hpc
/
nixcfg
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

Less FHS user env

main
Dustin Frisch 8 months ago
parent
5ad108a0ab
commit
44af03af7c
No known key found for this signature in database GPG Key ID: B4C3BF012D9B26BE
5 changed files with 68 additions and 39 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 6
      machines/manager/secrets/ldap-sync.conf
  2. 16
      machines/manager/users.nix
  3. 4
      machines/node/users.nix
  4. 1
      shared/default.nix
  5. 80
      shared/userenv.nix

6
machines/manager/secrets/ldap-sync.conf
View File

@ -1,5 +1,5 @@
{ {
"data": "ENC[AES256_GCM,data:P/MCZdzK9TmH9UYNj0+FrA71cRTGylDNxbvY2z21RaCm5m3adh5laQWcGQMPA7dv7TLkniIOb5FOW/7bPwRlmnul/h1sjML6DnpnxDeKAt8jJaGtNJ6G7VkClObGxfaDvBJ2j8EEzjPIdIAISc7QTSOc91gN0U7TF3xZUkDwlxvsL1IK0oqvcSOf8HPB5TxmToe6tns8Ctaugl2h8N0yo4NTK4kFtE1BO8XT4n17KLJAsaIkbg5Rox3AgPOBIdOhbajpWWgpJEbIa38gO66V4ep93Iy7yrJHVt2jJ/bH31wQouxn/FFitLnxqe4naJjrw6XP2auLgEPfM95B7rsRrDH/HYW1hXsJklVc349qZm593eI3SnkDcUow1RxE6eIqXqU1mdBWIiE7RCyxdSgXwtQ2AZu3n+5m+V5wGHTBOuJPbOxX91LmXcX0pyzxrYigZNNUDCJTY02uQuyr8x8XFrYOvr3UuAfCFrWNQTcKYo7QlwgkPvKekYRMklkQ6f6pPwoyrNotSboSz0tThwVKP7c0XUlT4Yi9sEe50b4C6CAz1iw4UI/Z2UFz022H/gV4qx2BAIDKyFaFxSjEB7zZ4B42PIRLx/D7MFx1ie436TCqicYowQFg/ZGVZLvcE+iChAtI1Kl6h45eYI59XCqgfYce5KAAiwHdCkHqlkR66JPQc3Bu4xOsas8e441mQ1HGuHOmEwNbkXum/S4gDT+YFQkjrASuzFsxAVOFsj1gtXhoWscP47c+YszVH7iCCt/iXNZFFaITjWAk8mSnVLkshbeqEYpE57UsVDlv3gjPbwXARTAIDr1//puMGOhUM5JvLcxExq8q67A9+DSr+eKVZLCFxqjxyWvwf/Zx5WwiH1LuWMdMHPXDENoE49zlZHfiia6p3RWTvgPtP7ag/J0fyUKhF/SHmFExeAB1gcnrWaMKCUxfBpwM6rs58oAEgk+Sd4YXPgHjM6QEA4I9OJ2g8yoSIUVu8mkLFZhpId46tRPE5Wup5zd4dvKUCe51rD511pT5GtpYsRex+7VQLbVYDm0hgEVrKPnvgANWnHDdI7sW/sfNfC3k9MtMhIDpWZxO4fB/CMkfbJxt8s+pxI3ukzYMfpOo0Kj/Olmj2sotePwmcD8ARSBmlaeKojcay6jFpE1zVJw2iaJNENk=,iv:Mkq9T1fe9r18E4cumOxoG/u8MZ6Jv1Ee7P5ynJ2uTLo=,tag:/VHv16mSinntACDZALgA/g==,type:str]",
"data": "ENC[AES256_GCM,data:N2iJKT62rRhA0uW9+bGzLVg+cwnF6FB9Wnn02MAeFlw2BNKF5zo8kTCE6t5QiyXRafCIWRWFyBR12js2WeD8WPX2wIRpeGNeZboQRN/PBtRA5OohAbyOqCerDbqRpbUnxAF7qpi+DYHyfofITm09FryS2qh/q2a7FMfwRt7HzJlxKsYk/viFvkTelBq8nbx32V1g0sEAflG41DpzYyffDymR4CLwWmw5i8H3UQEhfhVP/9VAHf74r9D/4lxspiQZJ01b2gJkJ+MOWZgE6QSfY0ILMIRquLpjrE++mt4NXZY5sp6ZzsFyI83rwGE4aMrvL3uWZDrUp02hWHegm3kZ5BJQuYdIV2YHprh/0N17az6kQrvbVpTu2WScyt8nyFEYtISX8AVsGHql7JtOaBsmkViq9oS7aExYPGg+b6ef6qhEMAYDJWVA/dxTRSLOaUnC0sYg5Q9kRvdjtxtdf5hmnES7QdvZMihSLwF7EssEF/WpPj8vHbRr8C/FpDBrki1xlbQRliNTk0RlQ0w+LfjU9n0xSGaRq3VEF+Gat/KtxQSGi6B80i/6PR6XM86DDQR15eBO2PPrinzvFAccgm7F4/T9kWAfN9hJSSCBSCupn2d87xAn2PyuqCgLfi6wBES80EjXe8BTExFeMfUN0qxzp9XVDPuChIieSk69oQ/YRHmVgG23M+YQ1GHrtAcoYCNDH6eYD7ao3oJFYsaUPrRR86HbcVeFqpjiQa0iDLn5/0K4WZeMgVPA8Hramkbx/rgGAESAAOfFpB1PTkdHva34MVqQM6RGF97ANKA/4r+/YuOtEr5AyrAhYoJUAHI+nZCv8epVFj3XNDAUq3tkd7a1hbbcSRcczt/diQsQBz8f1ori+jGyDIXhaAKktOYs046sEpy3YULcpkhiztFsL9+Ps7UOpH+VfS2QeA8WRmBiNiUzLMykP4hZgGZNP35sQ8j13V4pyAuoCl85zDUHmjkpWLJsfrl431JJVNjoB2hCiloLFqbjYrnXoUoytYPJs1KU1tl+dQGcWOQWaRou8QIVGVu2mbW0Tdi9xStJ+mOVqXbdawRspGZkUAlemmz0HxGI+susvlpS+VsqPfNHj7X5WGrZVaZYpYy6O4UfcYPtkeqfLTfvIUVuch9BC5FIyA8dwMr9N7/aWPP+bJupMIRO,iv:7JGYvq0NGtUeBJbSYM47j520h87BwghfvRZX4AvFmhM=,tag:ghKC0C7yOfe5ePkNLOIaKA==,type:str]",
"sops": { "sops": {
"kms": null, "kms": null,
"gcp_kms": null, "gcp_kms": null,
@ -15,8 +15,8 @@
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHOUsrS2tyTUVEUEZaN3pR\nR0drZ3JDdUtMRHhJaGtONWtwK2Ftc1JsUFRJCjZtYXFubmlpTWtHNVpRU1ZhdThl\nUFVXUERDazdvSGtDOXc1VFNqeTRKRGcKLS0tIDhTdWhWU0dCUUYrZkdSRkVxbGFE\nYkg2Nk42VnUwZFhZVXdsWHFKYnUrMVEK0Aj6aON/QIFT2fsv2D9Ajvu+f6mHT4Q3\nm5uo99snnGEl3VIcvhC2yKGEtw3XOVpCfk5xHYLV2nlSs4WCc2DrkA==\n-----END AGE ENCRYPTED FILE-----\n" "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHOUsrS2tyTUVEUEZaN3pR\nR0drZ3JDdUtMRHhJaGtONWtwK2Ftc1JsUFRJCjZtYXFubmlpTWtHNVpRU1ZhdThl\nUFVXUERDazdvSGtDOXc1VFNqeTRKRGcKLS0tIDhTdWhWU0dCUUYrZkdSRkVxbGFE\nYkg2Nk42VnUwZFhZVXdsWHFKYnUrMVEK0Aj6aON/QIFT2fsv2D9Ajvu+f6mHT4Q3\nm5uo99snnGEl3VIcvhC2yKGEtw3XOVpCfk5xHYLV2nlSs4WCc2DrkA==\n-----END AGE ENCRYPTED FILE-----\n"
} }
], ],
"lastmodified": "2023-08-24T13:12:16Z",
"mac": "ENC[AES256_GCM,data:1zIxWiMGyS25X4C+Her3aJS2c3NdCunX0GyOTdGScavzbgv10ndjrkGPk/uuvTGY2DquGUxdQFu4Pot8zsAM3c5mCnl1ebTWLNQaS8futgllbGJG+EnOr7gUzg518GhmuKm87AN/HdcU0rTNPn3vDx3bTzo7znecSdi0v/6tOPI=,iv:rnyg7+YWN9VrJzli8hdNnQshl/qC80n5Ya3gYB8Yshs=,tag:u5aE64fUhuLuvWXk0ZF4vA==,type:str]",
"lastmodified": "2023-09-10T09:39:37Z",
"mac": "ENC[AES256_GCM,data:IE/GHU+0Mlt5hSOUxF9cGe0kMweuPJ3A8I9C6ZZUMeGPT3XLiaWarlVNw3JwnwQ3cn6U4gHc3UdpVM3Ia5W1Qozm0LB/KhMVfBRNXAWWhYqt33Z6V9rcchtUrb94ET/98mRCeqDbJk8UvniXeSj4edWILZM4xEslccbnncx01GU=,iv:3YiShgapFLiAhBgHsVUyKNrBvvme+WL0Z1xziRLjGkg=,tag:uFbWy1XNrpWACdJjZE9rcQ==,type:str]",
"pgp": [ "pgp": [
{ {
"created_at": "2023-06-26T09:22:36Z", "created_at": "2023-06-26T09:22:36Z",

