-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Dotnix follow-up #2439
Dotnix follow-up #2439
Conversation
Co-authored-by: Piet <75956460+PieWol@users.noreply.github.com>
Update application to cover the answers in the application document.
Co-authored-by: Sebastian Müller <sebastian@web3.foundation>
Co-authored-by: Sebastian Müller <sebastian@web3.foundation>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks a lot for the application. Could you also integrate the DOT percentage? See the new template: https://github.com/w3f/Grants-Program/blob/master/applications/application-template.md#overview-1
Hey there
Thank you |
Hey @ajk-code , thanks for participating in the review process 🙏 . |
Hey @ajk-code , thank you for your questions. I am happy to clear things up a bit. The idea behind Dotnix is to simplify the deployment and administration of secure Polkadot validators by including various helper services for monitoring, backupping, e.g. into a single Nix flake that can be deployed through simple means. Copying and pasting from the Polkadot wiki won't implement Linux best practices like updating the operating system, setting up the firewall, running regular backups, etc., The system is scanned for CVEs using Vulnix; the public database is NVD With Polkadot.js the frontend is meant. The actual deliverable is a Nix flake that exposes tooling to deploy Dotnix to generate images and deploy Dotnix to arbitrary targets like Docker or bare metal. All parts that make sense to be in Nixpkgs, will be upstreamed, the domain-specific parts will remain in Dotnix. Polkadot is built from source using andresilva's polkadot.nix flake Secure validator mode is supported and active by default in the current release. Session Key Management has been integrated as a part of our deliverables within our previous Grant. We're going to maintain this project. A the very least we would need to follow the biannual release cycle of Nixpkgs stable in order to allow automatic updates of the system. These items are planned for subsequent grants, although there is still work to be done upstream, particularly with SELINUX and CIS compliance. In principle, SELinux and Secure boot are possible today and are planned for subsequent grants. Hope this clarifies things a bit |
Hey @Ra33it0 , |
Hey @Ra33it0 , |
Hi @Ra33it0 your previous deliveries were all very highly rated, so I guess my main question is, are any validators currently utilizing Dotnix? What are your plans to help the tool gain traction? I see there haven't been any commits made in four months or so. How about the Nix community, have they given any feedback or engagement? Do you plan to publish the NixOS modules on the official community repo? |
Thank you @PieWol for your feedback. I completely agree that concrete evidence from the ecosystem is key to demonstrating the value of this project. We’re currently facing a bit of a "chicken and egg" problem with Dotnix, as it's still in an MVP phase and not feature complete yet, which makes it difficult to offer a strong selling point for administrators to transition their running validators to it at this stage. We chose to first build an MVP to prove that Dotnix is feasible. In doing so, we implemented tests for every component, beyond the usual testing, to ensure quality and reliability. Regarding W3F's funding of the MVP, we intentionally made it a relatively small project to establish trust between W3F and Sporyon. We felt that it was important to first demonstrate that we could do good work, proving Dotnix's viability before pursuing further development. Our intention was always to earn our "deed" and demonstrate that Dotnix works, and then, in subsequent grants, focus on adding unique selling points such as the vulnerability scanner and state management, which we believe will be particularly valuable to validator providers and administrators. We don’t intend to monetize Dotnix but see it as a direct contribution of a high-quality product to the Dotsama ecosystem. That said, I’d appreciate your advice on how we can generate the necessary metrics to show interest from node providers. Should we consider splitting the grant into smaller portions, perhaps multiple Level 2 grants, if the Level 3 grant doesn’t seem suitable for the current state of the project? We initially chose a Level 3 grant as we believed it would be easier for both sides, allowing us to deliver more within each milestone. Any advice or insights you could share on how we can best approach this challenge would be greatly appreciated! |
Hi @keeganquigley thanks for your questions! Regarding your first question, we can't definitively say how many validators are currently utilizing Dotnix since anyone can download our repo or run a nix command to execute it locally. As of now, we don't have direct visibility into usage data, but we plan to gain more insight as we continue developing and promoting the tool. Our main strategy to help Dotnix gain traction is to present it at upcoming ecosystem conferences such as Polkadot Decoded and NixCon 2025. However, we believe it only makes sense to present it publicly when it's feature complete — that is, when we can offer concrete unique selling points apart from simply using NixOS, like vulnerability scanning, state management, and integrated monitoring. We also hope to be mentioned in the upstream documentation, though we feel it might be a bit early for that, as we want to ensure that dotnix moved out of the MVP phase. In the meantime, we've written a guide detailing how to create a Polkadot validator using Dotnix on a machine that only has a rescue shell. Using kexec, you can install NixOS and then Dotnix — a helpful approach for setting up validators on cost-effective servers, which are often available at a discounted price in the Hetzner server auction. We hope this tutorial helps make it easier for more users to get started with Dotnix and Polkadot validation. Regarding the lack of commits in the last four months, our entire team has been involved in the planning and preparations for NixCon 2024, which has required a significant portion of our time. Additionally, it took W3F about a month to evaluate our last milestone, which further impacted our development pace. Given these factors, we chose to focus on testing our validator on Westend and preparing a detailed feature roadmap rather than pushing out new commits. We see Dotnix as a direct contribution to the Dotsama ecosystem, and we don’t intend to monetize it. Rather, we see it as a fundamentally better way of validating Polkadot by leveraging Nix primitives such as reproducibility, modularity, security, and ease of use. We believe this will add to the resilience of the Polkadot network in the long term. We belive Web 3 should be a decentralized effort not just regarding clients but also regarding infrastructure like the validators of a network , if everything even critical infrastructure is heavily reliant on docker we are introducing a single point of failure which is missing the point of how we understand web3. Thanks again for your questions, and we look forward to hear your thoughts. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for your thorough answers @Ra33it0 much appreciated. Whether you want to break up the grant or not is entirely up to you, but it's possible you may find it easier to obtain three approvals than the five needed for the current structure.
