Rename "delft" into a more meaningful / discoverable name

[delroth]

"core-infra" to contrast with "non-critical-infra"?

Nothing in delft/ has been hosted at TU Delft for years, and while the historical nod is fun, it's also afaict not documented anywhere and increases barrier to entry.

[zimbatm]

How about:

• build
• other

As two categories? Might be a bit shorter.

Technically Eelco and I have super-core access, with also access to the root AWS accounts and Gandi.

[delroth]

I don't think it's just "build" that we should consider critical though. For example: channel scripts aren't strictly build, but since they control directly what installation medium gets linked to users on the homepage, they're a prime target for compromise.

"core" vs. others is mostly a trust / security boundary, so I think we should choose naming which reflects that more than the actual pieces of infra that currently belong there.

In any case that's nitpicking since either of the proposals are better than "delft" :) but it's probably worth discussing to avoid names that have obvious issues.

On Sun, 28 Jan 2024, 18:23 Jonas Chevalier, @.***> wrote:

How about:

• build
• other

As two categories? Might be a bit shorter.

Technically Eelco and I have super-core access, with also access to the root AWS accounts and Gandi.

— Reply to this email directly, view it on GitHub https://github.com/NixOS/nixos-org-configurations/issues/339#issuecomment-1913666794, or unsubscribe https://github.com/notifications/unsubscribe-auth/AABRQLUFVVLHDH443X7IZX3YQ2CPXAVCNFSM6AAAAABCNIZP3SVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSMJTGY3DMNZZGQ . You are receiving this because you authored the thread.Message ID: @.***>

[vcunat]

Splitting machines by the (two sub-)teams make sense to me, and there we use "-build".

[delroth]

Splitting machines by the (two sub-)teams make sense to me, and there we use "-build".

Maybe @zimbatm can correct me but I don't think a ton of thought was given to that naming, and we can probably change it to match :)

[mweinelt]

I think core (everything) and build (except this specialty) would make the non-critical-infra name simpler and give it more value. Except, if you think that build is at the core of our infra.

[zimbatm]

Maybe @zimbatm can correct me but I don't think a ton of thought was given to that naming, and we can probably change it to match :)

Not really :) If you have a better idea, I'd love to adopt it.

Category mapping exercises are tricky. There is always this tension. Either we go with descriptive names and then some things inevitably don't map fully. Or we use random words and have to constantly lookup or remember the mapping. I think the trick is to pick something relatively descriptive that makes sense to us today, and change it when it gets painful.

In Bitwarden I have "infra-core" for Eelco and me. Then "infra-build" for core + people who have access to the signing key. Then "infra" for core + build + the rest of the team. I think that matches what you have in mind @mweinelt ?

[mweinelt]

My thought would be more along the line of

owners ⊂ build ⊂ core

could replace core with another word, like base, community, services.

[edolstra]

Just rename "delft" to "hydra.nixos.org". Because that's what it is. There are some bits in there that might be used by other stuff (like grafana/prometheus) but those could be moved out in a future step.