feat: enable slurm jwt and remove slocket proxy

.gitignore

@@ -1,5 +1,6 @@
 *.pem
 *.csr
+*.key
 result
 result-*
 gcroots/

modules/hpc/slurm.nix

@@ -11,6 +11,12 @@ let
         uid = cfg.mungeUid;
         gid = 0;
     };
+    environment.etc."slurmctld/jwt_hs256.key" = {
+        source = cfg.jwtKey;
+        mode = "0400";
+        uid = cfg.slurmUid;
+        gid = 0;
+    };
 
     services.slurm = {
       controlMachine = cfg.controlMachine;
@@ -24,8 +30,8 @@ let
         MailProg=/run/wrappers/bin/sendmail
         SelectType=select/cons_tres
         SelectTypeParameters=CR_Core
-        # AuthAltTypes=auth/jwt
+        AuthAltTypes=auth/jwt
-        # AuthAltParameters=jwt_key=/var/spool/slurm/statesave/jwt_hs256.key
+        AuthAltParameters=jwt_key=/etc/slurmctld/jwt_hs256.key
       '';
     };
 
@@ -34,7 +40,6 @@ let
     nixpkgs.overlays = [ slurm-ucx ];
   };
 
-
   slurmServer = {
     services.mysql = {
       enable = true;
@@ -60,7 +65,7 @@ let
       # '';
       dbdserver = {
         enable = true;
-        # dbdHost = cfg.controlMachine;
+        dbdHost = cfg.dbdHost;
         # storagePass  = cfg.storagePass;
       };
     };
@@ -113,8 +118,14 @@ let
     };
   };
 
+
   slurmrestd = {
-    systemd.tmpfiles.rules = [ "d /run/slurmrestd 0750 hipster hipster -" ];
+    services.dnsmasq.enable = true;
+    services.dnsmasq.settings = {
+      domain = [ "cluster.local"  ];
+      address = [ "/slurmctld.cluster.local/127.0.0.1" ];
+      srv-host= "_slurmctld._tcp.cluster.local,slurmctld.cluster.local,6817,0,5";
+    };
 
     systemd.services.slurmrestd = {
         description = "Slurm REST API service";
@@ -126,42 +137,26 @@ let
             Group = "hipster";
         };
         environment = {
-            # SLURM_JWT = "daemon";
+            SLURM_JWT = "daemon";
         };
         script = ''
-            rm -f /run/slurmrestd/hipster.socket
+             /run/current-system/sw/bin/slurmrestd -v -a rest_auth/jwt :6822
-            /run/current-system/sw/bin/slurmrestd -v -a rest_auth/local unix:/run/slurmrestd/hipster.socket
         '';
         serviceConfig = {
           RuntimeDirectory = "slurmrestd";
         };
     };
-
-    systemd.sockets.slurm-http-proxy  = {
-        enable = true;
-        description = "Proxy slurmrestd unix socket to port 6822";
-        listenStreams = [ "0.0.0.0:6822" ];
-        wantedBy = [ "sockets.target" ];
-        # If 'true', allow multiple instances of corresponding service (fails)
-        socketConfig.Accept = false;
-    };
-
-    systemd.services."slurm-http-proxy@"  = {
-        enable = true;
-        description = "Proxy slurmrestd unix socket to port 6822";
-        serviceConfig = {
-            ExecStart = "-${pkgs.socat}/bin/socat STDIO UNIX-CONNECT:/run/slurmrestd/hipster.socket";
-            StandardInput="socket";
-            User = "hipster";
-            Group = "hipster";
-        };
-    };
   };
 in
 {
   options.features.hpc.slurm = {
     enable = mkEnableOption "Enable SLURM batch system";
 
+    jwtKey = mkOption {
+      type = types.path;
+      default = null;
+    };
+
     mungeKey = mkOption {
       type = types.path;
       default = null;
@@ -172,6 +167,11 @@ in
       default = 997;
     };
 
+    slurmUid = mkOption {
+      type = types.int;
+      default = 307;
+    };
+
     pkey = mkOption {
       type = types.str;
       default = "0x7fff";
@@ -181,6 +181,12 @@ in
       type = types.str;
       default = null;
     };
+
+    dbdHost = mkOption {
+      type = types.str;
+      default = null;
+    };
+
     server = mkOption {
       type = types.bool;
       default = false;