revamp nixops structure(s)

nixops/bin/adduser.sh

@@ -0,0 +1,29 @@
+#!/usr/bin/env bash
+
+id=$1
+user=$2
+name="$3"
+
+grp="\    $user = { gid = "$id"; };"
+
+read -d '' usr << EOF
+\\\   $user = {\\\n\
+      description = "$name";\\\n\
+      home = "/home/$user";\\\n\
+      group = "$user";\\\n\
+      extraGroups = [\\\n\
+        "users"\\\n\
+        "docker"\\\n\
+      ];\\\n\
+      uid = $id;\\\n\
+      isNormalUser = true;\\\n\
+      createHome = true;\\\n\
+      openssh.authorizedKeys.keys = [];\\\n\
+    };\\\n\
+
+EOF
+
+sed -i "
+/# @grp@/i $grp
+/# @usr@/i $usr
+" stokes/users.nix

nixops/bin/copy-hardware-configuration.sh

@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+
+TOP="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )/.."
+
+if [ $# != 1 ]; then
+    echo "usage: copy-hardware-configuration.sh name"
+    exit 1
+fi
+
+node=$1
+
+[ -e $node.nix ] && mv $node.nix $node.nix.bak
+
+scp root@$node:/etc/nixos/hardware-configuration.nix $node.nix

nixops/bin/deploy.sh

@@ -0,0 +1,27 @@
+#!/usr/bin/env bash
+
+TOP="$(cd "$(dirname "${BASH_SOURCE[0]}")" >/dev/null 2>&1 && pwd)/.."
+
+if [ $# = 0 ]; then
+    echo "usage: deploy.sh name ..."
+    exit 1
+fi
+
+if [ ! -f $TOP/$1/default.nix ]; then
+    echo "error: $1 does not contain a deployment"
+    exit 1
+fi
+
+cd $TOP/$1
+
+nixops list | grep -q $1
+if [ $? = 0 ]; then
+    echo "--- Updating deployment"
+    nixops modify -d $1 .
+else
+    echo "--- Creating deployment"
+    nixops create -d $1 .
+fi
+
+echo "--- Deploying $1"
+nixops deploy -k -d $* --allow-reboot

nixops/bin/initca.sh

@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+
+TOP="$(cd "$(dirname "${BASH_SOURCE[0]}")" >/dev/null 2>&1 && pwd)/.."
+
+if [ "x$1" = "x" ]; then
+    echo "usage: initca.sh {cluster}"
+    exit 1
+fi
+
+ca=$TOP/modules/initca.nix
+
+cd $TOP/$1
+
+echo "--- Preparing CA certificate"
+nix-build -o ca $ca
+
+echo "--- Safeguarding CA certificate"
+nix-store --add-root $(pwd)/ca --indirect -r $(nix-instantiate --add-root $ca)

nixops/bin/reboot.sh

@@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+
+TOP="$(cd "$(dirname "${BASH_SOURCE[0]}")" >/dev/null 2>&1 && pwd)/.."
+
+if [ $# = 0 ]; then
+    echo "usage: reboot.sh cluster "
+    exit 1
+fi
+
+d=$1
+shift
+nixops reboot -d $d $*

nixops/bin/ssh.sh

@@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+
+TOP="$(cd "$(dirname "${BASH_SOURCE[0]}")" >/dev/null 2>&1 && pwd)/.."
+
+if [ $# = 0 ]; then
+    echo "usage: ssh.sh cluster ..."
+    exit 1
+fi
+
+d=$1; shift
+
+nixops ssh-for-each -d $d -- $@

nixops/bin/teardown.sh

@@ -0,0 +1,45 @@
+#!/usr/bin/env bash
+
+TOP="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )/.."
+
+reboot=no
+case $1 in
+    --reboot) reboot=yes; shift ;;
+esac
+
+if [ $# != 1 ]; then
+    echo "usage: teardown.sh [--reboot] name"
+    exit 1
+fi
+
+d=$1
+tmp=$TOP/.$d.$$
+
+teardown () {
+    mkdir -p $tmp
+    cp -r $TOP/$d/* $tmp
+    sed -i '/k8s *= *{/,+1 s/enable *= *true/enable = false/' $tmp/cluster.nix
+    nixops modify -d $d $tmp
+    nixops deploy -d $d
+    [ $reboot = yes ] && nixops reboot -d $d
+    nixops ssh-for-each -d $d \
+        "rm -rf /var/run/kubernetes /var/lib/kubernetes /var/lib/etcd /var/lib/kubelet /var/lib/cfssl"
+    rm -rf $tmp
+}
+cat << EOF
+
+************************************************************************
+***                                                                  ***
+*** WARNING: This will irrevokably destroy the running cluster!      ***
+***                                                                  ***
+************************************************************************
+
+EOF
+
+echo "Are you sure you want to tear down $d? (YES/no)"
+read a
+case $a in
+    YES) teardown ;;
+    *) echo "Bailing out." ;;
+esac
+

nixops/hosts.nix

@@ -0,0 +1,26 @@
+''
+  10.1.30.10 fs0-0 fs0-0.itpartner.intern
+  10.1.30.10 fs1-0 fs1-0.itpartner.intern
+  10.1.8.10  fs2-0 fs2-0.itpartner.intern
+
+  10.1.30.80 psql1-0 psql1-0.itpartner.intern
+
+  10.1.8.50 k0-0 k0-0.itpartner.intern
+  10.1.8.51 k0-1 k0-1.itpartner.intern
+  10.1.8.52 k0-2 k0-2.itpartner.intern
+
+  10.1.8.60 k2-0 k2-0.itpartner.intern
+  10.1.8.61 k2-1 k2-1.itpartner.intern
+  10.1.8.62 k2-2 k2-2.itpartner.intern
+  10.1.8.63 k2-3 k2-3.itpartner.intern
+  10.1.8.64 k2-4 k2-4.itpartner.intern
+  10.1.8.65 k2-5 k2-5.itpartner.intern
+  10.1.8.66 k2-6 k2-6.itpartner.intern
+
+  10.1.30.100 k1-0 k1-0.itpartner.intern
+  10.1.30.101 k1-1 k1-1.itpartner.intern
+  10.1.30.102 k1-2 k1-2.itpartner.intern
+  10.1.30.103 k1-3 k1-3.itpartner.intern
+  10.1.30.104 k1-4 k1-4.itpartner.intern
+  10.1.30.105 k1-5 k1-5.itpartner.intern
+''

