[21.05][PL-133327] WIP nixos/platform: make connect-timeout configurable

[Ma27]

Note: this requires testing on a 21.05 machine.

PL-133327

On 21.05 we don't nix.settings yet, so a custom option it is. Same idea as in #1274.

@flyingcircusio/release-managers

Release process

• Created changelog entry using ./changelog.sh: Followup for [PL-133327] nixos/platform: set Nix's connect-timeout to 1s #1256, no behavioral change.

PR release workflow (internal)

• PR has internal ticket
• internal issue ID (PL-…) part of branch name
• internal issue ID mentioned in PR description text
• ticket is on Platform agile board
• ticket state set to Pull request ready
• if ticket is more urgent than within the next few days, directly contact a member of the Platform team

Design notes

• Provide a feature toggle if the change might need to be adjusted/reverted quickly depending on context. Consider whether the default should be on or off. Example: rate limiting.
  • The option nix.settings.connect-timeout is now used. This can overriden to any value with mkForce.
• All customer-facing features and (NixOS) options need to be discoverable from documentation. Add or update relevant documentation such that hosted and guided customers can understand it as well.
  • New option with description got added.

Security implications

• Security requirments defined? (WHERE)
  • Maintaining Availability: Being able to quickly change the timeout in case of any issues.
• Security requirements tested? (EVIDENCE):
  • Activated on a test VM
  • Confirmed that overriding works via

{ lib, ... }: {
flyingcircus.nix.connectTimeout = lib.mkForce 23;
}