dns: `hydra.ngi0, buildbot.ngi → makemake`

[lorenzleutgeb]

The Hydra instance at hydra.ngi0.nixos.org is being sunset and will be replaced by a buildbot instance, see https://github.com/ngi-nix/ngipkgs/issues/200. The CNAME will be removed once we've moved to buildbot.

Some context:

• The host config for hydra.ngi0.nixos.org was moved from this repo to ngi-nix/ngi0-infra, see https://github.com/NixOS/infra/issues/326
• We're now moving it from there to ngi-nix/ngipkgs, see https://github.com/ngi-nix/ngipkgs/pull/201

cc @Erethon

[Erethon]

Given I don't see any mentions of this in any issues, do we want to move away from ngi0.nixos.org and into ngi.nixos.org in general or is this a typo? cache.ngi0.nixos.org is the other ngi0 domain I see.

[lorenzleutgeb]

Not a typo. AFAIK we're somewhere under the NGI umbrella (NGI Zero, NGI Assure, NGI Taler, ...). When Ronny Lam (NLNet) was a guest at the NixOS Developer Dialogues, he put the NGI Assure logo on a slide. Most of the projects we worked on were indeed part of NGI Zero (and its "innovation actions" NGI Zero Entrust, NGI Zero Review, NGI Zero Core, NGI Commons Fund). NGI Taler and NGI Mobifree appear to be newer projects, and I am not sure whether we do/will relate to them. Note also that it's called github.com/ngi-nix and not github.com/ngi0-nix as well as github.com/ngi-nix/ngipkgs and not github.com/ngi-nix/ngi0pkgs and the README.md of that repo mentions "NGI" where it could mention "NGI Zero". I have a hunch that NGI Zero is something more transient and NGI will stay.

[mweinelt]

IIRC the NGI hydra was used to test CA derivations. Can @Ericson2314 chime in here?

[lorenzleutgeb]

I already pinged him in https://github.com/ngi-nix/ngipkgs/pull/201 about this.

This PR in itself has no negative effects on Hydra (the reason I CNAMEd) and can be merged independently of sunsetting arrangements for Hydra.

Summer of Nix 2024 will ramp up soon with lots of participants (see Timeline), at which point we want/have to utilize this machine.

@Erethon and me are tasked to set up buildbot by next week, in arrangement with @fricklerhandwerk.

[SuperSandro2000]

I assume the buildbot will have a different API to consume the binary cache? If so adding a cname will generate lots of requests by nix which have cached the old paths and if they are not available, nix will abort and fail. Unfortunately removing the DNS entry entirely results in the same, so there is not good way to deprecate the binary cache without causing breakages.

[lorenzleutgeb]

It is not clear to me which binary cache you are referring to. The development over at ngi-nix/ngipkgs uses ngi.cachix.org currently which is unaffected by this PR.

I did see the following two blocks:

https://github.com/NixOS/infra/blob/451cf92ba831decaab9bc31d8f0fc354a9830a90/terraform/dns.tf#L109-L113

https://github.com/NixOS/infra/blob/451cf92ba831decaab9bc31d8f0fc354a9830a90/terraform/dns.tf#L129-L133

This cache is populated by the Hydra instance on hydra.ngi0.nixos.org. And I wanted to ask about it separately. I don't have any idea who uses it, but I have good reason to believe that not many people do. The NixOS infra team could probably check traffic stats? We'd potentially like to migrate ngipkgs development to it, but that'd be a next step.

Looking at https://hydra.ngi0.nixos.org/evals apart from ngipkgs, there's been evals for dreampkgs on 2024-03-19, 2024-02-09, and content-addressed experiments on 2024-02-07, 2024-01-25.

The dreampkgs:main jobset is configured for DavHau/dreampkgs which has since been moved to nix-community/dreampkgs and is under nix-community's builbot CI. I have deleted the Hydra project just now.

[lorenzleutgeb]

Here's the tracking issue for CA derivations in Hydra: https://github.com/NixOS/hydra/issues/838. As of now, it was last updated on 2024-01-27.

[SuperSandro2000]

I forgot that the hydra is not directly used as a cache but the s3 bucket, so that should be fine to move.

see https://discourse.nixos.org/t/content-addressed-nix-call-for-testers/12881#:~:text=public%2Dkeys%20%27%27%20%5C%0A%20%20%2D%2Dsubstituters-,https%3A//cache.ngi0.nixos.org/,-%5C%0A%20%20/nix/store/ih1ish76pdmzcqbdcdd09z007f6bxjrf

[Ericson2314]

I can hold off on further experiments if this thing is in active use. The existing experiments were not supposed to be high risk (not kick anyone off the machine), and others are right I haven't touched it in a bit.

[Ericson2314]

Ah this is about not using the Hydra at all for NGi. I suppose this Hydra instance can be moved elsewhere to continue to be a staging instance, then.

[lorenzleutgeb]

@Ericson2314 it's a possibility to have buildbot and Hydra coexist for some time, until "elsewhere" is clearly defined (I have no clue what that might mean). Could you please make more clear you opinion on the actual change that I propose here? The change itself will obviously not shut down Hydra, but it gives us a new namespace for buildbot in addition.

[mweinelt]

How about calling the host makemake.nixos.org (or whatever it is called) and create CNAMEs for both services to that?

[lorenzleutgeb]

Done. (Personal Opinion: I don't particularly like the name "makemake" and would be happy to be enlightened about it's origin/significance. Not that it would be relevant, ...)

[mweinelt]

All machines are named for some rock up in the sky. I didn't come up with them.

rhea haumea eris pluto

[mweinelt]

Apply complete! Resources: 4 added, 0 changed, 2 destroyed.