diff --git a/m/apex/nfs.nix b/m/apex/nfs.nix index b1668c15..8334d507 100644 --- a/m/apex/nfs.nix +++ b/m/apex/nfs.nix @@ -8,6 +8,7 @@ statdPort = 4000; exports = '' /home 10.0.40.0/24(rw,async,no_subtree_check,no_root_squash) + /home 10.106.0.0/24(rw,async,no_subtree_check,no_root_squash) ''; }; networking.firewall = { @@ -27,6 +28,21 @@ iptables -A nixos-fw -p udp -s 10.0.40.0/24 --dport 4001 -j nixos-fw-accept iptables -A nixos-fw -p udp -s 10.0.40.0/24 --dport 4002 -j nixos-fw-accept iptables -A nixos-fw -p udp -s 10.0.40.0/24 --dport 20048 -j nixos-fw-accept + + # Accept NFS traffic from wg0 + iptables -A nixos-fw -p tcp -i wg0 -s 10.106.0.0/24 --dport 111 -j nixos-fw-accept + iptables -A nixos-fw -p tcp -i wg0 -s 10.106.0.0/24 --dport 2049 -j nixos-fw-accept + iptables -A nixos-fw -p tcp -i wg0 -s 10.106.0.0/24 --dport 4000 -j nixos-fw-accept + iptables -A nixos-fw -p tcp -i wg0 -s 10.106.0.0/24 --dport 4001 -j nixos-fw-accept + iptables -A nixos-fw -p tcp -i wg0 -s 10.106.0.0/24 --dport 4002 -j nixos-fw-accept + iptables -A nixos-fw -p tcp -i wg0 -s 10.106.0.0/24 --dport 20048 -j nixos-fw-accept + # Same but UDP + iptables -A nixos-fw -p udp -i wg0 -s 10.106.0.0/24 --dport 111 -j nixos-fw-accept + iptables -A nixos-fw -p udp -i wg0 -s 10.106.0.0/24 --dport 2049 -j nixos-fw-accept + iptables -A nixos-fw -p udp -i wg0 -s 10.106.0.0/24 --dport 4000 -j nixos-fw-accept + iptables -A nixos-fw -p udp -i wg0 -s 10.106.0.0/24 --dport 4001 -j nixos-fw-accept + iptables -A nixos-fw -p udp -i wg0 -s 10.106.0.0/24 --dport 4002 -j nixos-fw-accept + iptables -A nixos-fw -p udp -i wg0 -s 10.106.0.0/24 --dport 20048 -j nixos-fw-accept ''; }; } diff --git a/m/fox/configuration.nix b/m/fox/configuration.nix index fc35e0d1..2d5f00e2 100644 --- a/m/fox/configuration.nix +++ b/m/fox/configuration.nix @@ -79,6 +79,13 @@ fileSystems."/nvme0" = { device = "/dev/disk/by-label/nvme0"; fsType = "ext4"; }; fileSystems."/nvme1" = { device = "/dev/disk/by-label/nvme1"; fsType = "ext4"; }; + # Mount the NFS home + fileSystems."/nfs/home" = { + device = "10.106.0.30:/home"; + fsType = "nfs"; + options = [ "nfsvers=3" "rsize=1024" "wsize=1024" "cto" "nofail" ]; + }; + # Make a /nvme{0,1}/$USER directory for each user. systemd.services.create-nvme-dirs = let # Take only normal users in fox diff --git a/web/content/fox/_index.md b/web/content/fox/_index.md index e713c2cf..b465b209 100644 --- a/web/content/fox/_index.md +++ b/web/content/fox/_index.md @@ -100,5 +100,8 @@ Then just run `nix develop` from the same directory: The machine has several file systems available. +- `/nfs/home`: The `/home` from apex via NFS, which is also shared with other + xeon machines. It has about 2 ms of latency, so not suitable for quick random + access. - `/nvme{0,1}/$USER`: The two local NVME disks, very fast and large capacity. - `/tmp`: tmpfs, fast but not backed by a disk. Will be erased on reboot.