nixops/stokes/cluster.nix

@@ -0,0 +1,341 @@
+{ pkgs, lib, config, ... }:
+with lib;
+let
+  cfg = config.features.host;
+
+  etcdCluster = {
+    enable = true;
+    existing = true;
+    nodes =
+      {
+        c0-0 = "10.1.61.100";
+        c0-1 = "10.1.61.101";
+        c0-2 = "10.1.61.102";
+      };
+  };
+
+  mkSANs = host: [
+    host.name
+    host.address
+    "127.0.0.1"
+  ];
+
+  configuration = {
+    system.autoUpgrade.enable = lib.mkForce false;
+
+    nixpkgs.overlays = [
+      (import ./overlays.nix)
+    ];
+
+    boot = {
+      loader.systemd-boot.enable = true;
+      loader.efi.canTouchEfiVariables = true;
+      # kernelPackages = pkgs.linuxPackages_5_4;
+      kernelModules = [ "ib_umad" "ib_ipoib" ];
+      kernelParams = [
+        "console=ttyS0,115200"
+        "console=tty0"
+      ];
+    };
+
+    console = {
+      font = "Lat2-Terminus16";
+      keyMap = "us";
+    };
+
+    i18n = {
+      defaultLocale = "en_US.UTF-8";
+      extraLocaleSettings = {
+          LC_CTYPE="en_DK.UTF-8";
+          LC_TIME="en_DK.UTF-8";
+          LC_PAPER="en_DK.UTF-8";
+          LC_NAME="en_DK.UTF-8";
+          LC_ADDRESS="en_DK.UTF-8";
+          LC_TELEPHONE="en_DK.UTF-8";
+          LC_MEASUREMENT="en_DK.UTF-8";
+          LC_IDENTIFICATION="en_DK.UTF-8";
+      };
+    };
+
+    time.timeZone = "Europe/Oslo";
+
+    programs.msmtp = {
+      enable = true;
+      accounts = {
+        default = {
+          auth = false;
+          tls = false;
+          tls_starttls = false;
+          port = 24;
+          from = "stokes@regnekraft.io";
+          host = "smtpgw.itpartner.no";
+          # user = "utvikling";
+          # password = "S0m3rp0m@de#21!";
+        };
+      };
+      defaults = {
+        aliases = "/etc/aliases";
+      };
+    };
+
+    environment.etc = {
+      "aliases" = {
+        text = ''
+          root: jonas.juselius@oceanbox.io
+        '';
+        mode = "0644";
+      };
+    };
+
+    features = {
+      os = {
+        # boot.uefi = true;
+        adminAuthorizedKeys = [
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKiAS30ZO+wgfAqDE9Y7VhRunn2QszPHA5voUwo+fGOf jonas"
+          "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDULdlLC8ZLu9qBZUYsjhpr6kv5RH4yPkekXQdD7prkqapyoptUkO1nOTDwy7ZsKDxmp9Zc6OtdhgoJbowhGW3VIZPmooWO8twcaYDpkxEBLUehY/n8SlAwBtiHJ4mTLLcynJMVrjmTQLF3FeWVof0Aqy6UtZceFpLp1eNkiHTCM3anwtb9+gfr91dX1YsAOqxqv7ooRDu5rCRUvOi4OvRowepyuBcCjeWpTkJHkC9WGxuESvDV3CySWkGC2fF2LHkAu6SFsFE39UA5ZHo0b1TK+AFqRFiBAb7ULmtuno1yxhpBxbozf8+Yyc7yLfMNCyBpL1ci7WnjKkghQv7yM1xN2XMJLpF56v0slSKMoAs7ThoIlmkRm/6o3NCChgu0pkpNg/YP6A3HfYiEDgChvA6rAHX6+to50L9xF3ajqk4BUzWd/sCk7Q5Op2lzj31L53Ryg8vMP8hjDjYcgEcCCsGOcjUVgcsmfC9LupwRIEz3aF14AWg66+3zAxVho8ozjes= jonas.juselius@juselius.io"
+          "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCk5EKXxo/KLogjqSxSf/GkQdZ30UxB3wXc5k6Y6RRKQ/5iJ+XyYTbuqYOUp30p54apZzbayU2icahE/upr754lQicQwJtOXW/Iut57VRhSpq4P+mKCIdT58xCUkAZYr8Aja8UjHlYeJgFvp023K/fqmwbapu8R1gh4bzXm7uU1XeJoYfuOb+Cb8NGMn1ICrw2aztA0yVOXZ7tyJd2qyr1+6PuM/Ca2nKN4wLIX2vwyN3vZjR15nkIaHQGlTaJlNk2NEG1YTxsIQ9axDjNtyL80kjUr5M8zxW6s0h3451zr1b21EetP1i+1POIjS9uWXv5iabF+1Qb1GaS4FAYzzpqNY+moLzY7Zqfi05MPsMYkNoZ1Kg5aj0IuZb0OM9i6ZJrFs9nYAGG0uLSUTfrs957f9nokFyILGYg5xY46YN3uQrqfZifvcR0KaEdxEKvnfq0qrNG3uYLR/OYm2yblRcNbWgDoQ1hH7qa9uJM2JrPM07s4sJGkqfAib8Hwz9+l7jMrL6KIGUOA4aX0B1KZaIKKiZa42WlgdbeA17aW3laIqS5mZCkI3pLMYZAxe+A6rQi+V8ZAvDSyOL/Vws3lboXaN5QLu17R8uCY7MkIAvRBiZSpdWNeX3JO5m6zexkxkrFlxyEBf+ott4ATSw+eMYMs8i5xQRqPjgO1cABWkUdGpw== martin.moe.carstens@itpartner.no"
+        ];
+        docker.enable = false;
+      };
+      cachix.enable = false;
+
+      monitoring.nodeExporter.enable = false;
+
+      pki = { ca = ./ca; };
+
+      hpc = {
+        enable = true;
+        slurm = {
+          client = true;
+          mungeKey = ./munge.key;
+          mungeUid = 997; # hack
+          controlMachine = "stokes";
+          nodeName = [
+            "c0-[1-8] Sockets=1 CoresPerSocket=64 ThreadsPerCore=1 RealMemory=256000 TmpDisk=100000 State=UNKNOWN"
+            "stokes Sockets=2 CoresPerSocket=16 ThreadsPerCore=2 RealMemory=64000 TmpDisk=500000 State=UNKNOWN"
+          ];
+          partitionName = [
+            "batch Nodes=c0-[1-8] Default=YES MaxTime=INFINITE State=UP"
+            "frontend Nodes=stokes MaxTime=1:00:00 State=UP"
+          ];
+        };
+        beegfs = {
+          enable = true;
+          beegfs = {
+            mds0-0 = {
+              mgmtdHost = "mds0-0";
+              connAuthFile = "/etc/beegfs/connauthfile";
+              client = {
+                enable = true;
+                mountPoint = "/work";
+              };
+            };
+          };
+        };
+      };
+
+      k8s = {
+        enable = true;
+        node.enable = true;
+        clusterName = "hpc0";
+        inherit etcdCluster;
+        initca = ./ca;
+        cidr = "10.100.0.0/16";
+        master = {
+          name = "stokes";
+          address = "10.1.61.100";
+          extraSANs = [ "hpc0-0.regnekraft.io" ];
+        };
+        ingressNodes = [
+          "hpc0-0.regnekraft.io"
+        ];
+        fileserver = "mds0-0";
+        charts = {
+          acme_email = "innovasjon@itpartner.no";
+          grafana_smtp_user = "utvikling";
+          grafana_smtp_password = "S0m3rp0m@de#21!";
+        };
+      };
+    };
+
+    services.kubernetes.kubelet.extraSANs = mkSANs {
+      name = cfg.name;
+      address = cfg.address;
+    };
+
+    networking = {
+      domain = mkDefault "regnekraft.io";
+      defaultGateway = mkDefault "10.1.61.1";
+      nameservers = mkDefault [ "8.8.8.8" ];
+      search = mkDefault [ "local" ];
+      extraHosts = import ./hosts.nix;
+      firewall.extraCommands = ''
+        iptables -I INPUT -s 10.1.61.0/24 -j ACCEPT
+      '';
+    };
+
+    fileSystems = {
+      "/opt" = {
+        device = "10.1.63.80:/opt";
+        fsType = "nfs";
+        options = [ "soft" "rdma" "defaults" "vers=4.2" ];
+      };
+      "/data" = {
+        device = "10.1.63.80:/data";
+        fsType = "nfs";
+        options = [ "soft" "rdma" "defaults" "vers=4.2" ];
+      };
+    };
+
+    environment.variables = {};
+
+    systemd.services."serial-getty@ttyS0".enable = true;
+
+    environment.etc."beegfs/connauthfile" = {
+        source = ./connauthfile;
+        mode = "0400";
+        uid = 0;
+        gid = 0;
+      };
+
+    nix = {
+      maxJobs = 32;
+      trustedUsers = [ "@wheel" ];
+      # binaryCachePublicKeys = [
+      #   "stokes-1:BCgUFnXc6wgpstwG0M09/Ccrrz45MxHpS62JSC9sxW5hWxMqBNNvU1otqs4pWUOyvdxLPKIk6P5WCJWp+AFJig=="
+      # ];
+    };
+  };
+
+  i40efix = {
+    # boot = let kernelExtras = pkgs.callPackage ./kernel.nix {
+    #   kernel = pkgs.linuxPackages_5_4.kernel;
+    # }; in {
+    #   extraModulePackages = [ kernelExtras.i40e2 ];
+    #   kernelModules = [ "ib_umad" "ib_ipoib" "i40e2" ];
+    # };
+  };
+
+  shosts = {
+    environment.etc."ssh/shosts.equiv" = {
+      mode = "0644";
+      uid = 0;
+      gid = 0;
+      text = ''
+        10.1.62.2
+        10.1.61.100
+        10.1.61.101
+        10.1.61.102
+        10.1.61.103
+        10.1.61.104
+        10.1.61.105
+        10.1.61.106
+        10.1.61.107
+        10.1.61.108
+        10.1.63.100
+        10.1.63.101
+        10.1.63.102
+        10.1.63.103
+        10.1.63.104
+        10.1.63.105
+        10.1.63.106
+        10.1.63.107
+        10.1.63.108
+      '';
+    };
+
+    programs.ssh.knownHosts = {
+      stokes = {
+        hostNames = [
+          "stokes" "stokes.hpc.local" "stokes.regnekraft.io" "10.1.61.100"
+          "10.1.63.100" "10.1.62.2"
+        ];
+        publicKeyFile = ./pubkeys/stokes.pub;
+      };
+      c0-1 = { hostNames = [ "c0-1" "c0-1.hpc.local" "10.1.61.101" "10.1.63.101" ]; publicKeyFile = ./pubkeys/c0-1.pub; };
+      c0-2 = { hostNames = [ "c0-2" "c0-2.hpc.local" "10.1.61.102" "10.1.63.102" ]; publicKeyFile = ./pubkeys/c0-2.pub; };
+      c0-3 = { hostNames = [ "c0-3" "c0-3.hpc.local" "10.1.61.103" "10.1.63.103" ]; publicKeyFile = ./pubkeys/c0-3.pub; };
+      c0-4 = { hostNames = [ "c0-4" "c0-4.hpc.local" "10.1.61.104" "10.1.63.104" ]; publicKeyFile = ./pubkeys/c0-4.pub; };
+      c0-5 = { hostNames = [ "c0-5" "c0-5.hpc.local" "10.1.61.105" "10.1.63.105" ]; publicKeyFile = ./pubkeys/c0-5.pub; };
+      c0-6 = { hostNames = [ "c0-6" "c0-6.hpc.local" "10.1.61.106" "10.1.63.106" ]; publicKeyFile = ./pubkeys/c0-6.pub; };
+      c0-7 = { hostNames = [ "c0-7" "c0-7.hpc.local" "10.1.61.107" "10.1.63.107" ]; publicKeyFile = ./pubkeys/c0-7.pub; };
+      c0-8 = { hostNames = [ "c0-8" "c0-8.hpc.local" "10.1.61.108" "10.1.63.108" ]; publicKeyFile = ./pubkeys/c0-8.pub; };
+      };
+
+      environment.systemPackages = [ openssh-shosts ];
+
+      security.wrappers = {
+        ssh-keysign = {
+          source = "${openssh-shosts}/libexec/ssh-keysign";
+          owner = "root";
+          group = "root";
+          permissions = "u+rs,g+rx,o+rx";
+        };
+      };
+  };
+
+  openssh-shosts = pkgs.openssh.overrideAttrs (attrs: {
+    buildFlags = [ "SSH_KEYSIGN=/run/wrappers/bin/ssh-keysign" ];
+    doCheck = false; # the tests take hours
+  });
+
+  myvnc =
+    let
+      myvnc = pkgs.writeScriptBin "myvnc" ''
+        #!${pkgs.runtimeShell}
+
+        uid=`id -u`
+        port=$((9000+$uid))
+        shell=`getent passwd $(id -un) | awk -F : '{print $NF}'`
+        # vnc=${pkgs.tigervnc}/bin/vncserver
+        vnc=/nix/store/czp2b60dwk75widi8y287hr0xx1wgv2a-tigervnc-1.10.1/bin/vncserver
+
+        case $1 in
+        -p|--port) shift; port=$1 ;;
+        kill|stop)
+            display=$($vnc -list | sed  -n 's/^\(:[0-9]\+\).*/\1/p'| head -1)
+            $vnc -kill $display
+            exit 0
+            ;;
+        esac
+        ps ax | sed '/grep/d' | grep "Xvnc.*-rfbport $port" >/dev/null 2>&1
+        [ $? = 1 ] && $vnc -rfbport $port
+        echo "Xvnc server is running on port $port."
+        exec $shell -i
+      '';
+
+      buildCommand = ''
+          mkdir -p $out/bin
+          echo $src > $out/bin/myvnc
+          chmod 755 $out/bin/myvnc
+      '';
+    in {
+      environment.systemPackages = [ myvnc ];
+    };
+
+in {
+  options.node = {
+    # i40efix = mkEnableOption "Apply fix for i40e driver";
+
+    myvnc = mkEnableOption "Enable myvnc script";
+  };
+
+  config = mkMerge [
+    configuration
+
+    # deployment
+
+    shosts
+
+    # (mkIf config.node.i40efix i40efix)
+
+    (mkIf config.node.myvnc myvnc)
+  ];
+
+  imports = [
+    ../../modules
+    ../../nixos
+    ./users.nix
+  ];
+}
+

