From 28540d8cf3a351c8e8b701d765c0f67e8b2853af Mon Sep 17 00:00:00 2001
From: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
Date: Wed, 27 Aug 2025 12:59:21 +0200
Subject: [PATCH] Add firewall rules to slurm server
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Reviewed-by: Aleix Boné <abonerib@bsc.es>
---
 m/module/slurm-server.nix | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/m/module/slurm-server.nix b/m/module/slurm-server.nix
index f84085d0..65361369 100644
--- a/m/module/slurm-server.nix
+++ b/m/module/slurm-server.nix
@@ -6,4 +6,13 @@
   ];
 
   services.slurm.server.enable = true;
+
+  networking.firewall = {
+    extraCommands = ''
+      # Accept slurm connections to controller from compute nodes
+      iptables -A nixos-fw -p tcp -s 10.0.40.0/24 --dport 6817 -j nixos-fw-accept
+      # Accept slurm connections from compute nodes for srun
+      iptables -A nixos-fw -p tcp -s 10.0.40.0/24 --dport 60000:61000 -j nixos-fw-accept
+    '';
+  };
 }