Use 10.106.0.0/24 subnet to avoid collisions

The 106 byte is the code for 'j' (jungle) in ASCII: % printf j | od -t d 0000000 106 0000001
Update fox documentation for SLURM and FS
2025-09-03 11:12:25 +02:00 · 2025-09-02 17:21:37 +02:00 · 2025-09-02 17:12:56 +02:00 · 2025-09-01 12:34:54 +02:00 · 2025-09-01 12:34:54 +02:00 · 2025-09-01 12:34:54 +02:00
12 changed files with 1 additions and 32 deletions
--- a/.gitattributes
+++ b/.gitattributes
@@ -1 +0,0 @@
-*.pdf filter=lfs diff=lfs merge=lfs -text
--- a/doc/Intel_Server_Board_S2600WF_TPS_2_6.pdf
+++ b/doc/Intel_Server_Board_S2600WF_TPS_2_6.pdf
--- a/doc/R1000WF_SystemIntegration_and_ServiceGuide_Rev2_4.pdf
+++ b/doc/R1000WF_SystemIntegration_and_ServiceGuide_Rev2_4.pdf
--- a/doc/SEL_TroubleshootingGuide.pdf
+++ b/doc/SEL_TroubleshootingGuide.pdf
--- a/doc/bsc-ssf.pdf
+++ b/doc/bsc-ssf.pdf
--- a/flake.nix
+++ b/flake.nix
@@ -5,7 +5,6 @@
    agenix.inputs.nixpkgs.follows = "nixpkgs";
    bscpkgs.url = "git+https://git.sr.ht/~rodarima/bscpkgs";
    bscpkgs.inputs.nixpkgs.follows = "nixpkgs";
-    self.lfs = false;
  };

  outputs = { self, nixpkgs, agenix, bscpkgs, ... }:
--- a/m/apex/nfs.nix
+++ b/m/apex/nfs.nix
@@ -8,7 +8,6 @@
    statdPort = 4000;
    exports = ''
      /home 10.0.40.0/24(rw,async,no_subtree_check,no_root_squash)
-      /home 10.106.0.0/24(rw,async,no_subtree_check,no_root_squash)
    '';
  };
  networking.firewall = {
@@ -28,21 +27,6 @@
      iptables -A nixos-fw -p udp -s 10.0.40.0/24 --dport 4001  -j nixos-fw-accept
      iptables -A nixos-fw -p udp -s 10.0.40.0/24 --dport 4002  -j nixos-fw-accept
      iptables -A nixos-fw -p udp -s 10.0.40.0/24 --dport 20048 -j nixos-fw-accept
-
-      # Accept NFS traffic from wg0
-      iptables -A nixos-fw -p tcp -i wg0 -s 10.106.0.0/24 --dport 111   -j nixos-fw-accept
-      iptables -A nixos-fw -p tcp -i wg0 -s 10.106.0.0/24 --dport 2049  -j nixos-fw-accept
-      iptables -A nixos-fw -p tcp -i wg0 -s 10.106.0.0/24 --dport 4000  -j nixos-fw-accept
-      iptables -A nixos-fw -p tcp -i wg0 -s 10.106.0.0/24 --dport 4001  -j nixos-fw-accept
-      iptables -A nixos-fw -p tcp -i wg0 -s 10.106.0.0/24 --dport 4002  -j nixos-fw-accept
-      iptables -A nixos-fw -p tcp -i wg0 -s 10.106.0.0/24 --dport 20048 -j nixos-fw-accept
-      # Same but UDP
-      iptables -A nixos-fw -p udp -i wg0 -s 10.106.0.0/24 --dport 111   -j nixos-fw-accept
-      iptables -A nixos-fw -p udp -i wg0 -s 10.106.0.0/24 --dport 2049  -j nixos-fw-accept
-      iptables -A nixos-fw -p udp -i wg0 -s 10.106.0.0/24 --dport 4000  -j nixos-fw-accept
-      iptables -A nixos-fw -p udp -i wg0 -s 10.106.0.0/24 --dport 4001  -j nixos-fw-accept
-      iptables -A nixos-fw -p udp -i wg0 -s 10.106.0.0/24 --dport 4002  -j nixos-fw-accept
-      iptables -A nixos-fw -p udp -i wg0 -s 10.106.0.0/24 --dport 20048 -j nixos-fw-accept
    '';
  };
 }
--- a/m/common/base/env.nix
+++ b/m/common/base/env.nix
@@ -4,7 +4,7 @@
  environment.systemPackages = with pkgs; [
    vim wget git htop tmux pciutils tcpdump ripgrep nix-index nixos-option
    nix-diff ipmitool freeipmi ethtool lm_sensors cmake gnumake file tree
-    ncdu config.boot.kernelPackages.perf ldns pv git-lfs
+    ncdu config.boot.kernelPackages.perf ldns pv
    # From bsckgs overlay
    osumb
  ];
--- a/m/fox/configuration.nix
+++ b/m/fox/configuration.nix
@@ -79,13 +79,6 @@
  fileSystems."/nvme0" = { device = "/dev/disk/by-label/nvme0"; fsType = "ext4"; };
  fileSystems."/nvme1" = { device = "/dev/disk/by-label/nvme1"; fsType = "ext4"; };

