Limit slurm partition users with AllowGroups

Fixes: #245

m/common/base/users.nix

@@ -134,7 +134,7 @@
         home = "/home/Computational/varcila";
         description = "Vincent Arcila";
         group = "Computational";
-        hosts = [ "apex" "hut" "tent" "fox" "owl1" "owl2" ];
+        hosts = [ "apex" "hut" "tent" "fox" ];
         hashedPassword = "$6$oB0Tcn99DcM4Ch$Vn1A0ulLTn/8B2oFPi9wWl/NOsJzaFAWjqekwcuC9sMC7cgxEVb.Nk5XSzQ2xzYcNe5MLtmzkVYnRS1CqP39Y0";
         openssh.authorizedKeys.keys = [
           "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKGt0ESYxekBiHJQowmKpfdouw0hVm3N7tUMtAaeLejK vincent@varch"
@@ -224,6 +224,8 @@
 
     groups = {
       Computational = { gid = 564; };
+      fox = { gid = 565; };
+      owl = { gid = 566; };
       tracing = { };
     };
   };

m/hut/gitlab-runner.nix

@@ -61,8 +61,6 @@
         registrationFlags = [
           # Increase build log length to 64 MiB
           "--output-limit 65536"
-          # Allow the runner to be used in multiple projects
-          "--locked=false"
         ];
         preBuildScript = pkgs.writeScript "setup-container" ''
           mkdir -p -m 0755 /nix/var/log/nix/drvs

m/hut/ompss2-timer.nix

@@ -29,7 +29,6 @@
     closing = pkgs.writeText "closing.txt"
     ''
       Subject: OmpSs-2 release enters closing period
-      To: star@bsc.es
 
       Hi,
 
@@ -43,7 +42,6 @@
     freeze = pkgs.writeText "freeze.txt"
     ''
       Subject: OmpSs-2 release enters freeze period
-      To: star@bsc.es
 
       Hi,
 
@@ -57,7 +55,6 @@
     release = pkgs.writeText "release.txt"
     ''
       Subject: OmpSs-2 release now
-      To: star@bsc.es
 
       Hi,
 
@@ -72,7 +69,7 @@
         script = ''
           set -eu
           set -o pipefail
-          cat ${mail} | ${config.security.wrapperDir}/sendmail -t star@bsc.es
+          cat ${mail} | ${config.security.wrapperDir}/sendmail star@bsc.es
         '';
         serviceConfig = {
           Type = "oneshot";

m/module/jungle-users.nix

@@ -17,8 +17,13 @@ with lib;
     allowedUser = host: userConf: builtins.elem host userConf.hosts;
     filterUsers = host: users: filterAttrs (n: v: allowedUser host v) users;
     removeHosts = users: mapAttrs (n: v: builtins.removeAttrs v [ "hosts" ]) users;
+    addExtraGroups = mapAttrs (_: user: user // {
+        extraGroups = (user.extraGroups or [ ])
+          ++ (lib.optionals (allowedUser "fox" user) [ "fox" ])
+          ++ (lib.optionals (allowedUser "owl1" user || allowedUser "owl2" user) [ "owl" ]);
+      });
     currentHost = config.networking.hostName;
   in {
-    users.users = removeHosts (filterUsers currentHost config.users.jungleUsers);
+    users.users = removeHosts (addExtraGroups (filterUsers currentHost config.users.jungleUsers));
   };
 }

m/module/slurm-common.nix

@@ -10,8 +10,8 @@
     ];
 
     partitionName = [
-      "owl Nodes=owl[1-2]     Default=YES DefaultTime=01:00:00 MaxTime=INFINITE State=UP"
+      "owl Nodes=owl[1-2]     Default=YES DefaultTime=01:00:00 MaxTime=INFINITE State=UP AllowGroups=wheel,owl"
-      "fox Nodes=fox          Default=NO  DefaultTime=01:00:00 MaxTime=INFINITE State=UP"
+      "fox Nodes=fox          Default=NO  DefaultTime=01:00:00 MaxTime=INFINITE State=UP AllowGroups=wheel,fox"
     ];
 
     # See slurm.conf(5) for more details about these options.
@@ -54,11 +54,6 @@
       LaunchParameters=use_interactive_step
       SlurmdDebug=debug5
       #DebugFlags=Protocol,Cgroup
-
-      # Follow PAM rules for users requesting access to a node via SLURM, so
-      # that the need to have a local account. Otherwise SLURM only takes into
-      # account the credentials at the login node.
-      UsePAM=1
     '';
 
     extraCgroupConfig = ''

pkgs/llvm-ompss2/clang.nix

@@ -3,7 +3,6 @@
 , lib
 , fetchFromGitHub
 , cmake
-, ninja
 , bash
 , python3
 , perl
@@ -63,7 +62,6 @@ in stdenv.mkDerivation {
   nativeBuildInputs = [
     bash
     cmake
-    ninja
     elfutils
     llvmPackages_latest.lld
     pkg-config