nixops/stokes/connauthfile

@@ -0,0 +1 @@
+Elåºt8p¼IòÞV‹7öF5(µãMtßÍsƒÍD££œ
Ù<>íXÛ%Nöñ:@(9s6]Œ£*¼¯ôËq;…SËYbˤ„k—hdŽ1mÂk<uN/X+]¨Ïÿš6;¹žÙ9/3f

nixops/stokes/default.nix

@@ -0,0 +1,98 @@
+let
+  # Pin the deployment package-set to a specific version of nixpkgs
+  # pkgs = import (builtins.fetchTarball {
+  #   url = "https://github.com/NixOS/nixpkgs/archive/e6377ff35544226392b49fa2cf05590f9f0c4b43.tar.gz";
+  #   sha256 = "1fra9wwy5gvj5ibayqkzqpwdf715bggc0qbmrfch4fghwvl5m70l";
+  # }) {};
+  pkgs = import <nixpkgs> {};
+
+  nodes = import ./nodes.nix;
+
+  compute = {
+    # deployment.tags = [ "compute" ];
+
+    fileSystems = {
+      "/stokes" = {
+        device = "10.1.63.100:/home";
+        fsType = "nfs4";
+        options = [
+          "soft"
+          "defaults"
+          "noauto"
+          "x-systemd.automount"
+        ];
+      };
+    };
+
+    systemd.automounts = [
+      {
+        where = "/stokes";
+        wantedBy = [ "default.target" ];
+      }
+    ];
+  };
+
+  mkCompute = host:
+  let
+    ipoib = builtins.replaceStrings [".61."] [".63."] host.address;
+    hw = ./hw + "/${host.name}.nix";
+  in {
+    "${host.name}" = {
+      features = {
+        inherit host;
+        os.externalInterface = "eno33";
+        hpc.compute = true;
+        # k8s = { inherit etcdCluster; };
+      };
+
+      deployment.targetHost = host.address;
+
+      # services.udev.extraRules = ''
+      #   KERNEL=="ibp65s0", SUBSYSTEM=="net", ATTR{create_child}:="0x2222"
+      # '';
+
+      node = {
+        # i40efix = true;
+      };
+
+      networking = {
+        useDHCP = false;
+        interfaces.eno33 = {
+          useDHCP = false;
+          ipv4.addresses = [ {
+            address = host.address;
+            prefixLength = 24;
+          } ];
+          ipv4.routes = [ {
+            address = "10.1.62.2";
+            prefixLength = 32;
+            via = "10.1.61.100";
+          } ];
+
+        };
+        interfaces.ibp65s0 = {
+          useDHCP = false;
+          ipv4.addresses = [ {
+            address = ipoib;
+            prefixLength = 24;
+          } ];
+        };
+      };
+      imports = [ ./cluster.nix hw ];
+    }
+    // compute;
+};
+in builtins.foldl' (a: n: a // mkCompute n) {} nodes
+#{
+    ## morph
+    # network =  {
+    #   inherit pkgs;
+    #   description = "stokes";
+    #   ordering = {
+    #     tags = [ "frontend" "compute" ];
+    #   };
+    # };
+
+    # inherit stokes;
+#} // builtins.foldl' (a: n: a // mkCompute n) {} nodes
+

