to build a taglibc system using nix after
  # increasing the openblas memory footprint
-  boot.kernel.sysctl."vm.overcommit_memory" = 1;
+  boot.kernel.sysctl."vm.overcommit_memory" = lib.mkForce 1;
 }
--- a/m/lake2/configuration.nix
+++ b/m/lake2/configuration.nix
@@ -8,10 +8,6 @@

  boot.loader.grub.device = "/dev/disk/by-id/wwn-0x55cd2e414d53563a";

-  boot.kernel.sysctl = {
-    "kernel.yama.ptrace_scope" = lib.mkForce "1";
-  };
-
  environment.systemPackages = with pkgs; [
    ceph
  ];
--- a/m/module/ceph.nix
+++ b/m/module/ceph.nix
@@ -13,22 +13,10 @@

  age.secrets.cephUser.file = ../../secrets/ceph-user.age;

-  fileSystems."/ceph-slow" = {
-    fsType = "ceph";
-    device = "user@9c8d06e0-485f-4aaf-b16b-06d6daf1232b.cephfs=/";
-    options = [
-      "mon_addr=10.0.40.40"
-      "secretfile=${config.age.secrets.cephUser.path}"
-    ];
-  };
-
-  services.cachefilesd.enable = true;
-
  fileSystems."/ceph" = {
    fsType = "ceph";
    device = "user@9c8d06e0-485f-4aaf-b16b-06d6daf1232b.cephfs=/";
    options = [
-      "fsc"
      "mon_addr=10.0.40.40"
      "secretfile=${config.age.secrets.cephUser.path}"
    ];
--- a/m/module/emulation.nix
+++ b/m/module/emulation.nix
@@ -1,3 +0,0 @@
-{
-  boot.binfmt.emulatedSystems = [ "armv7l-linux" "aarch64-linux" "powerpc64le-linux" "riscv64-linux" ];
-}
--- a/m/module/slurm-client.nix
+++ b/m/module/slurm-client.nix
@@ -47,8 +47,8 @@ in {
    ];

    partitionName = [
-      "owl Nodes=owl[1-2] Default=YES DefaultTime=01:00:00 MaxTime=INFINITE State=UP"
-      "all Nodes=owl[1-2],hut Default=NO DefaultTime=01:00:00 MaxTime=INFINITE State=UP"
+      "owl Nodes=owl[1-2] Default=YES MaxTime=INFINITE State=UP"
+      "all Nodes=owl[1-2],hut Default=NO MaxTime=INFINITE State=UP"
    ];

    # See slurm.conf(5) for more details about these options.
@@ -83,14 +83,6 @@ in {

      # Reduce port range so we can allow only this range in the firewall
      SrunPortRange=60000-61000
-
-      # Use cores as consumable resources. In SLURM terms, a core may have
-      # multiple hardware threads (or CPUs).
-      SelectType=select/cons_tres
-
-      # Ignore memory constraints and only use unused cores to share a node with
-      # other jobs.
-      SelectTypeParameters=CR_Core
    '';
  };

--- a/m/owl1/configuration.nix
+++ b/m/owl1/configuration.nix
@@ -4,10 +4,9 @@
  imports = [
    ../common/xeon.nix
    ../module/ceph.nix
-    ../module/emulation.nix
    ../module/slurm-client.nix
    ../module/slurm-firewall.nix
-    ../module/debuginfod.nix
+    ../module/slurm-hut-nix-store.nix
  ];

  # Select the this using the ID to avoid mismatches
--- a/m/owl2/configuration.nix
+++ b/m/owl2/configuration.nix
@@ -4,10 +4,9 @@
  imports = [
    ../common/xeon.nix
    ../module/ceph.nix
-    ../module/emulation.nix
    ../module/slurm-client.nix
    ../module/slurm-firewall.nix
-    ../module/debuginfod.nix
+    ../module/slurm-hut-nix-store.nix
  ];

  # Select the this using the ID to avoid mismatches
--- a/m/raccoon/configuration.nix
+++ b/m/raccoon/configuration.nix
@@ -8,12 +8,6 @@
  # Don't install Grub on the disk yet
  boot.loader.grub.device = "nodev";

