feat(nasp): dnew

This commit is contained in:
Dict Xiong 2024-05-29 15:36:56 +08:00
parent 5c0abba619
commit 448b6507f1
2 changed files with 93 additions and 7 deletions

View File

@ -4,6 +4,7 @@ let
mainCfg = config.nasp;
hostName = ("g" + (builtins.toString mainCfg.serial));
ipSuffix = (builtins.toString (mainCfg.serial + 100));
dnew = (pkgs.writeShellScriptBin "dnew" (builtins.readFile ./scripts/dnew));
in
{
options.nasp = {
@ -118,6 +119,8 @@ in
sysstat tcpdump unzip usbutils virt-what zip
# full
wireshark zmap
# custom
dnew
];
programs.zsh.enable = true;
services.cron.enable = true;
@ -201,13 +204,12 @@ in
};
users.groups.nasp = {};
security.sudo.extraConfig = ''
%nasp ALL = (root) NOPASSWD: /usr/bin/docker
%nasp ALL = (root) NOPASSWD: /usr/sbin/reboot
%nasp ALL = (root) NOPASSWD: /usr/bin/whoami
%nasp ALL = (root) NOPASSWD: /usr/bin/nvidia-smi
%nasp ALL = (root) NOPASSWD: /usr/sbin/shutdown
%nasp ALL = (root) NOPASSWD: /usr/sbin/ufw
%nasp ALL = (root) NOPASSWD: /usr/sbin/ip
%nasp ALL = (root) NOPASSWD: /run/current-system/sw/bin/docker
%nasp ALL = (root) NOPASSWD: /run/current-system/sw/bin/reboot
%nasp ALL = (root) NOPASSWD: /run/current-system/sw/bin/whoami
%nasp ALL = (root) NOPASSWD: /run/current-system/sw/bin/nvidia-smi
%nasp ALL = (root) NOPASSWD: /run/current-system/sw/bin/shutdown
%nasp ALL = (root) NOPASSWD: /run/current-system/sw/bin/ip
'';
};
}

84
hosts/modules/scripts/dnew Executable file
View File

@ -0,0 +1,84 @@
#!/usr/bin/env bash
set -e
trap 'echo "An error occurred. Please contact the manager." >&2' ERR
echo "================== dnew ==================="
echo "=== contact: xd21@mails.tsinghua.edu.cn ==="
test_not_empty()
{
if [[ -z "$1" ]]; then
echo $2 >&2
exit
fi
}
ask_for_yN()
{
if [[ "$DFS_QUIET" == "1" ]]; then
echo 0
else
read -p "$1 [yN]: " yn
case $yn in
[Yy]* ) echo 1;;
* ) echo 0;;
esac
fi
}
container_name=$(whoami)_$(date +%y%m%d-%H%M%S)
base_command="sudo docker run -d --net=host -v /home2:/home2 \\
--cap-add=SYS_NICE --cap-add=IPC_LOCK \\
--security-opt seccomp=unconfined --ulimit memlock=-1:-1 \\
--restart=unless-stopped \\
--name $container_name"
if [[ "$EUID" == "0" ]]; then
echo "Please run as your own user (i.e., DO NOT sudo)."
exit 1
fi
ret=$(ask_for_yN "Use GPU?")
if [[ "$ret" == "1" ]]; then
base_command="$base_command \\
--runtime=nvidia -e NVIDIA_VISIBLE_DEVICES=all"
fi
ret=$(ask_for_yN "Use RDMA?")
if [[ "$ret" == "1" ]]; then
base_command="$base_command \\
--device=/dev/infiniband/uverbs0"
fi
read -p "Image name (default: git.nasp.fit/nasp/nasp-ubuntu): "
if [[ -z "$REPLY" ]]; then
image_name="git.nasp.fit/nasp/nasp-ubuntu"
else
image_name="$REPLY"
fi
base_command="$base_command \\
-it $image_name"
read -p "Start up command (default: /etc/startup.sh): "
if [[ -z "$REPLY" ]]; then
cmd="/etc/startup.sh"
else
cmd="$REPLY"
fi
base_command="$base_command $cmd"
echo "Will run:"
echo "====="
echo "$base_command"
echo "====="
ret=$(ask_for_yN "Start the container?")
if [[ "$ret" == "1" ]]; then
eval "$base_command"
echo "Container $container_name started. You can use the following command to get in:"
echo "sudo docker exec -it $container_name bash"
else
echo "Aborted."
fi