-  # Mount the NFS home
-  fileSystems."/nfs/home" = {
-    device = "10.106.0.30:/home";
-    fsType = "nfs";
-    options = [ "nfsvers=3" "rsize=1024" "wsize=1024" "cto" "nofail" ];
-  };
-
  # Make a /nvme{0,1}/$USER directory for each user.
  systemd.services.create-nvme-dirs = let
    # Take only normal users in fox
--- a/m/tent/gitea.nix
+++ b/m/tent/gitea.nix
@@ -26,7 +26,5 @@
        SENDMAIL_ARGS = "--";
      };
    };
-
-    lfs.enable = true;
  };
 }
--- a/m/tent/nginx.nix
+++ b/m/tent/nginx.nix
@@ -39,7 +39,6 @@ in
          rewrite ^/git/(.*) /$1 break;
          proxy_pass http://127.0.0.1:3000;
          proxy_redirect http:// $scheme://;
-          client_max_body_size 64M;
        }
        location /cache {
          rewrite ^/cache/(.*) /$1 break;
--- a/web/content/fox/_index.md
+++ b/web/content/fox/_index.md
@@ -100,8 +100,5 @@ Then just run `nix develop` from the same directory:

 The machine has several file systems available.

- `/nfs/home`: The `/home` from apex via NFS, which is also shared with other
-  xeon machines. It has about 2 ms of latency, so not suitable for quick random
-  access.
 - `/nvme{0,1}/$USER`: The two local NVME disks, very fast and large capacity.
 - `/tmp`: tmpfs, fast but not backed by a disk. Will be erased on reboot.
Author	SHA1	Message	Date
Rodrigo Arias Mallo	67a3f57362	Use 10.106.0.0/24 subnet to avoid collisions The 106 byte is the code for 'j' (jungle) in ASCII: % printf j \| od -t d 0000000 106 0000001	2025-09-03 11:12:25 +02:00
Rodrigo Arias Mallo	6f3d3db996	Update fox documentation for SLURM and FS	2025-09-02 17:21:37 +02:00
Rodrigo Arias Mallo	d7411159d2	Revert "Remove pam_slurm_adopt from fox" This reverts commit `64a52801ed`.	2025-09-02 17:12:56 +02:00
Rodrigo Arias Mallo	84b60eed04	Enable fail2ban in fox Protect fox against ssh bruteforce attacks: fox% sudo lastb \| head root ssh:notty 200.124.28.102 Mon Sep 1 11:25 - 11:25 (00:00) root ssh:notty 200.124.28.102 Mon Sep 1 11:25 - 11:25 (00:00) root ssh:notty 200.124.28.102 Mon Sep 1 11:25 - 11:25 (00:00) root ssh:notty 200.124.28.102 Mon Sep 1 11:25 - 11:25 (00:00) root ssh:notty 200.124.28.102 Mon Sep 1 11:25 - 11:25 (00:00) root ssh:notty 200.124.28.102 Mon Sep 1 11:25 - 11:25 (00:00) root ssh:notty 200.124.28.102 Mon Sep 1 11:25 - 11:25 (00:00) root ssh:notty 200.124.28.102 Mon Sep 1 11:25 - 11:25 (00:00) root ssh:notty 200.124.28.102 Mon Sep 1 11:24 - 11:24 (00:00) root ssh:notty 200.124.28.102 Mon Sep 1 11:24 - 11:24 (00:00)	2025-09-01 12:34:54 +02:00
Rodrigo Arias Mallo	3195952f5a	Accept connections from apex to fox slurmd	2025-09-01 12:34:54 +02:00
Rodrigo Arias Mallo	578869ce4c	Accept fox connection to slurm controller	2025-09-01 12:34:54 +02:00
Rodrigo Arias Mallo	9f82ac3ec7	Add fox machine to SLURM	2025-09-01 12:34:54 +02:00
Rodrigo Arias Mallo	7cc52b7f76	Rekey secrets with trusted fox key	2025-09-01 12:34:54 +02:00
Rodrigo Arias Mallo	642840a405	Trust fox for compute node secrets	2025-09-01 12:34:54 +02:00
Rodrigo Arias Mallo	79f6e0613e	Make apex host specific to each machine Allows direct contact via the VPN when accessing from fox, but use Internet when using the rest of the machines.	2025-09-01 12:34:50 +02:00
Rodrigo Arias Mallo	fc112b92e6	Add local host fox in apex	2025-09-01 12:34:21 +02:00
Rodrigo Arias Mallo	b5de3dc483	Enable wireguard in apex	2025-09-01 12:34:17 +02:00
Rodrigo Arias Mallo	9b2587d0d6	Add wireguard server in fox	2025-09-01 12:34:10 +02:00