diff --git a/machines/manager/secrets/ldap-sync.conf b/machines/manager/secrets/ldap-sync.conf index 05232e8..07de2a0 100644 --- a/machines/manager/secrets/ldap-sync.conf +++ b/machines/manager/secrets/ldap-sync.conf @@ -1,5 +1,5 @@ { - "data": "ENC[AES256_GCM,data:P/MCZdzK9TmH9UYNj0+FrA71cRTGylDNxbvY2z21RaCm5m3adh5laQWcGQMPA7dv7TLkniIOb5FOW/7bPwRlmnul/h1sjML6DnpnxDeKAt8jJaGtNJ6G7VkClObGxfaDvBJ2j8EEzjPIdIAISc7QTSOc91gN0U7TF3xZUkDwlxvsL1IK0oqvcSOf8HPB5TxmToe6tns8Ctaugl2h8N0yo4NTK4kFtE1BO8XT4n17KLJAsaIkbg5Rox3AgPOBIdOhbajpWWgpJEbIa38gO66V4ep93Iy7yrJHVt2jJ/bH31wQouxn/FFitLnxqe4naJjrw6XP2auLgEPfM95B7rsRrDH/HYW1hXsJklVc349qZm593eI3SnkDcUow1RxE6eIqXqU1mdBWIiE7RCyxdSgXwtQ2AZu3n+5m+V5wGHTBOuJPbOxX91LmXcX0pyzxrYigZNNUDCJTY02uQuyr8x8XFrYOvr3UuAfCFrWNQTcKYo7QlwgkPvKekYRMklkQ6f6pPwoyrNotSboSz0tThwVKP7c0XUlT4Yi9sEe50b4C6CAz1iw4UI/Z2UFz022H/gV4qx2BAIDKyFaFxSjEB7zZ4B42PIRLx/D7MFx1ie436TCqicYowQFg/ZGVZLvcE+iChAtI1Kl6h45eYI59XCqgfYce5KAAiwHdCkHqlkR66JPQc3Bu4xOsas8e441mQ1HGuHOmEwNbkXum/S4gDT+YFQkjrASuzFsxAVOFsj1gtXhoWscP47c+YszVH7iCCt/iXNZFFaITjWAk8mSnVLkshbeqEYpE57UsVDlv3gjPbwXARTAIDr1//puMGOhUM5JvLcxExq8q67A9+DSr+eKVZLCFxqjxyWvwf/Zx5WwiH1LuWMdMHPXDENoE49zlZHfiia6p3RWTvgPtP7ag/J0fyUKhF/SHmFExeAB1gcnrWaMKCUxfBpwM6rs58oAEgk+Sd4YXPgHjM6QEA4I9OJ2g8yoSIUVu8mkLFZhpId46tRPE5Wup5zd4dvKUCe51rD511pT5GtpYsRex+7VQLbVYDm0hgEVrKPnvgANWnHDdI7sW/sfNfC3k9MtMhIDpWZxO4fB/CMkfbJxt8s+pxI3ukzYMfpOo0Kj/Olmj2sotePwmcD8ARSBmlaeKojcay6jFpE1zVJw2iaJNENk=,iv:Mkq9T1fe9r18E4cumOxoG/u8MZ6Jv1Ee7P5ynJ2uTLo=,tag:/VHv16mSinntACDZALgA/g==,type:str]", + "data": "ENC[AES256_GCM,data:N2iJKT62rRhA0uW9+bGzLVg+cwnF6FB9Wnn02MAeFlw2BNKF5zo8kTCE6t5QiyXRafCIWRWFyBR12js2WeD8WPX2wIRpeGNeZboQRN/PBtRA5OohAbyOqCerDbqRpbUnxAF7qpi+DYHyfofITm09FryS2qh/q2a7FMfwRt7HzJlxKsYk/viFvkTelBq8nbx32V1g0sEAflG41DpzYyffDymR4CLwWmw5i8H3UQEhfhVP/9VAHf74r9D/4lxspiQZJ01b2gJkJ+MOWZgE6QSfY0ILMIRquLpjrE++mt4NXZY5sp6ZzsFyI83rwGE4aMrvL3uWZDrUp02hWHegm3kZ5BJQuYdIV2YHprh/0N17az6kQrvbVpTu2WScyt8nyFEYtISX8AVsGHql7JtOaBsmkViq9oS7aExYPGg+b6ef6qhEMAYDJWVA/dxTRSLOaUnC0sYg5Q9kRvdjtxtdf5hmnES7QdvZMihSLwF7EssEF/WpPj8vHbRr8C/FpDBrki1xlbQRliNTk0RlQ0w+LfjU9n0xSGaRq3VEF+Gat/KtxQSGi6B80i/6PR6XM86DDQR15eBO2PPrinzvFAccgm7F4/T9kWAfN9hJSSCBSCupn2d87xAn2PyuqCgLfi6wBES80EjXe8BTExFeMfUN0qxzp9XVDPuChIieSk69oQ/YRHmVgG23M+YQ1GHrtAcoYCNDH6eYD7ao3oJFYsaUPrRR86