nixops/stokes/hosts.nix

@@ -0,0 +1,26 @@
+''
+    10.1.62.2 stokes stokes.regnekraft.io
+
+    10.1.61.100 frontend frontend.hpc.local c0-0.regnekraft.io
+    10.1.61.101 c0-1 c0-1.hpc.local c0-1.regnekraft.io
+    10.1.61.102 c0-2 c0-2.hpc.local c0-2.regnekraft.io
+    10.1.61.103 c0-3 c0-3.hpc.local c0-3.regnekraft.io
+    10.1.61.104 c0-4 c0-4.hpc.local c0-4.regnekraft.io
+    10.1.61.105 c0-5 c0-5.hpc.local c0-5.regnekraft.io
+    10.1.61.106 c0-6 c0-6.hpc.local c0-6.regnekraft.io
+    10.1.61.107 c0-7 c0-7.hpc.local c0-7.regnekraft.io
+    10.1.61.108 c0-8 c0-8.hpc.local c0-8.regnekraft.io
+
+    10.1.61.80 mds0-0 mds0-0.hpc.local
+
+    10.1.63.101 ib0-1 ib0-1.hpc.local
+    10.1.63.102 ib0-2 ib0-2.hpc.local
+    10.1.63.103 ib0-3 ib0-3.hpc.local
+    10.1.63.104 ib0-4 ib0-4.hpc.local
+    10.1.63.105 ib0-5 ib0-5.hpc.local
+    10.1.63.106 ib0-6 ib0-6.hpc.local
+    10.1.63.107 ib0-7 ib0-7.hpc.local
+    10.1.63.108 ib0-8 ib0-8.hpc.local
+
+    10.1.63.80 ibmds0-0 ibmds0-0.hpc.local
+''

nixops/stokes/hw/c0-1.nix

@@ -0,0 +1,28 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/3af91585-8079-420d-acdf-f60b94d3cfff";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/3590-199A";
+      fsType = "vfat";
+    };
+
+  swapDevices = [ ];
+
+}

nixops/stokes/hw/c0-2.nix

@@ -0,0 +1,28 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/d89e1496-fda1-4de0-b2cc-474967b04402";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/A51A-1F4D";
+      fsType = "vfat";
+    };
+
+  swapDevices = [ ];
+
+}

nixops/stokes/hw/c0-3.nix

@@ -0,0 +1,28 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/84cc9cea-08eb-4b54-8ca3-2aa5c1300a92";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/882D-A342";
+      fsType = "vfat";
+    };
+
+  swapDevices = [ ];
+
+}

nixops/stokes/hw/c0-4.nix

@@ -0,0 +1,28 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/f0826ad5-8a4e-427d-98d3-5afa44440993";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/21A6-D34C";
+      fsType = "vfat";
+    };
+
+  swapDevices = [ ];
+
+}

nixops/stokes/hw/c0-5.nix

@@ -0,0 +1,28 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/37944fce-07ca-492f-906a-620a37e7e1b3";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/2F51-EC20";
+      fsType = "vfat";
+    };
+
+  swapDevices = [ ];
+
+}

nixops/stokes/hw/c0-6.nix

@@ -0,0 +1,28 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/d23386a8-0ca8-4871-b662-decf2b24f4d7";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/AF8A-DEFE";
+      fsType = "vfat";
+    };
+
+  swapDevices = [ ];
+
+}

nixops/stokes/hw/c0-7.nix

@@ -0,0 +1,28 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/12477966-c6c5-47c6-afdc-35fa7e57e837";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/DB96-7453";
+      fsType = "vfat";
+    };
+
+  swapDevices = [ ];
+
+}

nixops/stokes/hw/c0-8.nix

@@ -0,0 +1,28 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/2f468316-5832-4684-866d-2e92b08fb68b";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/76FE-F657";
+      fsType = "vfat";
+    };
+
+  swapDevices = [ ];
+
+}

nixops/stokes/kernel.nix

@@ -0,0 +1,46 @@
+{pkgs, lib, stdenv, fetchurl, config, kernel ? pkgs.linux, ...}:
+let
+  i40e =
+    stdenv.mkDerivation rec {
+      name = "i40e-${version}-${kernel.version}";
+      version = "2.13.10";
+
+      src = pkgs.fetchFromGitHub {
+        owner = "dmarion";
+        repo = "i40e";
+        rev = "7228a7c3b362c3170baa2f9a9c6870a900e78dbd";
+        sha256 = "087kvq9wrc1iw6vig8cqcx7cb6346wx8qxzb85c3n8638vq1vrxr";
+      };
+
+      hardeningDisable = [ "pic" ];
+
+      configurePhase = ''
+        cd src
+        kernel_version=${kernel.modDirVersion}
+        sed -i -e 's|/lib/modules|${kernel.dev}/lib/modules|' Makefile
+        sed -i -e 's|/lib/modules|${kernel.dev}/lib/modules|' common.mk
+        export makeFlags="BUILD_KERNEL=$kernel_version"
+      '';
+
+      installPhase = ''
+        install -v -D -m 644 i40e.ko "$out/lib/modules/$kernel_version/kernel/drivers/net/i40e/i40e2.ko"
+      '';
+
+      dontStrip = true;
+
+      enableParallelBuilding = true;
+
+      meta = {
+        description = "Linux kernel drivers for Intel Ethernet adapters and LOMs (LAN On Motherboard)";
+        homepage = https://github.com/dmarion/i40e;
+        license = lib.licenses.gpl2;
+      };
+    };
+in
+{
+  i40e2 = i40e;
+  overlay = self: super: {
+    # linuxPackages_5_4 = super.linuxPackages_5_4 // { inherit i40e; };
+  };
+}
+

nixops/stokes/munge.key

@@ -0,0 +1,2 @@
+ç£/ik±/¨÷|ñR¯E¥R®$ÃQfj5·<35>rd<0E>С¶7“{¢–99âTÂîÛ›Ãi‹ÄŒ‰–,ÐŒÍhçïÙ8töv:%‘T”
+|ÈÚÈ´þΕ§VŒ00w<30>|ŸÏ®÷íà|È_ŸY{3L_!F1TdÔ&F7õ™B°R

nixops/stokes/nodes.nix

@@ -0,0 +1,3 @@
+with builtins;
+let nodes = genList (n: n + 1) 8; in
+map (n: ({ name = "c0-${toString n}"; address = "10.1.61.10${toString n}"; })) nodes

nixops/stokes/overlays.nix

@@ -0,0 +1,11 @@
+self: super:
+let
+  msmtp = super.msmtp.overrideAttrs (attrs: rec {
+    configureFlags = attrs.configureFlags ++ [ "--with-tls=openssl" ];
+    buildInputs = attrs.buildInputs ++ [ super.openssl ];
+  });
+in
+{
+    # inherit msmtp;
+}
+

nixops/stokes/pubkeys/c0-1.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEwwu4RJJhKo8s2Mtmpdvxs02d4IwrmS9cTpfAOQ2YkI root@nixos

nixops/stokes/pubkeys/c0-2.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBEV8wEkeGUOs6umhdeOKYnVlYlta2rOCZSoezvu+bZ4 root@nixos

nixops/stokes/pubkeys/c0-3.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINQFQqo2vcj2eYaH7nwdEzgCPme+7g3Db+s16KbQHzLI root@nixos

nixops/stokes/pubkeys/c0-4.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDIsqJqWWftoiyiOOHnIuHYqbsaOg4AbKNm80wpjH2E8 root@nixos

nixops/stokes/pubkeys/c0-5.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDme/xztp22wQOybtN2TVXMcn2QcVaXtRMp4AnPnzr2T root@nixos

nixops/stokes/pubkeys/c0-6.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIImItUKMSygMY/1ZNsyGkyfywyngEDgZ7TxM63UwG1VH root@nixos

nixops/stokes/pubkeys/c0-7.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID1WxWnNg+L2+lQ3W2mD0/6kqwuCUOEJImvWnQYLzdUB root@nixos

nixops/stokes/pubkeys/c0-8.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBq+v2bBhQieqfXmtmGYb/9mOv9oc88zerRkkpGpoc0x root@nixos

nixops/stokes/pubkeys/stokes.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOkSSuHkieXwgFMKRy4MjwjNrJEItWbQHeAAH+Zn1YZp root@localhost

