Add /nfs/home to fox documentation

Mount home via NFS from apex in fox
Allow access to NFS via wireguard subnet
2025-09-03 15:31:29 +02:00 · 2025-09-03 15:12:47 +02:00 · 2025-09-03 13:16:27 +02:00
3 changed files with 26 additions and 0 deletions
--- a/m/apex/nfs.nix
+++ b/m/apex/nfs.nix
@@ -8,6 +8,7 @@
    statdPort = 4000;
    exports = ''
      /home 10.0.40.0/24(rw,async,no_subtree_check,no_root_squash)
      /home 10.106.0.0/24(rw,async,no_subtree_check,no_root_squash)
    '';
  };
  networking.firewall = {
@@ -27,6 +28,21 @@
      iptables -A nixos-fw -p udp -s 10.0.40.0/24 --dport 4001  -j nixos-fw-accept
      iptables -A nixos-fw -p udp -s 10.0.40.0/24 --dport 4002  -j nixos-fw-accept
      iptables -A nixos-fw -p udp -s 10.0.40.0/24 --dport 20048 -j nixos-fw-accept
      # Accept NFS traffic from wg0
      iptables -A nixos-fw -p tcp -i wg0 -s 10.106.0.0/24 --dport 111   -j nixos-fw-accept
      iptables -A nixos-fw -p tcp -i wg0 -s 10.106.0.0/24 --dport 2049  -j nixos-fw-accept
      iptables -A nixos-fw -p tcp -i wg0 -s 10.106.0.0/24 --dport 4000  -j nixos-fw-accept
      iptables -A nixos-fw -p tcp -i wg0 -s 10.106.0.0/24 --dport 4001  -j nixos-fw-accept
      iptables -A nixos-fw -p tcp -i wg0 -s 10.106.0.0/24 --dport 4002  -j nixos-fw-accept
      iptables -A nixos-fw -p tcp -i wg0 -s 10.106.0.0/24 --dport 20048 -j nixos-fw-accept
      # Same but UDP
      iptables -A nixos-fw -p udp -i wg0 -s 10.106.0.0/24 --dport 111   -j nixos-fw-accept
      iptables -A nixos-fw -p udp -i wg0 -s 10.106.0.0/24 --dport 2049  -j nixos-fw-accept
      iptables -A nixos-fw -p udp -i wg0 -s 10.106.0.0/24 --dport 4000  -j nixos-fw-accept
      iptables -A nixos-fw -p udp -i wg0 -s 10.106.0.0/24 --dport 4001  -j nixos-fw-accept
      iptables -A nixos-fw -p udp -i wg0 -s 10.106.0.0/24 --dport 4002  -j nixos-fw-accept
      iptables -A nixos-fw -p udp -i wg0 -s 10.106.0.0/24 --dport 20048 -j nixos-fw-accept
    '';
  };
 }
--- a/m/fox/configuration.nix
+++ b/m/fox/configuration.nix
@@ -79,6 +79,13 @@
  fileSystems."/nvme0" = { device = "/dev/disk/by-label/nvme0"; fsType = "ext4"; };
  fileSystems."/nvme1" = { device = "/dev/disk/by-label/nvme1"; fsType = "ext4"; };
  # Mount the NFS home
  fileSystems."/nfs/home" = {
    device = "10.106.0.30:/home";
    fsType = "nfs";
    options = [ "nfsvers=3" "rsize=1024" "wsize=1024" "cto" "nofail" ];
  };
  # Make a /nvme{0,1}/$USER directory for each user.
  systemd.services.create-nvme-dirs = let
    # Take only normal users in fox
--- a/web/content/fox/_index.md
+++ b/web/content/fox/_index.md
@@ -100,5 +100,8 @@ Then just run `nix develop` from the same directory:
 The machine has several file systems available.
 - `/nfs/home`: The `/home` from apex via NFS, which is also shared with other
  xeon machines. It has about 2 ms of latency, so not suitable for quick random
  access.
 - `/nvme{0,1}/$USER`: The two local NVME disks, very fast and large capacity.
 - `/tmp`: tmpfs, fast but not backed by a disk. Will be erased on reboot.
Author	SHA1	Message	Date
Rodrigo Arias Mallo	940077c7a6	Add /nfs/home to fox documentation	2025-09-03 15:31:29 +02:00
Rodrigo Arias Mallo	a9070f01c4	Mount home via NFS from apex in fox	2025-09-03 15:12:47 +02:00
Rodrigo Arias Mallo	50c5e3a1e5	Allow access to NFS via wireguard subnet	2025-09-03 13:16:27 +02:00