HbcVeFqpjiQa0iDLn5/0K4WZeMgVPA8Hramkbx/rgGAESAAOfFpB1PTkdHva34MVqQM6RGF97ANKA/4r+/YuOtEr5AyrAhYoJUAHI+nZCv8epVFj3XNDAUq3tkd7a1hbbcSRcczt/diQsQBz8f1ori+jGyDIXhaAKktOYs046sEpy3YULcpkhiztFsL9+Ps7UOpH+VfS2QeA8WRmBiNiUzLMykP4hZgGZNP35sQ8j13V4pyAuoCl85zDUHmjkpWLJsfrl431JJVNjoB2hCiloLFqbjYrnXoUoytYPJs1KU1tl+dQGcWOQWaRou8QIVGVu2mbW0Tdi9xStJ+mOVqXbdawRspGZkUAlemmz0HxGI+susvlpS+VsqPfNHj7X5WGrZVaZYpYy6O4UfcYPtkeqfLTfvIUVuch9BC5FIyA8dwMr9N7/aWPP+bJupMIRO,iv:7JGYvq0NGtUeBJbSYM47j520h87BwghfvRZX4AvFmhM=,tag:ghKC0C7yOfe5ePkNLOIaKA==,type:str]", "sops": { "kms": null, "gcp_kms": null, @@ -15,8 +15,8 @@ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHOUsrS2tyTUVEUEZaN3pR\nR0drZ3JDdUtMRHhJaGtONWtwK2Ftc1JsUFRJCjZtYXFubmlpTWtHNVpRU1ZhdThl\nUFVXUERDazdvSGtDOXc1VFNqeTRKRGcKLS0tIDhTdWhWU0dCUUYrZkdSRkVxbGFE\nYkg2Nk42VnUwZFhZVXdsWHFKYnUrMVEK0Aj6aON/QIFT2fsv2D9Ajvu+f6mHT4Q3\nm5uo99snnGEl3VIcvhC2yKGEtw3XOVpCfk5xHYLV2nlSs4WCc2DrkA==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2023-08-24T13:12:16Z", - "mac": "ENC[AES256_GCM,data:1zIxWiMGyS25X4C+Her3aJS2c3NdCunX0GyOTdGScavzbgv10ndjrkGPk/uuvTGY2DquGUxdQFu4Pot8zsAM3c5mCnl1ebTWLNQaS8futgllbGJG+EnOr7gUzg518GhmuKm87AN/HdcU0rTNPn3vDx3bTzo7znecSdi0v/6tOPI=,iv:rnyg7+YWN9VrJzli8hdNnQshl/qC80n5Ya3gYB8Yshs=,tag:u5aE64fUhuLuvWXk0ZF4vA==,type:str]", + "lastmodified": "2023-09-10T09:39:37Z", + "mac": "ENC[AES256_GCM,data:IE/GHU+0Mlt5hSOUxF9cGe0kMweuPJ3A8I9C6ZZUMeGPT3XLiaWarlVNw3JwnwQ3cn6U4gHc3UdpVM3Ia5W1Qozm0LB/KhMVfBRNXAWWhYqt33Z6V9rcchtUrb94ET/98mRCeqDbJk8UvniXeSj4edWILZM4xEslccbnncx01GU=,iv:3YiShgapFLiAhBgHsVUyKNrBvvme+WL0Z1xziRLjGkg=,tag:uFbWy1XNrpWACdJjZE9rcQ==,type:str]", "pgp": [ { "created_at": "2023-06-26T09:22:36Z", diff --git a/machines/manager/users.nix b/machines/manager/users.nix index 5d42f54..d73185e 100644 --- a/machines/manager/users.nix +++ b/machines/manager/users.nix @@ -3,13 +3,17 @@ with lib; { - programs.ssh = { - package = pkgs.openssh.overrideAttrs (final: prev: { - patches = prev.patches ++ [ - ../../patches/openssh-keysign-check-remove.patch - ]; - }); + nixpkgs.overlays = [ + (self: super: { + openssh = super.openssh.overrideAttrs (final: prev: { + patches = prev.patches ++ [ + ../../patches/openssh-keysign-check-remove.patch + ]; + }); + }) + ]; + programs.ssh = { extraConfig = '' EnableSSHKeysign