nixops/stokes/users.nix

@@ -0,0 +1,367 @@
+{ pkgs, ... }:
+{
+
+  users.groups = {
+    jonas = { gid = 1000; };
+    olean = { gid = 1001; };
+    frankgaa = { gid = 1002; };
+    hdj002 = { gid = 1003; };
+    hes = { gid = 1004; };
+    mad = { gid = 1005; };
+    peyghamg = { gid = 1006; };
+    qin = { gid = 1007; };
+    eli = { gid = 1008; };
+    ovanov = { gid = 1009; };
+    bast = { gid = 1010; };
+    marius = { gid = 1011; };
+    michael = { gid = 1012; };
+    yugaos = { gid = 1013; };
+    ata = { gid = 1014; };
+    kvile ={ gid = 1015; };
+    achim ={ gid = 1016; };
+    mib ={ gid = 1017; };
+    # @grp@
+
+    sif = {
+      gid = 11000;
+      members = [
+        "jonas"
+        "olean"
+        "bast"
+        "frankgaa"
+        "hes"
+        "hdj002"
+        "mad"
+        "marius"
+        "eli"
+        "ovanov"
+        "peyghamg"
+        "qin"
+        "yugaos"
+        "ata"
+        "achim"
+        "mib"
+      ];
+    };
+
+    matnoc = {
+      gid = 11001;
+      members = [
+        "jonas"
+        "olean"
+        "bast"
+        "frankgaa"
+        "hes"
+        "eli"
+      ];
+    };
+  };
+
+  users.users = {
+    jonas = {
+      description = "Jonas Juselius";
+      home = "/home/jonas";
+      group = "jonas";
+      extraGroups = [
+        "users"
+        "wheel"
+        "root"
+        "adm"
+        "admin"
+        "cdrom"
+        "fuse"
+        "wireshark"
+        "libvirtd"
+        "networkmanager"
+        "tty"
+        "keys"
+      ];
+      uid = 1000;
+      isNormalUser = true;
+      createHome = false;
+      useDefaultShell = false;
+      shell = pkgs.fish;
+      openssh.authorizedKeys.keys = [
+        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDULdlLC8ZLu9qBZUYsjhpr6kv5RH4yPkekXQdD7prkqapyoptUkO1nOTDwy7ZsKDxmp9Zc6OtdhgoJbowhGW3VIZPmooWO8twcaYDpkxEBLUehY/n8SlAwBtiHJ4mTLLcynJMVrjmTQLF3FeWVof0Aqy6UtZceFpLp1eNkiHTCM3anwtb9+gfr91dX1YsAOqxqv7ooRDu5rCRUvOi4OvRowepyuBcCjeWpTkJHkC9WGxuESvDV3CySWkGC2fF2LHkAu6SFsFE39UA5ZHo0b1TK+AFqRFiBAb7ULmtuno1yxhpBxbozf8+Yyc7yLfMNCyBpL1ci7WnjKkghQv7yM1xN2XMJLpF56v0slSKMoAs7ThoIlmkRm/6o3NCChgu0pkpNg/YP6A3HfYiEDgChvA6rAHX6+to50L9xF3ajqk4BUzWd/sCk7Q5Op2lzj31L53Ryg8vMP8hjDjYcgEcCCsGOcjUVgcsmfC9LupwRIEz3aF14AWg66+3zAxVho8ozjes= jonas.juselius@juselius.io"
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKiAS30ZO+wgfAqDE9Y7VhRunn2QszPHA5voUwo+fGOf jonas-3"
+      ];
+    };
+
+    olean = {
+      description = "Ole Anders Nøst";
+      home = "/home/olean";
+      group = "olean";
+      extraGroups = [
+        "users"
+      ];
+      uid = 1001;
+      isNormalUser = true;
+      createHome = false;
+      openssh.authorizedKeys.keys = [
+        "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAlfc2r3mNkvmdta+H/5zfdFe6317zmCdhhPYbipaGVFPUZO2cCTgSso28oDvOpCDldo/wl3jUxYNDlwH8LYMqKT3aGaOZr8JbxYzd+L+5GM2KTD+4YRmPtpYS/LWcc3j+fiFXSgX6Mrrgf6ineCRuBxSooDVE+pBakM1U7d5NE25apaAvclzFTmZBg0Sf9e5sgHkR99r9DUeGEQWGNZVUGwti39dFVp+aC9dsA+1/OtNB/HMF5G1MMk9dqvN7n7i9o9Plef2DParn4QU1GhmUKeEiBe4OAmSP+WwD4YvK6iXSKZG6tuTEspw+mR3rK5gBHrEiaNlCtp7O9BnAw4Wjhw== rsa-key-20201218"
+        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCp3QEG9uJq4EKMRWlBkqg/EQD6+2E90E6/1i+JLbiBYBSV6Yqac6KzyJezaVXzch+qm6FFXas3thaBScbA4cELkETaxyNzYG6sNcLyEhlQn51pEsq2mFiq8IiaMaDc55/2HTbXVrpNoTNQFt6lBwHziKQYuUI0H0cxze+ppp0ZJOu1MsayW8JOv75YSv6WFIDRR+KP6dOEBu1PsP6plTZwK94ogjQ+3KHGcMAnE3cf8VCEF8akNC6GRmCgXNZE4I9MmKTDr217OoFpnXAx5/KTvGo+USkXc6xn/vbQsni4ExwGlMTg97RK49wIHD1NfGxZ3sv7mZ+UQPqqmSxCG+zueJrR6BSBfbm7fw5KvRn69rOihapeo/6GoqqVDe4yn1imtojjHN6+9pgJ9E6o108qbXRw2X6t1KUuXrB+fTfUKvy0kWiJFIMDSUtKF/nhiES+aCI4b4WBwyg5hdKGvgJdjyUS7P/jYgqWRe+qmknAERtQKlFDA/C6ChsTXerFD5Ikvu3dajJUiDehszEON5F4JlxSf2VpUFCDLVNqV/GjJqOg90mXGDk82c+0ZHIUsPLsdqR+t/xnOSv1Ks9I5fId6g+3OlR1ifnb3Qm48QGKbi/CM8M/QXzv4VgeIkRTR0Oi4W0P1tpUSyPd1nyGaM/B/FqN52XIUjRqIfu0emwgiw== olean@navier"
+      ];
+    };
+
+    frankgaa = {
+      description = "Frank Gaardsted";
+      home = "/home/frankgaa";
+      group = "frankgaa";
+      extraGroups = [
+        "users"
+      ];
+      uid = 1002;
+      isNormalUser = true;
+      createHome = false;
+      openssh.authorizedKeys.keys = [
+        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTq/IAtLkvHaPKTsp5U9YnhBj7PLFflS9vWpm5e/bFXQkSShkqUOktff1GITIN+RTpUS8zF9UkJA8fj5K382DhIn4jVb9HvQzmHNBTxU5ClpOuKhfibrts5IKMLAiN1enwZYu0iUIVfDKTYmqgAnjN8B6OyzIAB8bsBUMdN29PEwJT4cCVRRySLRfoWiXiZKow71FzXIACgxMwGhj2fpslKQoat2LGny03XR7EZrv36u1OktT28Gxf4ZrGpT9+3SAyf7aW20xHALU/dHXVsfsuqnoqw1InZ5VhvIVtoIj+5Vc5dkTXkychL0Hb+WxiH5O/3T18YUqes08UPZX5G9kB fga@akvaplan.niva.no"
