Admin guide
The day-to-day workflow for running a nexum instance: adding nodes, defining Environments, approving users, and assigning resources.
1. Add a node
Dashboard → Nodes → + Add node (hostname, type, management IP). You'll get a curl | sudo bash command with a one-time enrollment token (shown once): run it on the Linux node. It installs the agent, sets up the systemd service, and completes enrollment automatically. Status flips to online on the first heartbeat.
2. Create an Environment
Dashboard → Environments → + New Environment:
- GPU enforcement mode —
soft(no hard isolation, trusted labs),cgroup(CPU/RAM limits + GPU masking),mig(NVIDIA MIG instances, requires compatible GPU),container(per-session Docker with GPU passthrough). - Tunnel provider —
ssh_proxy_jump(no external dependency) ornetbird(requiresNEXUM_NETBIRD_API_URL/NEXUM_NETBIRD_API_TOKEN). - Default CPU/RAM limits and expiry (applied to assignments unless overridden).
Then + Add node on the Environment to attach the nodes that will serve it. A node can belong to multiple Environments. If the mode is mig, adding a node fails unless it reports MIG-capable GPUs.
3. Approve and assign a user
The system is invite-only. Dashboard → Users → Invite (email): the user gets a link to complete name/password. After logging in, they upload their SSH public key from the portal.
Once a user has an SSH key, admin can: Users → Assign Environment → pick the Environment, GPU/CPU/RAM requested, and whether the assignment should be fixed (pinned to a specific node) or dynamic (the control plane picks the first node in the Environment with a free GPU). If there's no free capacity, the assignment fails with an explicit error.
4. Revoke access
Dashboard → Assignments → Revoke. The agent removes the key/user on the node at the next heartbeat (interval configurable, default 30s).
5. Audit log
Dashboard → Audit log: every administrative action (invite, node/Environment creation, assignment, revocation) is recorded immutably with actor, target, and details.