Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[PL-133327] nixos/platform: use nix.settings for connect-timeout #1274

Merged
merged 1 commit into from
Feb 6, 2025
Merged

[PL-133327] nixos/platform: use nix.settings for connect-timeout #1274

merged 1 commit into from
Feb 6, 2025

Conversation

Ma27
Copy link
Member

@Ma27 Ma27 commented Feb 6, 2025

@osnyx this can be backported to 24.05 & 23.11. For 21.05 I'll need to check.

PL-133327

As discussed, it might be useful to have some kind of feature-flag for the connect-timeout since modifying declarations of nix.extraOptions is hard.

Instead, decided to just use nix.settings here, that way the timeout can be adjusted with primitives of the module system and without an additional option.

@flyingcircusio/release-managers

Release process

PR release workflow (internal)

  • PR has internal ticket
  • internal issue ID (PL-…) part of branch name
  • internal issue ID mentioned in PR description text
  • ticket is on Platform agile board
  • ticket state set to Pull request ready
  • if ticket is more urgent than within the next few days, directly contact a member of the Platform team

Design notes

  • Provide a feature toggle if the change might need to be adjusted/reverted quickly depending on context. Consider whether the default should be on or off. Example: rate limiting.
    • The option nix.settings.connect-timeout is now used. This can overriden to any value with mkForce.
  • All customer-facing features and (NixOS) options need to be discoverable from documentation. Add or update relevant documentation such that hosted and guided customers can understand it as well.
    • nix.settings has documentation already.

Security implications

  • Security requirements defined? (WHERE)
    • Maintaining Availability: Being able to quickly change the timeout in case of any issues.
  • Security requirements tested? (EVIDENCE)
    • Activated this change on a test VM. Then, confirmed that I can change the timeout with
{ lib, ... }: {
  nix.settings.connect-timeout = lib.mkForce 23;
}

@Ma27
nixos/platform: use nix.settings for connect-timeout
c406d00 
PL-133327

As discussed, it might be useful to have some kind of feature-flag for
the connect-timeout since modifying declarations of `nix.extraOptions`
is hard.

Instead, decided to just use `nix.settings` here, that way the timeout
can be adjusted with primitives of the module system and without an
additional option.
Ma27 added a commit that referenced this pull request Feb 6, 2025
@Ma27
nixos/platform: make connect-timeout configurable
6e6bd86 
PL-133327

On 21.05 we don't `nix.settings` yet, so a custom option it is.
Same idea as in #1274.
@Ma27 Ma27 mentioned this pull request Feb 6, 2025
Closed
11 tasks
osnyx
osnyx approved these changes Feb 6, 2025
View reviewed changes
nixos/platform/default.nix
@@ -298,7 +298,6 @@ in {
http-connections = 2
log-lines = 25
experimental-features = nix-command flakes fetch-closure
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can also move the other extraOptions over to settings.
It's okay not to do this in this PR, because this keeps the change down to its intended minimal core, and it remains backportable.

@osnyx osnyx merged commit ae1dfb4 into fc-24.11-dev Feb 6, 2025
2 checks passed
@osnyx osnyx deleted the PL-133327-connect-timeout-followup branch February 6, 2025 13:48
This was referenced Feb 6, 2025
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@osnyx osnyx osnyx approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Ma27 @osnyx