Personally I'm willing to approve it as is, considering your previous work and the fact that it will remain as common good software. I think Nix makes a lot of sense for replicating validator configs. Nix expressions could be useful too. That's great that you plan to present it at upcoming conferences; once the features are in place I hope you'll be able to effectively market this tool to the validator community.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the updates and sorry for the long wait, @Ra33it0. Would you be able to collect more information on community interest with a level 2 grant? It sounds like this is not the case, and we have had a lot of projects simply falter after a grant because no community ever built around them, so I'm also a bit hesitant here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @Ra33it0,
Not a W3F Grants member, but commenting as someone personally using Nix for operating Polkadot/Kusama validators - so given the requests for community feedback from multiple W3F Grants team members, I share my 2¢ below:
At a high level: I'm glad that you want to foster easy & secure operation of Substrate-based validators using Nix. In particular, it would complement @andresilva's existing Polkadot flake & nixpkgs integration well, which I also happily use for building binaries.
Simultaneously, I reckon @ajk-code and @PieWol raise some strong arguments regarding the specifics of the proposal.
@ajk-code: In general, to me it sounds like an in-house deployment project, not something for a wider audience
This resonates with me personally: I'd probably not be using your flake directly, both for trust-minization (for instance, I wouldn't use the nix cache for polkadot.nix outputs, but use polkadot.nix to build directly on my system), but also since a lot of your other envisioned integrations are less applicable to my validator operation.
For instance, your polkadot-validator service is a component I personally reckon is useful for other Nix users to extract, but probably not use directly within your other integration:
https://github.com/sporyon/dotnix-core/blob/main/nixosModules/polkadot-validator.nix#L328-L372
@PieWol: I think it's crucial that you provide some evidence gathered from the ecosystem that node providers are actually desire this project and want to use this.
Using public telemetry as a proxy (w3f telemetry should provide more insight), less than 12% of validator use distributions other than Debian/Ubuntu for running validators.
https://telemetry.polkadot.io/#stats/0x91b171bb158e2d3848fa23a9f1c25182fb8e20313b2c1eb49219da7a70ce90c3
https://telemetry.polkadot.io/#stats/0xb0a8d493285c2df73290dfb7e61f870f17b41801197a149ca93654499ea3dafe
Only a subset of these are possibly running NixOS. Of course some other validators may also be using Nix as a package manager only, but I think this is also a small set. On the other hand, since your Dotnix deliverable would make Nix deployment easier (especially if used only via the package manager, which doesn't have the additional operational onramp of setting up NixOS), this set could grow quite a bit.
@Ra33ito: In principle, SELinux and Secure boot are possible today and are planned for subsequent grants.
I personally would encourage moving this into the current grant application since imo it's far more beneficial than some other features you're proposing like cloud deployment and polkadot.js exposure.