16
machines/manager/users.nix
View File

@ -3,13 +3,17 @@
with lib; with lib;
{ {
programs.ssh = {
package = pkgs.openssh.overrideAttrs (final: prev: {
patches = prev.patches ++ [
../../patches/openssh-keysign-check-remove.patch
];
});
nixpkgs.overlays = [
(self: super: {
openssh = super.openssh.overrideAttrs (final: prev: {
patches = prev.patches ++ [
../../patches/openssh-keysign-check-remove.patch
];
});
})
];
programs.ssh = {
extraConfig = '' extraConfig = ''
EnableSSHKeysign yes EnableSSHKeysign yes

4
machines/node/users.nix
View File

@ -16,7 +16,9 @@ with lib;
}; };
services.openssh = { services.openssh = {
#logLevel = "DEBUG3";
settings = {
#LogLevel = "DEBUG3";
};
extraConfig = '' extraConfig = ''
IgnoreRhosts no IgnoreRhosts no

1
shared/default.nix
View File

@ -39,6 +39,7 @@
htop htop
iotop iotop
iftop iftop
file
]; ];
nix.nixPath = [ nix.nixPath = [

80
shared/userenv.nix
View File

@ -1,51 +1,73 @@
{ pkgs, lib, ... }:
# This is the environment that we show for the users.
# Hear me out... I already regrett doing this while writing this, but (l)users
# are not willing to pick up the nix-struggle for the greater benefit. So, here
# I am building this shit that I know will fall apart soon.
{ pkgs, lib, config, ... }:
with lib; with lib;
let let
userenv = pkgs.buildFHSUserEnv {
userenv = pkgs.buildEnv {
name = "userenv"; name = "userenv";
targetPkgs = pkgs: with pkgs; [
git
postgresql
postgresql.lib
papi
gcc
gdb
gnumake
valgrind
paths = with pkgs; [
autoconf autoconf
automake automake
perl
zlib
python3
libtool
bash
coreutils
curl
fd
flex flex
pandoc
gcc
gdb
git
gnumake
hwloc hwloc
munge
numactl
libbfd libbfd
libiberty libiberty
libtool
munge
nano
numactl
openmpi
openssh
pandoc
papi
perl
pkgconfig pkgconfig
postgresql
postgresql.lib
python3
ripgrep
tmux
ucx ucx
openmpi
valgrind
vim vim
nano
wget wget
curl
tmux
fd
ripgrep
bash
zlib
]; ];
ignoreCollisions = false;
inherit (config.environment) pathsToLink extraOutputsToInstall;
}; };
in in
{ {
environment.systemPackages = [ userenv ];
# environment.systemPackages = [ userenv ];
# Install userenv to a well-known path
system.systemBuilderCommands = ''
ln -s ${userenv}/bin/userenv $out/userenv
environment.extraInit = ''
if [[ "$(id -gn)" -eq "cluster" ]]; then
export PKG_CONFIG_PATH="${makeSearchPath "lib/pkgconfig" config.environment.profiles}"
fi
''; '';
environment.profiles = [
"/etc/profiles/per-group/$(id -gn)"
];
environment.etc."userenv" = {
target = "profiles/per-group/cluster";
source = userenv;
};
} }
Write Preview
Loading…
Cancel
Save