-  # Enable serial console
-  boot.kernelParams = [
-    "console=tty1"
-    "console=ttyS1,115200"
-  ];
-
  networking = {
    hostName = "raccoon";
    # Only BSC DNSs seem to be reachable from the office VLAN
@@ -27,7 +21,11 @@

  # Configure Nvidia driver to use with CUDA
  hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.production;
-  hardware.graphics.enable = true;
+  hardware.opengl = {
+    enable = true;
+    driSupport = true;
+    setLdLibraryPath = true;
+  };
  nixpkgs.config.allowUnfree = true;
  nixpkgs.config.nvidia.acceptLicense = true;
  services.xserver.videoDrivers = [ "nvidia" ];
--- a/secrets/gitlab-bsc-es-token.age
+++ b/secrets/gitlab-bsc-es-token.age
@@ -0,0 +1,11 @@
+age-encryption.org/v1
+-> ssh-ed25519 HY2yRg caTbx0NBmsTSmZH4HtBaxhsauWqWUDTesJqT08UsoEQ
+8ND31xuco+H8d5SKg8xsCFRPVDhU4d8UKwV1BnmKVjQ
+-> ssh-ed25519 CAWG4Q 4ETYuhCwHHECkut4DWDknMMgpAvFqtzLWVC2Wi2L8FM
+BGMvRnAfd8qZG5hzLefmk32FkGvwzE9pqBUyx4JY0co
+-> ssh-ed25519 MSF3dg hj5QL4ZfylN8/W/MXQHvVqtI7mRvlQOYr8HsaQEmPB0
+kvB7sljmmkswSGZDQnrwdTbTsN78EAwH3pz1pPe0Hu0
+-> )Q-grease vHF} [8p1> @7z;C"/
+tgSUKFyyrf2jLXZp+pakigwB2fRO/WFj2Qnt1aPjtVPEK92JbJ4
+--- xzM0AhV4gTQE0Q7inJNo9vFj+crJQxWeI7u9pl7bqAI
+<05>6nGJ<47>0B<03><>7F<37><46><EFBFBD>b<EFBFBD>ٽ2<D9BD>L<EFBFBD><4C><EFBFBD>]<18>2zl<7A><6C>&e<>K<EFBFBD>x<EFBFBD><78><EFBFBD>9SWN<19>V"Mf<4D><66><EFBFBD><EFBFBD>KHUC:1b;9St<53><74><EFBFBD><EFBFBD>Duѧ<75><D1A7>Ϣ<EFBFBD>̟<04><02><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>f<EFBFBD>7<1D><>1<>I(<28>d<><64><EFBFBD><EFBFBD><EFBFBD><0C>
--- a/secrets/gitlab-runner-docker-token.age
+++ b/secrets/gitlab-runner-docker-token.age
@@ -1,9 +0,0 @@
-age-encryption.org/v1
-> ssh-ed25519 HY2yRg WvKK6U1wQtx2pbUDfuaUIXTQiCulDkz7hgUCSwMfMzQ
-jLktUMqKuVxukqzz++pHOKvmucUQqeKYy5IwBma7KxY
-> ssh-ed25519 CAWG4Q XKGuNNoYFl9bdZzsqYYTY7GsEt5sypLW4R+1uk78NmU
-8dIA2GzRAwTGM5CDHSM2BUBsbXzEAUssWUz2PY2PaTg
-> ssh-ed25519 MSF3dg T630RsKuZIF/bp+KITnIIWWHsg6M/VQGqbWQZxqT+AA
-SraZcgZJVtmUzHF/XR9J7aK5t5EDNpkC/av/WJUT/G8
--- /12G8pj9sbs591OM/ryhoLnSWWmzYcoqprk9uN/3g18
-<EFBFBD><EFBFBD><EFBFBD><01>%<25>]yi"<22><><EFBFBD>L<EFBFBD><0B><>H`<60>a$<24><>)<29>9ve<76>.0<EFBFBD>m<EFBFBD>K<EFBFBD>v<EFBFBD><EFBFBD><0B>u"|1c<31>-%<25><>"<22>WF<12><><EFBFBD>A<EFBFBD><41>h<EFBFBD>$<05><>j<e<><65>x<EFBFBD>Lx<4C><78>.?<3F><><EFBFBD>:L<><4C><EFBFBD><EFBFBD>,<2C>u<EFBFBD>|<7C><>F|<7C>i<EFBFBD><69><EFBFBD>
--- a/secrets/gitlab-runner-shell-token.age
+++ b/secrets/gitlab-runner-shell-token.age
--- a/secrets/nosv-token.age
+++ b/secrets/nosv-token.age
@@ -0,0 +1,11 @@
+age-encryption.org/v1
+-> ssh-ed25519 HY2yRg hrdS7Dl/j+u3XVfM79ZJpZSlre9TcD7DTQ+EEAT6kEE
+avUO96P1h7w2BYWgrQ7GpUgdaCV9AZL7eOTTcF9gfro
+-> ssh-ed25519 CAWG4Q A5raRY1CAgFYZgoQ92GMyNejYNdHx/7Y6uTS+EjLPWA
+FRFqT2Jz7qRcybaxkQTKHGl797LVXoHpYG4RZSrX/70
+-> ssh-ed25519 MSF3dg D+R80Bg7W9AuiOMAqtGFZQl994dRBIegYRLmmTaeZ3o