+        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDXv//iSTq5k1iYPZq9MKuF2OCE2UQPdR6TglWAeAnwL72UoKG068qDK3Ys+mFRY/S957hLn0FPFJPigcSaLzBq2v3G6kKySg68XWQfxBTSi5Wg81taNoJKQK+QAKfU2FiW9i1dLkvRKEXlY3tmF2mZLwqvrClRQMw8Nz0PQ5LnQfRgge07aXA3nDEf/nRuIaPG8zEki56lOONMWz4bGTjPn1y6y9gYAmskOc9w7uEOAy3VxkoR8fKvQM0ZTgt+6+68QxReyaDHH+12AqDxDy4wTCNX1LU902NDxyJZrUa2Xv9me2qN5O7hDOL/8S19MkJPBDEttMtA2rsFQlD9WYqycqgFhbOzLb7gixK1lrL3CYHsE9fXD2LuitSDXf79HFnCVHD5HJG7CbpIJLNNeTOCx94vspf9J8OENNdnNCgMFC1FKV/vdCiZ/RAOUCINrekvrX8FNjlXIhHOeK/gG6gP61oWpx3qbOExeMQTqWa9cGeHPtIdPiJVCza9Mg4X+0D9DCaP7KVLAxKioWqyd2WsyYeVhXA0OqnkEQk/jPZUjnxL1rnlH3I6QtVxHyqKcmmWEoRUnXId0ASUqx2hmsmI0TZD197PLFq53VO86v7jlAXLyzwmPh5VWdTOywklRpM29sZplVG/6gkHm/vM0DVSTEjVW+4mMFlzaiKgujH2fw== frankgaa@frankenstein"
+      ];
+    };
+
+   hdj002 = {
+      description = "Hans Kristian Djuve";
+      home = "/home/hdj002";
+      group = "hdj002";
+      extraGroups = [
+        "users"
+      ];
+      uid = 1003;
+      isNormalUser = true;
+      createHome = false;
+      openssh.authorizedKeys.keys = [
+        "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAvXTQTRfcpVkaJ+HO6wpgMKO9bdoTvQunbexn1N4jOuJOB5uAKZrZsimucw4DpvzaLZAftLI6RQlmiklxWItZA2UCfhlIZus8wy0cSTic2PkxLUXzBa1wl7nr8anYSK/HReQfTkgSi6LGTsGhejBxe//XC24ygW9eFYZTwOkpD8klNBNFHUA6sXgnzcjT/j3rwUjYI4GVJ82kP3GA0GBDSMwZ45/8ZYBk/Dbja0RJlvTHLSIgAmKzOuor1ORXk4zGdVpsTgNRv7QxeXZT09KJFp9hexMB/fT/OwZopKrHdGrOIIi2vhO6AGh4U+qjnjWY8yn5qHSOAIDDiJQ/iLeCCw== rsa-key-20201217"
+      ];
+    };
+
+   hes = {
+      description = "Håvard Espenes";
+      home = "/home/hes";
+      group = "hes";
+      extraGroups = [
+        "users"
+      ];
+      uid = 1004;
+      isNormalUser = true;
+      createHome = false;
+      openssh.authorizedKeys.keys = [
+        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC6wGrhV03oBuYimLuLrNSbT4mXyxZGKoH0acV1CgbDUwi4d7J2Q39/v+uhGzk8ipNw+NAjXfZXlvPaSP4lYCjh2t5b184tDNWZ3VCdOEfgP7E24m9fZaKq7PoqmoVNqNiFaTVuOM8cUiKsLapHMNF4DKpSl+tp6yLS30Jqmf2gTQNscvR/DLYuqT/T8C+/txGfLwmdlzDp9DrVMRWZJ0wYlaEPxbleGSAKjnG7jl+rEgBiAhIoKFdaLCP35lSWMxVw733y4KzBTzs+25oIwPmCoJXJyhqFm3OMMC1KsItrNc8sSVZ7GsD+lwG1kv3KfMjp2L4kLgfih9WFArsVMFc8Iejp2Pw1PTYlAHngarwmYlzN/kPsomRZSktGbjnbe1w9sf7L2+zfPv5/tfcgvimKK1FwglCOvKlFcpEj7MyGrZ1m+t3xWCcFjo0qXMVL5N8JVmcZw+c7E0rTzJd+EfYo9pUYqU3d4gyMpBwt3+qirnCXzhIzLyYuL3lxVeTN/hc= havard@vortex"
+        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDH/05mXyrYgxlWazFDtTJBCCB4YzQQiPcAkeeolztt320CPQ+pRyLgCzyAVGT5AlisXanHyWFSsPXrfM5MRNbm2U87s8DoZLZS5CYMk+ieGKdbac8jUgaw16EKyW05NHfHhDGYL+DyTQ76WAe/btzgDpvkal5B824a6abqc/oYz7D5rnAqoIpt56m1BG3tJrSz8K3nbOGpnMKt3vlVSLqZ6WNtSfXT+hHjOTfacQYH9XGQn/nYIuUzgDUswiboJ8nox5eduJxFrUHY6GGFiFeX6+hxIZUOZZm4hff01+sBxWy4y727tzCTbZIw2ERKcxu94BOC/EJsIyQDkaHwzaIwP7bB8V5yqpz7Fjgt5Bu+pMxUV8uwZmA5S5r3UuXlKHaspaqDR7RVjCUWcwCSgMYioxLtcnZr2DdKuezXbOU8O/FRsxuqFEzZTeCrckAi8gFzTanIZYmkwujjRg1hidOMc5qcn2yH/5NyBlQ+Y4XjD0XTMjSLpONczuyG3t6SJpE= haavaes@nzinga"
+      ];
+    };
+
+   mad = {
+      description = "Magnus Drivdal";
+      home = "/home/mad";
+      group = "mad";
+      extraGroups = [
+        "users"
+      ];
+      uid = 1005;
+      isNormalUser = true;
+      createHome = false;
+      openssh.authorizedKeys.keys = [
+        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDSHaeXMssp55DPb9Pnqn1WxQqutvOsvIrYDKgTsrnmf/GC3N7h593pX27Qrzjaf0OYHcT7drUbDvRIFsuzmtplff/87fqbx/GGyYUrP+LZwOB7BKHrRlixaVeOOmvE/f9SNM0sIolq47qKFHM2KMsbk5zhSiOmbsCXWzdyYu+kjRgSjSs8NByoKzW9+dUuop/dcTZtDJd0oxUwkpU3c+MSkdAtDpvuxG6vq56Z4j9llg8kzHtLQI7t8w35FhIcXaJOE+LXJfq1FuAl9rw0QMAvotRJ+wHiMOqdkbABkmHG594JNCvZStqN4r8r3ZI20AF8xB3EiLVAuiB08kdEcuoGJCj7IHUwozbds4PO32oDSVy2/IR6VtRJQSNLH99nSbDQ9AmJtn3gSVJvAil1zaw/PZGez/UnDevN7KwUnf6wxH7yxDqgRjEmTu62z7HxQkPKMbuIvcHCQV9ota4eJZFOpr9tH44tuETcvkOButJH1Qa6AMKZPj10bxlqPIHKFS3dhus0BiUIWbjUY9/dC3LwW0S8TeP1NLx0vUeDiqY7BId6jZ8yeguQTvngPFJw5VPEuH5X/6sSXoCn1MnwdhXyeIylE5JoPXahVGQkaHo1Hap0JajxIlsZN6Q719qwSYJouH4mjdFBT46kw8CSH2sedv5qCQPchVmvaADirytYTQ== pckey"
+        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCi3EpMAnE7+qQ64sptQojfT4ZrkeHaMdVYonGF6mhvsGlI7eysaYCuCafac5ta2FNez5tHTiUl+dohTiCjy2ZoOEpbwvTySwodXxzfy/ePNbl7LHvruT7YJVDy3t9kjD6jASzwRLKmSgooKQh3ed3gmY62/gNbKfISZWj0+Z3VXY6CA0JCV0BEzmF/e0+606flbhHNpxmmxc5PmriO/Dr+bB9R9QgO9iAcKhHXhqt0A99bM4jP8NU8eHibleYEXrVtATXY2YBmqriTsFYBtE3aENERNMkriy2qpXi16/lOuAS4R0TrmVn7nRQK0T/wCNrMZPxz5APv2z8UdFQi6qgLDFzUqwqzwUcZHH2QIn+ZjeWzSmKcw0SzNuf+K6cqikm9+mU1FMFxPy1S/W5ZNjih2BeBxklhhmhnl1ZRHttzJs2Ra+XIV1r66YBsC57dYd78MrUPR2Kv9qM0lmSpM4V30l04qsd17+NlWBx1weZ+7YsTpDpIo8qhuc0xLkGxSVzsJWBZNOF9JgKDIHRj50jDAOVNr2jQXvG+8yApqwe64J0H3a5p0ivBK+lmELgwz+8UtH41E3Vj1DuWJwXD9JOhppulNIegxGHcsoF2yku3n7eaE1QjrECssl65nj5+YBJi3xFbjMdqaMONYxRv6o/gxuewCDTZwwdo80jhVm5EgQ== mad@AKVA9409"
+      ];
+    };
+
+   peyghamg = {
+      description = "Peygham Ghaffari Nooran";
+      home = "/home/peyghamg";
+      group = "peyghamg";
+      extraGroups = [
+        "users"
