| 18 Oct 2025 |
 hexa (signing key rotation when) | netlify has a single IPv4 adress we can point nixos.org to | 19:33:27 |
 raitobezarius | I did mention it to Gandi people I was IRL few hours ago | 19:34:01 |
| raitobezarius | (who might escalate it internally) | 19:34:10 |
 vcunat | 🤔 though if the IP was anycasted, it might not be so bad. | 19:34:12 |
| vcunat | Heh, we go against Netlify's strong recommendations with the www.
https://docs.netlify.com/manage/domains/manage-domains/manage-multiple-domains/#apex-domains-and-www-subdomains | 19:36:06 |
| hexa (signing key rotation when) | yeah, the single IP address is an anycasted aws address | 19:36:09 |
| vcunat | So perhaps that for now? | 19:36:41 |
| hexa (signing key rotation when) | what I suggested here | 19:37:02 |
| vcunat | Sounds OK to try for me. | 19:37:23 |
| vcunat | Though it would be nice to confirm experimentally that the site remains usable from at least two different continents. | 19:37:52 |
| vcunat | And consider defaulting to www. for medium term? (Maybe it's easy to switch in Netlify, but I have no idea really.) | 19:38:13 |
| vcunat | * And consider defaulting to www. for medium term? (Maybe it's easy to switch in Netlify, but I have no idea really and it surely can have implications.) | 19:38:24 |
| vcunat | * And consider defaulting to www. for medium term? (Maybe it's easy to switch in Netlify, but I have no idea really and it surely can have nontrivial implications.) | 19:38:30 |
| vcunat | If you do, please use somewhat short TTL for now. | 19:39:27 |
| vcunat | * If you/we do, please use somewhat short TTL for now. | 19:39:48 |
| vcunat | So that it's still possible to switch fast. | 19:40:06 |
| hexa (signing key rotation when) | default ttl is 1h | 19:41:45 |
| hexa (signing key rotation when) | that's reasonably short imo | 19:41:49 |
| vcunat | Well... the Netlify records get returned with 80s to me. | 19:50:02 |
| vcunat | Or 120 now, say www.nixos.org. | 19:50:21 |
| vcunat | I meant it like - if the static record turns out horrible, it's nice to be able to revert within minutes. | 19:51:16 |
| vcunat | (and performance benefit of TTLs above several minutes seem rather low in practice, from what I've heard) | 19:51:59 |
| vcunat | * (and performance benefit of TTLs above several minutes seem rather low in practice, from what I've heard, except maybe stuff like DNSKEYs and nameserver records) | 19:52:23 |
| vcunat | I see it switched now. And pretty snappy clicking around the web, from here in .cz at least. | 19:56:38 |
| hexa (signing key rotation when) | ideally we'd have something that we can put behind fastly | 22:30:14 |
| hexa (signing key rotation when) | because fastly does give us ip addresses | 22:30:20 |
| 20 Oct 2025 |
|  @felix.schroeter:scs.ems.host changed their display name from Felix Schröter to Felix Schröter (🌄 27.10. – 09.11.). | 08:34:10 |
| @felix.schroeter:scs.ems.host left the room. | 09:44:53 |
| 21 Oct 2025 |
|  @echobc:matrix.org joined the room. | 18:10:42 |
|  NixOS Moderation Bot banned @echobc:matrix.org (<no reason supplied>). | 18:10:45 |