yes diff --git a/machines/node/users.nix b/machines/node/users.nix index cff5362..a3e8cec 100644 --- a/machines/node/users.nix +++ b/machines/node/users.nix @@ -16,7 +16,9 @@ with lib; }; services.openssh = { - #logLevel = "DEBUG3"; + settings = { + #LogLevel = "DEBUG3"; + }; extraConfig = '' IgnoreRhosts no diff --git a/shared/default.nix b/shared/default.nix index ddc692c..814fc17 100644 --- a/shared/default.nix +++ b/shared/default.nix @@ -39,6 +39,7 @@ htop iotop iftop + file ]; nix.nixPath = [ diff --git a/shared/userenv.nix b/shared/userenv.nix index c697a64..49b3d24 100644 --- a/shared/userenv.nix +++ b/shared/userenv.nix @@ -1,51 +1,73 @@ -{ pkgs, lib, ... }: +# This is the environment that we show for the users. +# Hear me out... I already regrett doing this while writing this, but (l)users +# are not willing to pick up the nix-struggle for the greater benefit. So, here +# I am building this shit that I know will fall apart soon. + +{ pkgs, lib, config, ... }: with lib; let - userenv = pkgs.buildFHSUserEnv { + userenv = pkgs.buildEnv { name = "userenv"; - targetPkgs = pkgs: with pkgs; [ - git - postgresql - postgresql.lib - papi - gcc - gdb - gnumake - valgrind + paths = with pkgs; [ autoconf automake - perl - zlib - python3 - libtool + bash + coreutils + curl + fd flex - pandoc + gcc + gdb + git + gnumake hwloc - munge - numactl libbfd libiberty + libtool + munge + nano + numactl + openmpi + openssh + pandoc + papi + perl pkgconfig + postgresql + postgresql.lib + python3 + ripgrep + tmux ucx - openmpi + valgrind vim - nano wget - curl - tmux - fd - ripgrep - bash + zlib ]; + + ignoreCollisions = false; + + inherit (config.environment) pathsToLink extraOutputsToInstall; }; + in { - environment.systemPackages = [ userenv ]; + # environment.systemPackages = [ userenv ]; - # Install userenv to a well-known path - system.systemBuilderCommands = '' - ln -s ${userenv}/bin/userenv $out/userenv + environment.extraInit = '' + if [[ "$(id -gn)" -eq "cluster" ]]; then + export PKG_CONFIG_PATH="${makeSearchPath "lib/pkgconfig" config.environment.profiles}" + fi ''; + + environment.profiles = [ + "/etc/profiles/per-group/$(id -gn)" + ]; + + environment.etc."userenv" = { + target = "profiles/per-group/cluster"; + source = userenv; + }; }