+      ];
+      uid = 1006;
+      isNormalUser = true;
+      createHome = false;
+      openssh.authorizedKeys.keys = [];
+    };
+
+   qin = {
+      description = "Qin Zhou";
+      home = "/home/qin";
+      group = "qin";
+      extraGroups = [
+        "users"
+      ];
+      uid = 1007;
+      isNormalUser = true;
+      createHome = false;
+      openssh.authorizedKeys.keys = [
+        "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAhrMpKwIKQoANoB0I7X9IXGVpfPVvjFjeuT7RGKO+XghSm88B0RTeBeiEcwp1fADUTdzbd00YhrWLIBSl3z/fyhG/k/EyOadNYn0BFenJ9IBxBFo/Nyhbfg1jKAO/OLN7S6WFWPvJzE/G6UP/wN1QBeJmM1iEIuorwwTifMGD0nM1DaQA9R9Ji56yn6Kzl2wym0z0WKyqrn+vTBh3YXJljEFboeuWlBL/a7R7W6XxJHPo0wZzKxE7mdEQqqGXioTUTPgyBLK1duS0YjWuMS/pfkMIji0kD50QtlA72h2p++43ZS1NpFK9d8q7C2ZxE/RlxAFGwUcKGhEIUdk3JRhfcQ== rsa-key-20210429"
+      ];
+    };
+
+   eli = {
+      description = "Eli Børve";
+      home = "/home/eli";
+      group = "eli";
+      extraGroups = [
+        "users"
+      ];
+      uid = 1008;
+      isNormalUser = true;
+      createHome = false;
+      openssh.authorizedKeys.keys = [
+        "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEA8cclW3+wlmFl4fNEIqudlrtKVsZCXdzLgXNaGnqZPbqUCVXqw6rigFXSPYnRnE47yi8heC+06ga+4l8LkAuFCPhoZN6xxq6M7qmlNRHtpNn6PrXuDaTkgNig9TD2BCbHGwkqIByPhea4qQbM0mLKRk+a4H0ZGHsJnZI+nm185sSo6jQJ1gCHLk6ZZOoRDGYjoZIs3En3fTSTJBfbluf5A/gVXf2pbvIQ+R5QEOszRcln6nFfTd2Lwu2t63jA1pHN3KQoKcJ9RtBrRC0ZgZrOlEU1bpGLwuHwpj5xoxlsoI49QMgqJL4PE06mNGLYuxl6N/Sj6l90fuPFrEQpf45S0w== rsa-key-20201217"
+        "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAvn2P+ID0J4SEIZF22Ewx4YqrUxgM78eUPZPtEngvQhi+s+lROpmkPPG7JQ2AO4tsATIOWHhXXerIciWuP5W8LikUmr4xXdQD7S1lbmH1sKvgyquPqyfjucQlP/efcoYXGQMp7tFs/1Z1RXPmq4oG3IZIy/wZOgiT8/wP/nCVOAahtAE1VxRldber286ruoF4e3GFjSxYafjyifaYwSvHySiKKqjVCaHw1oVv6bJn2H1sjuU19LSvDTZk+zMlWuxe1HW2dLtrGQGptd1JSURzmuc+stmrDBeiSGQ5QZza4+6TZKnSMNZ0RrjvTLlT+qW6OYMSPkiSDlEjkB47kIGQKQ== eli@AKVA9163"
+        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCzfAkO/BS5fjBABEq3L6b5IQ9MwTMM6D1y6T15NEnzaTHsWKuX+tkCA/h7NA4wM/WIvr5sDfiaZNNxZPYvUmMMGEerXQUVGZgJIOtL9UEpclfM0y/s9vMsavIlfyDYROp7/1fKqKjmbl+JpdxvHwoAEwiwKHBYiXGIUBvKvhWQhdNvSHM6Ac2zXSjKj6N47W72QkacL2G/DIipKYmTepVPX/QZAyfdDPYCf2y4/IGEHxehYRl4Z41NR4un/um5hThkQG0vqYLF2FIn9yYLVVtrUzh3P91EKi5i9eQzzP3UzvZcYJEqVZ8zqZDbb68zl39x2RYqW68gT5UcYUav7CKtPDF5HhyCHFhUuRCP+GUzUb/sMfrNmsMcpPZKXbFtluGtM8ZkuyH9BUeeyQ6MxBKaPAoWM5yvOmAM689LwEk1tklRpSGlYVO8eYrNxN/6Drd2oa70Wf3OP2d+ddu2G2hXw/YoW+dG1MYnoWpMFImkoOSfZR+1E6JUbDU9xIpeg00EAC9bDv6X6F/nen+rtWpL5igVmv0QQlojdfZMdRFXJlswFqLJFXO+XCSY/ALhoq3PSQipp6AmI0uW/F7RizoIiGN1cds3dg5EpdCHIK+TWpeVAjaByb4ih66tRq9KgtdBo/BEsfd2bSiDyCMtXRw09QhIHjpoRi1V7Hz1CRnJ3Q== akvaplan\elb@AKVA9319"
+      ];
+    };
+
+   ovanov = {
+      description = "Øyvind Leikvin";
+      home = "/home/ovanov";
+      group = "ovanov";
+      extraGroups = [
+        "users"
+      ];
+      uid = 1009;
+      isNormalUser = true;
+      createHome = false;
+      openssh.authorizedKeys.keys = [];
+    };
+
+    bast = {
+      description = "Radovan Bast";
+      home = "/home/bast";
+      group = "bast";
+      extraGroups = [
+        "users"
+        "wheel"
+        "root"
+      ];
+      uid = 1010;
+      isNormalUser = true;
+      createHome = false;
+      useDefaultShell = false;
+      shell = pkgs.fish;
+      openssh.authorizedKeys.keys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFbrEhm1acesXmbgfO5lN1gcTFXqusq61QyCZXunYJpl"
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIdcJteh9d/N1o8BbdEMRVxeMjm28saon/Oh2tV0+TYj"
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEg6tHlB5xco85d4XJja71hz1nEe9wFF1+ht8oKULkwh"
+      ];
+    };
+
+    marius = {
+      description = "Marius Indreberg";
+      home = "/home/marius";
+      group = "marius";
+      extraGroups = [
+        "users"
+      ];
+      uid = 1011;
+      isNormalUser = true;
+      createHome = false;
+      useDefaultShell = false;
+      shell = pkgs.fish;
+      openssh.authorizedKeys.keys = [
+        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8Q96rG6C8oX1fjW32yX0bPC3MOz2A6rUCPpoA5KqL0psJvA1ielUupBgo2uBlHG8UHOit5Ui23JVm4t/k7Czv0vbZ+Vx2qk52H1A+KKZByBWgEo+o+PpXZVNEfn6jQvVTOwSDSxTIO8UIMdFIfHjbYlpBN9JobK4b9OH3CUnnuqBxHtkef6dzy9XIDL8dX7HXK4/UcfoMy07gB/p/9Ij8i8CMlH7tX1IFJ7rICz2qsW5iSMpqOnClhyBYlm5VQ3OskLgTnTfBbNCTGkxuQlRpucqxW0J9Bas083N3TFWWhSHqnxTYlYmwAs+f07nIJpgOMYOPvHWIuiG1QvzIC2me/Hi0bbKd47HRwtLe0cMFItixv4ex9vvc8TOYwxruODnzAoeNT+Wn6MOEu44PXk5LezmGPhWLX0oaNNkiEFv4XQ4walZVJgiPmmLWgh0jit+D4omXlbUL8tHua5Ep+5InCOF4h8fisLXiJnzVkIo3teHJohXWs5ZkzowXHl4EmIDUlkEyVocFRodYmqkPDQWLb8pmWNbA5HIB9g/7Px1+8brTyhBcH80BRSmLfRR0nXPEwFupjuqfEQPgrRCT45QBA80OlmTMWcwO4fwZOeP+VPLalot7SHyjIivWb3LjLlasAU8w7QZbYa9MGoufVgOSsIi4Pgcwv+jK2cACWR24AQ== marius.indreberg@itpartner.no"