+BHvZsugRiuZ91b4jk91h30o3eF3hadSnVCwxXge95T8
+-> BT/El`a-grease W{nq|Vm )bld 2Nl}4 N$#JGB4t
+oLG+0S1aGfO/ohCfgGmhDhwwLi4H
+--- 2I5C+FvBG/K1ZHh7C5QD39feTSLoFGwcTeZAmeILNsI
+<EFBFBD><EFBFBD>W<EFBFBD>o<> <14><>d;<3B><>C<EFBFBD>.<2E><>_(<28>u
--- a/secrets/ovni-token.age
+++ b/secrets/ovni-token.age
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -6,9 +6,10 @@ let
  safe = keys.hostGroup.safe ++ adminsKeys;
 in
 {
+  "gitlab-bsc-es-token.age".publicKeys = hut;
  "gitea-runner-token.age".publicKeys = hut;
-  "gitlab-runner-docker-token.age".publicKeys = hut;
-  "gitlab-runner-shell-token.age".publicKeys = hut;
+  "ovni-token.age".publicKeys = hut;
+  "nosv-token.age".publicKeys = hut;
  "nix-serve.age".publicKeys = hut;
  "jungle-robot-password.age".publicKeys = hut;
Author	SHA1	Message	Date
Rodrigo Arias Mallo	44e518873c	Move vlopez user to jungleUsers for koro host Access to other machines can be easily added into the "hosts" attribute without the need to replicate the configuration.	2024-06-07 10:47:13 +02:00
Rodrigo Arias Mallo	9f065fd7fb	Add raccoon motd file	2024-06-07 10:47:13 +02:00
Rodrigo Arias Mallo	ccf9b1cf4d	Add documentation section about GRUB chain loading	2024-06-07 10:47:13 +02:00
Rodrigo Arias Mallo	37073f017d	Add raccoon workstation with Nvidia GPU The raccoon workstation has a Nvidia GTX 960 GPU which will be used for CUDA experiments. The configuration uses the production Nvidia driver at version 550 which still supports the GPU. The current CUDA 12.2 version is also supported by the driver. The workstation has Internet access directly from the gateway, but name resolution via Google DNS servers seems to be blocked, so we use BSC servers for now. The NixOS system is installed in a partition alongside the old Debian system, until we decide that is no longer neccesary to keep both. The old /home partition is not used as we are using the same UIDs and groups from the xeon machines, which don't match the ones here.	2024-06-07 10:47:10 +02:00
Rodrigo Arias Mallo	4077a87021	Split xeon specific configuration from base To accomodate the raccoon knights workstation, some of the configuration pulled by m/common/main.nix has to be removed. To solve it, the xeon specific parts are placed into m/common/xeon.nix and only the common configuration is at m/common/base.nix.	2024-06-07 10:45:46 +02:00
Rodrigo Arias Mallo	cc31cb30c3	Control user access to each machine The users.jungleUsers configuration option behaves like the users.users option, but defines the list attribute `hosts` for each user, which filters users so that only the user can only access those hosts.	2024-06-07 10:45:46 +02:00
Rodrigo Arias Mallo	1dd7550459	Add PostgreSQL DB for performance tests results The database will hold the performance results of the execution of the benchmarks. We follow the same setup on knights3 for now.	2024-06-07 10:44:22 +02:00