From 46cf9da93f02e73163f2a214152c34fae344d979 Mon Sep 17 00:00:00 2001
From: Jonas Juselius <jonas.juselius@oceanbox.io>
Date: Thu, 25 Sep 2025 12:16:42 +0200
Subject: [PATCH] feat: allow tailnet access

---
 rossby/default.nix | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/rossby/default.nix b/rossby/default.nix
index 5e7ab7d..b2c3be0 100644
--- a/rossby/default.nix
+++ b/rossby/default.nix
@@ -106,6 +106,7 @@ let
       firewall.extraCommands = ''
         iptables -I INPUT -s 172.16.239.0/24 -j ACCEPT
         iptables -I INPUT -s 10.1.6.0/24 -j ACCEPT
+        iptables -I INPUT -s 10.64.0.0/24 -j ACCEPT
       '';
     };
 
@@ -142,13 +143,15 @@ let
         enable = true;
         client = true;
         mungeKey = ./munge.key;
+        jwtKey = ./jwt_hs256.key;
         mungeUid = mkDefault 994; # hack
+        # slurmUid = mkDefault 307; # hack
         # pkey = "0x7666";
         controlMachine = "rossby-manage";
         mailDomain = "oceanbox.io";
         nodeName = [
           "c0-[1-20] Sockets=2 CoresPerSocket=64 ThreadsPerCore=2 RealMemory=382000 TmpDisk=400000 State=UNKNOWN"
-          "rossby-login Sockets=1 CoresPerSocket=64 ThreadsPerCore=2 RealMemory=60000 TmpDisk=400000 State=UNKNOWN"
+          "rossby-login Sockets=1 CoresPerSocket=64 ThreadsPerCore=2 RealMemory=40000 TmpDisk=400000 State=UNKNOWN"
           "rossby-manage Sockets=1 CoresPerSocket=64 ThreadsPerCore=2 RealMemory=60000 TmpDisk=400000 State=UNKNOWN"
         ];
         partitionName = [