From 2a07df1d307cd0a5523dad54908386a6bb34e981 Mon Sep 17 00:00:00 2001 From: Rodrigo Arias Mallo Date: Wed, 3 Sep 2025 13:16:27 +0200 Subject: [PATCH 1/3] Allow access to NFS via wireguard subnet Reviewed-by: Aleix Roca Nonell --- m/apex/nfs.nix | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/m/apex/nfs.nix b/m/apex/nfs.nix index b1668c15..8334d507 100644 --- a/m/apex/nfs.nix +++ b/m/apex/nfs.nix @@ -8,6 +8,7 @@ statdPort = 4000; exports = '' /home 10.0.40.0/24(rw,async,no_subtree_check,no_root_squash) + /home 10.106.0.0/24(rw,async,no_subtree_check,no_root_squash) ''; }; networking.firewall = { @@ -27,6 +28,21 @@ iptables -A nixos-fw -p udp -s 10.0.40.0/24 --dport 4001 -j nixos-fw-accept iptables -A nixos-fw -p udp -s 10.0.40.0/24 --dport 4002 -j nixos-fw-accept iptables -A nixos-fw -p udp -s 10.0.40.0/24 --dport 20048 -j nixos-fw-accept + + # Accept NFS traffic from wg0 + iptables -A nixos-fw -p tcp -i wg0 -s 10.106.0.0/24 --dport 111 -j nixos-fw-accept + iptables -A nixos-fw -p tcp -i wg0 -s 10.106.0.0/24 --dport 2049 -j nixos-fw-accept + iptables -A nixos-fw -p tcp -i wg0 -s 10.106.0.0/24 --dport 4000 -j nixos-fw-accept + iptables -A nixos-fw -p tcp -i wg0 -s 10.106.0.0/24 --dport 4001 -j nixos-fw-accept + iptables -A nixos-fw -p tcp -i wg0 -s 10.106.0.0/24 --dport 4002 -j nixos-fw-accept + iptables -A nixos-fw -p tcp -i wg0 -s 10.106.0.0/24 --dport 20048 -j nixos-fw-accept + # Same but UDP + iptables -A nixos-fw -p udp -i wg0 -s 10.106.0.0/24 --dport 111 -j nixos-fw-accept + iptables -A nixos-fw -p udp -i wg0 -s 10.106.0.0/24 --dport 2049 -j nixos-fw-accept + iptables -A nixos-fw -p udp -i wg0 -s 10.106.0.0/24 --dport 4000 -j nixos-fw-accept + iptables -A nixos-fw -p udp -i wg0 -s 10.106.0.0/24 --dport 4001 -j nixos-fw-accept + iptables -A nixos-fw -p udp -i wg0 -s 10.106.0.0/24 --dport 4002 -j nixos-fw-accept + iptables -A nixos-fw -p udp -i wg0 -s 10.106.0.0/24 --dport 20048 -j nixos-fw-accept ''; }; } -- 2.51.2 From 2ed881cd898d1efc2ba7ab8a5c4bfe2487fdf10a Mon Sep 17 00:00:00 2001 From: Rodrigo Arias Mallo Date: Wed, 3 Sep 2025 13:24:06 +0200 Subject: [PATCH 2/3] Mount home via NFS from apex in fox Reviewed-by: Aleix Roca Nonell --- m/fox/configuration.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/m/fox/configuration.nix b/m/fox/configuration.nix index fc35e0d1..2d5f00e2 100644 --- a/m/fox/configuration.nix +++ b/m/fox/configuration.nix @@ -79,6 +79,13 @@ fileSystems."/nvme0" = { device = "/dev/disk/by-label/nvme0"; fsType = "ext4"; }; fileSystems."/nvme1" = { device = "/dev/disk/by-label/nvme1"; fsType = "ext4"; }; + # Mount the NFS home + fileSystems."/nfs/home" = { + device = "10.106.0.30:/home"; + fsType = "nfs"; + options = [ "nfsvers=3" "rsize=1024" "wsize=1024" "cto" "nofail" ]; + }; + # Make a /nvme{0,1}/$USER directory for each user. systemd.services.create-nvme-dirs = let # Take only normal users in fox -- 2.51.2 From d3b355f6511288e70f22d73cb88473a1a8e65716 Mon Sep 17 00:00:00 2001 From: Rodrigo Arias Mallo Date: Wed, 3 Sep 2025 15:31:29 +0200 Subject: [PATCH 3/3] Add /nfs/home to fox documentation Reviewed-by: Aleix Roca Nonell --- web/content/fox/_index.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/web/content/fox/_index.md b/web/content/fox/_index.md index e713c2cf..b465b209 100644 --- a/web/content/fox/_index.md +++ b/web/content/fox/_index.md @@ -100,5 +100,8 @@ Then just run `nix develop` from the same directory: The machine has several file systems available. +- `/nfs/home`: The `/home` from apex via NFS, which is also shared with other + xeon machines. It has about 2 ms of latency, so not suitable for quick random + access. - `/nvme{0,1}/$USER`: The two local NVME disks, very fast and large capacity. - `/tmp`: tmpfs, fast but not backed by a disk. Will be erased on reboot. -- 2.51.2