I've also left some inline comments in the review comments below. In particular, note that I'd strip any planned features for Hetzner.
| **0b.** | Documentation | We will provide both **inline documentation** of the code and a basic **quick start guide** of how to go from 0 to a running validator that can perform the basic functions up until making a test transaction. The guide will be focused on how to set up the dotnix validator and other administrative topics. | | ||
| **0c.** | Testing and Testing Guide | Core functions will be fully covered by comprehensive unit tests to ensure functionality and robustness. In the guide, we will describe how to run these tests. | | ||
| **0d.** | Docker | We will provide a Dockerfile(s) built with `nix` that can be used to test all the functionality delivered with this milestone. | | ||
| 1. | Deployment Templates | Providing templates to install and deploy dotnix on two different targets like e.g. Hetzner Dedicated, Hetzner Cloud. | |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Definitely not just a personal nit:
As of '22 (as anyone who migrated remembers), Hetzner's practially banned all "cryptomining" activity, which broadly includes staking:
https://www.hetzner.com/legal/dedicated-server/
https://www.hetzner.com/legal/cloud-server/
What would be the use case for Hetzner templates then? Unless you can make a compelling argument for this, I would strip this from the deliverables.
| **0d.** | Docker | We will provide a Dockerfile(s) built with `nix` that can be used to test all the functionality delivered with this milestone. | | ||
| 1. | Deployment Templates | Providing templates to install and deploy dotnix on two different targets like e.g. Hetzner Dedicated, Hetzner Cloud. | | ||
| 2. | CLI interface and Cloud-Image generator | Implement a command-line interface to generate images for two different targets (one self-hosted e.g. Proxmox, one cloud-hosted e.g. AWS) to install and deploy dotnix on a variety of hosts. | | ||
| 3. | VPN | Expose the validator using a P2P-VPN like e.g. [ZeroTier](https://github.com/zerotier/ZeroTierOne), [headscale](https://github.com/juanfont/headscale), or [mycelium](https://github.com/threefoldtech/mycelium). This allows you to e.g. securely connect with polkadot.js and/or maintain the validator. | |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
what if there are issues with the p2p-vpn layer and the node becomes inaccessible? Is the only option then KVM? Personally, I'd have concerns about this.
| **0d.** | Docker | We will provide a Dockerfile(s) built with `nix` that can be used to test all the functionality delivered with this milestone. | | ||
| 1.| Monitoring, alerting | Implement comprehensive monitoring in dotnix, to collect, expose data such as system health, service health, to the administrator, and alert them via e.g. email. | | ||
| 2. | CVE-scanner | Integrate a CVE-scanner utility like e.g. [`vulnix`](https://github.com/nix-community/vulnix) into dotnix that regularly checks the Nix-storepaths for potential vulnerabilities using databases like e.g. [NVD](https://nvd.nist.gov/). | | ||
| 3. | CI, Public Artifacts | Setup continuous integration to build and test each modification to the Dotnix codebase, using e.g. GitHub Actions, and produce publicly accessible cloud images. | |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A Polkadot/Kusama node is hardware demanding, and this requirement will increase ever more once JAM hits the floor.
For good reason, the Polkadot Wiki recommends validators to run on bare metal:
https://wiki.polkadot.network/docs/maintain-guides-secure-validator#validators
While I acknowledge that making operation easier on cloud providers has its benefits, this also adds a degree of stickiness that would make it harder to convince validators to do the right thing™.
So my personal recommendation would be to focus on making bare-metal operation easier.
| **0b.** | Documentation | We will provide both **inline documentation** of the code and extend the guide to cover the new functions implemented in M2, like key rotate and our runtime CLI tool. | | ||
| **0c.** | Testing and Testing Guide | Core functions will be fully covered by comprehensive unit tests to ensure functionality and robustness. In the guide, we will describe how to run these tests. | | ||
| **0d.** | Docker | We will provide a Dockerfile(s) built with `nix` that can be used to test all the functionality delivered with this milestone. | | ||
| 1. | State management | Implement comprehensive service-level state management to allow migrating a system to bigger or smaller machines to optimize hardware utilization/costs, and for general purpose backupping and restoration in order to reduce MTTR. | |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What state migration do you mean? Hopefully not session keys! Is this just for database snapshots & perhaps node keys?
@semuelle Thank you for your message. |
Hey @Ra33it0, You could consider asking the Polkadot treasury for funding so that you can pursue this project even without another round of financial support by the Web3 Foundation's Grants Program. We wish you all the best for your future endeavors and hope that you keep on building in the Polkadot Ecosystem. Thanks again for your application. Feel free to reach out if you have any questions. Best |
Thank you, @Lederstrumpf for your valuable feedback. We could prioritize SELinux and secure boot, your recommendation makes sense to us If the p2p VPN layer becomes inaccessible, then yes, it can't be used anymore. Exactly just database snapshots and node keys |
Project Abstract
Dotnix is a collection of Nix packages and NixOS modules designed for creating and managing Polkadot/Kusama Validator Nodes, emphasizing both security and ease of use.
This application is for a follow-up grant: 0e034e3
Grant level
Application Checklist
project_name.md
).