fix: fix slurm and munge uid:s and gid:s

2025-09-27 13:42:38 +02:00
parent 34c28e18bf
commit a981f5e7ba
1 changed files with 50 additions and 14 deletions
--- a/modules/hpc/slurm.nix
+++ b/modules/hpc/slurm.nix
@@ -5,16 +5,38 @@ let

  configuration = {
    services.munge.enable = true;
+
+    users = {
+      groups = {
+        slurm = { gid = lib.mkForce 401; };
+        munge = { gid = lib.mkForce 402; };
+      };
+      users.slurm = {
+        group = "slurm";
+        uid = lib.mkForce 401;
+      };
+      users.munge = {
+        group = "munge";
+        uid = lib.mkForce 402;
+      };
+    };
+
    environment.etc."munge/munge.key" = {
        source = cfg.mungeKey;
        mode = "0400";
-        uid = cfg.mungeUid;
+        uid = 402;
        gid = 0;
    };
-    environment.etc."slurmctld/jwt_hs256.key" = {
+    environment.etc."slurm/jwt_hs256.key" = {
        source = cfg.jwtKey;
        mode = "0400";
-        uid = cfg.slurmUid;
+        uid = 401;
+        gid = 0;
+    };
+    environment.etc."slurm/slurm.key" = {
+        source = cfg.slurmKey;
+        mode = "0400";
+        uid = 401;
        gid = 0;
    };

@@ -33,8 +55,10 @@ let
        SelectType=select/cons_tres
        SelectTypeParameters=CR_Core
        AuthAltTypes=auth/jwt
-        AuthAltParameters=jwt_key=/etc/slurmctld/jwt_hs256.key
+        AuthAltParameters=jwt_key=/etc/slurm/jwt_hs256.key
+        ${slurmAuth}
      '';
+      extraConfigPaths = [ slurmKey ];
    };

    networking.firewall.allowedTCPPorts = [ 6818 ];
@@ -42,6 +66,22 @@ let
    nixpkgs.overlays = [ slurm-ucx ];
  };

+  slurmAuth = if cfg.slurmKey != null then "AuthType=auth/slurm" else "";
+
+  emptyKey = pkgs.writeTextDir "slurm-key" "";
+
+  slurmKey =
+    if cfg.slurmKey == null then
+      emptyKey
+    else
+      pkgs.stdenv.mkDerivation {
+        name = "slurm-key";
+        buildCommand = ''
+          mkdir -p $out
+          ln -s /etc/slurm/slurm.key $out/slurm.key
+        '';
+      };
+
  slurmServer = {
    services.mysql = {
      enable = true;
@@ -158,16 +198,6 @@ in
      default = null;
    };

-    mungeUid = mkOption {
-      type = types.int;
-      default = 997;
-    };
-
-    slurmUid = mkOption {
-      type = types.int;
-      default = 307;
-    };
-
    clusterName = mkOption {
      type = types.str;
      default = null;
@@ -232,6 +262,12 @@ in
      type = types.str;
      default = null;
    };
+
+    slurmKey = lib.mkOption {
+      type = lib.types.nullOr lib.types.path;
+      default = emptyKey;
+      description = ''File containing the slurm.key to be used for auth/slurm.'';
+    };
  };

  config = mkIf cfg.enable (