jungle

Author	SHA1	Message	Date
Rodrigo Arias Mallo	f2c0dcd437	Restrict fox peer to a single IP Reviewed-by: Aleix Boné <abonerib@bsc.es>	2025-10-01 16:40:18 +02:00
Rodrigo Arias Mallo	32d3d26abd	Use lowercase peer hostnames Reviewed-by: Aleix Boné <abonerib@bsc.es>	2025-10-01 16:40:18 +02:00
Rodrigo Arias Mallo	e259b6cd2a	Allow access to NFS via wireguard subnet Reviewed-by: Aleix Roca Nonell <aleix.rocanonell@bsc.es>	2025-10-01 16:40:18 +02:00
Rodrigo Arias Mallo	6ad78795d6	Use 10.106.0.0/24 subnet to avoid collisions The 106 byte is the code for 'j' (jungle) in ASCII: % printf j \| od -t d 0000000 106 0000001 Reviewed-by: Aleix Roca Nonell <aleix.rocanonell@bsc.es>	2025-10-01 16:40:18 +02:00
Rodrigo Arias Mallo	9912348c74	Add local host fox in apex Reviewed-by: Aleix Roca Nonell <aleix.rocanonell@bsc.es>	2025-10-01 16:40:18 +02:00
Rodrigo Arias Mallo	e19694fae2	Enable wireguard in apex Reviewed-by: Aleix Roca Nonell <aleix.rocanonell@bsc.es>	2025-10-01 16:40:18 +02:00
Rodrigo Arias Mallo	f0f5712cd0	Only configure apex as slurm server Reviewed-by: Aleix Boné <abonerib@bsc.es>	2025-10-01 16:40:18 +02:00
Rodrigo Arias Mallo	076684b97f	Move slurm control server to apex Reviewed-by: Aleix Boné <abonerib@bsc.es>	2025-10-01 16:40:18 +02:00
Rodrigo Arias Mallo	16f1a65d33	Ban another scanner trying to connect via SSH It is constantly spamming out logs: apex# journalctl \| grep 'Connection closed by 84.88.52.176' \| wc -l 2255 Reviewed-by: Aleix Boné <abonerib@bsc.es>	2025-10-01 16:40:17 +02:00
Rodrigo Arias Mallo	77a9e5f4be	Silently ban OpenVAS BSC scanner from apex It is spamming our logs with refused connection lines: apex% sudo journalctl -b0 \| grep 'refused connection.*SRC=192.168.8.16' \| wc -l 13945 Reviewed-by: Aleix Boné <abonerib@bsc.es>	2025-10-01 16:40:17 +02:00
Rodrigo Arias Mallo	65cda794be	Remove extra flush commands on firewall stop They are not needed as they are already flushed when the firewall starts or stops. Reviewed-by: Aleix Boné <abonerib@bsc.es>	2025-10-01 16:40:17 +02:00
Rodrigo Arias Mallo	10adc7cbed	Add proxy configuration for internal hosts Access internal hosts via apex proxy. From the compute nodes we first open an SSH connection to apex, and then tunnel it through the HTTP proxy with netcat. This way we allow reaching internal GitLab repositories without requiring the user to have credentials in the remote host, while we can use multiple remotes to provide redundancy. Reviewed-by: Aleix Boné <abonerib@bsc.es>	2025-10-01 16:40:17 +02:00
Rodrigo Arias Mallo	847709b209	Make NFS mount async to improve latency Don't wait to flush writes, as we don't care about consistency on a crash: > This option allows the NFS server to violate the NFS protocol and > reply to requests before any changes made by that request have been > committed to stable storage (e.g. disc drive). > > Using this option usually improves performance, but at the cost that > an unclean server restart (i.e. a crash) can cause data to be lost or > corrupted. Reviewed-by: Aleix Boné <abonerib@bsc.es>	2025-10-01 16:40:17 +02:00
Rodrigo Arias Mallo	6551dce813	Disable root_squash from NFS Allows root to read files in the NFS export, so we can directly run `nixos-rebuild switch` from /home. Reviewed-by: Aleix Boné <abonerib@bsc.es>	2025-10-01 16:40:17 +02:00
Rodrigo Arias Mallo	9ae2c79202	Add storcli utility to apex Reviewed-by: Aleix Boné <abonerib@bsc.es>	2025-10-01 16:40:17 +02:00
Rodrigo Arias Mallo	4fcdcd064d	Add new configuration for apex Reviewed-by: Aleix Boné <abonerib@bsc.es>	2025-10-01 16:40:17 +02:00

16 Commits