| 18 Oct 2025 |
 hexa | no stable IP addresses | 19:18:42 |
| hexa | we hosted DNS until earlier this year | 19:19:06 |
| hexa | which is how that ✨️ magic ✨️ just worked | 19:19:26 |
| hexa | but alas nixos-homepage was using that account with unscoped api tokens and pull_request_target and lol no | 19:20:19 |
 Vladimír Čunát | 🤔 I guess Netlify prefer that you have DNS with them as well. | 19:20:41 |
| hexa | Redacted or Malformed Event | 19:20:50 |
| Vladimír Čunát | They seem to offer a static IP, but given that we don't redirect...
https://docs.netlify.com/manage/domains/configure-domains/configure-external-dns/#configure-an-apex-domain | 19:20:55 |
| Vladimír Čunát | And I see no option for HTTPS records to salvage at least some clients. | 19:21:22 |
| Vladimír Čunát | Yeah, I don't know. Not great. | 19:21:42 |
| hexa | I did recreate the nixos.org origin record a while ago, but that didn't change anything | 19:25:08 |
| Vladimír Čunát | And a ticket at Gandi has been created, surely. | 19:26:32 |
| Vladimír Čunát | (I'm out of ideas for shorter-term mitigations. Static IP would surely make it slow for half of the world, unless we switch to www. redirects which would probably be a larger change.) | 19:31:05 |
| Vladimír Čunát | * (I'm out of ideas for shorter-term mitigations. Static IP would surely make it slow for half of the world, unless we switch to www. redirects which would perhaps be a larger change.) | 19:32:14 |
| hexa | 5h ago | 19:33:09 |
| hexa | netlify has a single IPv4 adress we can point nixos.org to | 19:33:27 |
 raitobezarius | I did mention it to Gandi people I was IRL few hours ago | 19:34:01 |
| raitobezarius | (who might escalate it internally) | 19:34:10 |
| Vladimír Čunát | 🤔 though if the IP was anycasted, it might not be so bad. | 19:34:12 |
| Vladimír Čunát | Heh, we go against Netlify's strong recommendations with the www.
https://docs.netlify.com/manage/domains/manage-domains/manage-multiple-domains/#apex-domains-and-www-subdomains | 19:36:06 |
| hexa | yeah, the single IP address is an anycasted aws address | 19:36:09 |
| Vladimír Čunát | So perhaps that for now? | 19:36:41 |
| hexa | what I suggested here | 19:37:02 |
| Vladimír Čunát | Sounds OK to try for me. | 19:37:23 |
| Vladimír Čunát | Though it would be nice to confirm experimentally that the site remains usable from at least two different continents. | 19:37:52 |
| Vladimír Čunát | And consider defaulting to www. for medium term? (Maybe it's easy to switch in Netlify, but I have no idea really.) | 19:38:13 |
| Vladimír Čunát | * And consider defaulting to www. for medium term? (Maybe it's easy to switch in Netlify, but I have no idea really and it surely can have implications.) | 19:38:24 |
| Vladimír Čunát | * And consider defaulting to www. for medium term? (Maybe it's easy to switch in Netlify, but I have no idea really and it surely can have nontrivial implications.) | 19:38:30 |
| Vladimír Čunát | If you do, please use somewhat short TTL for now. | 19:39:27 |
| Vladimír Čunát | * If you/we do, please use somewhat short TTL for now. | 19:39:48 |
| Vladimír Čunát | So that it's still possible to switch fast. | 19:40:06 |