+      ];
+    };
+
+    michael = {
+      description = "Ka Hin (Michael) Lau";
+      home = "/home/michael";
+      group = "michael";
+      extraGroups = [
+        "users"
+      ];
+      uid = 1012;
+      isNormalUser = true;
+      createHome = false;
+      useDefaultShell = false;
+      shell = pkgs.fish;
+      openssh.authorizedKeys.keys = [
+        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQD0M91PbrPNi68wyQAsv+VWCSfGTLEALVu91O1b3p/pX45u4H2GzZ+I8KsXEWr/bkaH4OiZZHU+4oyrhSMvrquXTfPSBEkW9KXKGauAuQfvALhHenUbO7j25uyzq5MCiTtE7hmkPwNMqXhXkqqvbt8NC5qAyCf632iSJv6wDdAoW6gRocAJrqa1NMkdZ8gKAkUVVa8Wip3LUx00ybpoezH3YJTxwe3WNqy+WrNDVpzn7MgJaG0UIYqyFVPUbnvWEqzw0gHQWOFQoWe6vtlYME24rE5Sq+sCGwys+aJd5T5rUIITwcKfmS/4JJ27O6Sy8/qMJDnhDl+ROaQYFnVZjTjxvedt85Yplrl4CbKbObhwThZDs00BZ+31OLVh6/Di01SVxGkGzHNlJL0gTEN4t8VujbySzJkX4OKzlBYuzYQLKKnThQM7VUc95nYEEIbPE4MfWk3oBSpRRpqrCXYTjI0iV/JpdkSFjozX17Q7hNYVKfSpwzHaQXTWdQ/0eyEAeJs="
+      ];
+    };
+
+    yugaos = {
+      description = "Yuago Shen";
+      home = "/home/yugaos";
+      group = "yugaos";
+      extraGroups = [
+        "users"
+      ];
+      uid = 1013;
+      isNormalUser = true;
+      createHome = false;
+      useDefaultShell = true;
+      # shell = pkgs.fish;
+      openssh.authorizedKeys.keys = [
+        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDC5BCXIMi1BkCcT0Rod7BLUDhUaB7xjKLBBM62e+a/JGdjiIHnv3LCjEUGjXh4Nnx3DlUXhx7up2MN/8WjcBcMnA2JvMwCIAgTVWJleJycoeg6BZvCRn8ffkNPa4i2Mw4PsYhX2AFQnmy/pgK1tRNeCXKtQw37rNwz256eJRcf7Alxv7Jf3VlCy6r8aIMvEXZ1M5E+nHF4SWww8a82fpMmsYyBBp0PjNWxUSiZLB3Ip2nNvMDbqd11kWzALdh7EByKnWgfzI5kGpNkXSVRMgdljW20VuHoSvAeDYeiYBcxTQBeeVCH5P1NkMgntnKG3/brvYM3sPPfzE1PPGwClRRbeZsHkL8tGUcUYqm7tDPfts9UqO+xsOb6c2hw6y2/ogzzRhnpNlSYh9bu60aN+1QKUtFOXyIdnwvfbPkd5BXtttRrTvFbIFAseKko/tJl7qjtQIlgcl4PY4T9zagevrDlbf2iGnVMwi7gSLI6GxsavUTxf7JvzzbNBZjxt4x/j/k= yugaos@AKVA9452"
+      ];
+    };
+
+    ata = {
+      description = "Anne Tårånd Aasen";
+      home = "/home/ata";
+      group = "ata";
+      extraGroups = [
+        "users"
+      ];
+      uid = 1014;
+      isNormalUser = true;
+      createHome = false;
+      useDefaultShell = true;
+      # shell = pkgs.fish;
+      openssh.authorizedKeys.keys = [
+        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJDndk2/iDsj0dikNe4SugQDTeBWv90MHRRR8zNNXAKqECsIcAq4FuYsuckvvCtXaaeh6+UUuX2VnjQmbkq7pfiYsjS/wVsUHIxUo8kXX6+1OigDM+gXXcv9bbNRE/mBOmTg51vqTiceAOvzlqsvyt+jgAsja7C64UC74cy+cw1ecdYaYOKH7X5PSVdMowySHFjez2Iyn+akXTo+HHXTJGJFv1E4yPtEkEYUbNPntH8Aa3LehdF+Xo9sQBCM9Y+MRYx4fqG/6YkzycvXhdvfDeI04RkmqQZoqcO5kQ1FC3yYzz16uly0zyEWcNDaUztAgiF/DmEUM3VjxuX5Rajc5/ rsa-key-20210903"
+      ];
+    };
+
+    kvile = {
+      description = "Kristina Øie Kvile";
+      home = "/home/kvile";
+      group = "kvile";
+      extraGroups = [
+        "users"
+      ];
+      uid = 1015;
+      isNormalUser = true;
+      createHome = false;
+      useDefaultShell = true;
+      # shell = pkgs.fish;
+      openssh.authorizedKeys.keys = [
+        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCtB+HWtE4iXJiRVi1MUKaE3R3FAcHzCgiF84ho6GXKxx5H2iY8sgfxWo/lFSonhZKTo/+dHOYNKs42Q85ytG1rpcEYYVOK53mx8f7Z3THmw348a/+geM8Bukvo5pLc7KmXIvq6UQIjZmI/wnbA7B8MzLyrod71SaT1ujMEV1Jg0b3KnjS5kJnUHDICw3CdvuenNIgYl/zbTeEJ1iUu6T1TY+cNGG/7HOsaR1leCArDutHIKowcIFQFZoLEikM2DX5MSp9UBizAVogHugEqE2Bqh+C7NyTzJfQzR8s4drnt9IaptJQmCo6z9f+dQALjhftJXBDdkR6coMyOujV3Yyc5 rsa-key-20210928"
+      ];
+    };
+
+    achim = {
+      description = "Achim Randelhoff";
+      home = "/home/achim";
+      group = "achim";
+      extraGroups = [
+        "users"
+      ];
+      uid = 1016;
+      isNormalUser = true;
+      createHome = false;
+      useDefaultShell = true;
+      # shell = pkgs.fish;
+      openssh.authorizedKeys.keys = [
+        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCuShthrciA4hz3g/e4Q2S1L8OOyb0BpXg3FdjAhBHq8ZWK3GD40qyjmvk45EMX+2hZBXKKjEgO2ToTnH6P0NggwfBU9XhEb/SVxJwohJs55xRERT8jTXcYAXGrZntUg79ndWUHL2NzMMSJnJPEX1M3GZIymDxmUzsaagNvRI3kja42FNHtdX49hGSSygRoqjE+ui2lbFVi6+uY8TUdeW03+BYOgOJ8AtbvwP8MDZqUbHWc7fbg1DE3n52i+Uje2xyXPRwgCKZ0Ha0OLwiezKkVlUqc2gzSIQlKZ2Oy+9AE1knbCr5LVsarERUc17ux74fNQF8P6mCbbqvsgpX0KJK4yrjXPvkFVLcqmRXG+wyYuLLIAuNSG9N6rDgelBevTIqH+zZusXJm2du7mATgpEKBjYHlyS4tuf+gJaP26A2E1Eay5xxUKawm/PY71g/nMHlifYlnbz7fexQ/ObKCntLC0PP07xA6X8einCO81Q+8y0upa4hyzMkfHN4hcknXvj0= doppler@AKVA9454"
+      ];
+    };
+
+    mib = {
+      description = "Michael Bedington";
+      home = "/home/mib";
+      group = "mib";
+      extraGroups = [
+        "users"
+      ];
+      uid = 1017;
+      isNormalUser = true;
+      createHome = false;
+      useDefaultShell = true;
+      # shell = pkgs.fish;
+      openssh.authorizedKeys.keys = [
+      ];
+    };
+    # @usr@
+  };
+}