Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Dotnix follow-up #2439

Open
wants to merge 11 commits into
base: master
Choose a base branch
from
Open

Dotnix follow-up #2439

wants to merge 11 commits into from

Conversation

Ra33it0
Copy link
Contributor

@Ra33it0 Ra33it0 commented Nov 1, 2024

Project Abstract

Dotnix is a collection of Nix packages and NixOS modules designed for creating and managing Polkadot/Kusama Validator Nodes, emphasizing both security and ease of use.
This application is for a follow-up grant: 0e034e3

Grant level

  • Level 1: Up to $10,000, 2 approvals
  • Level 2: Up to $30,000, 3 approvals
  • [ x ] Level 3: Unlimited, 5 approvals (for >$100k: Web3 Foundation Council approval)

Application Checklist

  • The application template has been copied and aptly renamed (project_name.md).
  • [ x ] I have read the application guidelines.
  • [ x ] Payment details have been provided (Polkadot AssetHub (USDC & DOT) address in the application and bank details via email, if applicable).
  • [ x ] I understand that an agreed upon percentage of each milestone will be paid in vested DOT, to the Polkadot address listed in the application.
  • [ x ] I am aware that, in order to receive a grant, I (and the entity I represent) have to successfully complete a KYC/KYB check.
  • [ x ] The software delivered for this grant will be released under an open-source license specified in the application.
  • [ x ] The initial PR contains only one commit (squash and force-push if needed).
  • [ x ] The grant will only be announced once the first milestone has been accepted (see the announcement guidelines).

@github-actions github-actions bot added the admin-review This application requires a review from an admin. label Nov 1, 2024
Copy link
Collaborator

@Noc2 Noc2 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks a lot for the application. Could you also integrate the DOT percentage? See the new template: https://github.com/w3f/Grants-Program/blob/master/applications/application-template.md#overview-1

@ajk-code
Copy link

ajk-code commented Nov 4, 2024

Hey there
A couple of questions regarding this project, not sure I clearly understood while reading the application:

  • In general, to me it sounds like an in-house deployment project, not something for a wider audience
  • You mention as ecosystem fit 'people that want to host a validator, don't have the technical knowledge': Honestly I do not think someone without technical knowledge can deploy nixOS or nix packages on their machine. Installing docker on peoples notebooks with network bridges etc. might not be a good idea either. Copy/pasting from the polkadot wiki and using the parity repo is probably way easier, don't you think? A single line edit of the default config file is enough. If necessary in a VM for testing purposes.
  • How is the system gonna be scanned for CVEs? What is this integrated scanner and which public CVE databases are used for the enrichment? How is an operator getting the result for high CVSS CVEs?
  • How is usability improved by exposing the validator to polkadot.js?
  • What is meant with polkadot.js in general? The libraries or the public frontend?
  • What is the purpose of exposing a validators RPC in a 'validator' context? And why over VPN?
  • Is the deliverable an OCI image or nix packages? Is is it podman compatible or docker only?
  • Is dotnix gonna be available in the public nix repos (stable/unstable channels?)
  • How is the polkadot binary built? From source, parity binaries or parity OCI/docker images?
  • Is the secure validator mode supported? Referring to landlock/seccomp
  • Is session key management somehow integrated apart from node key mgmt?
  • How/who is gonna maintain this? What are the recurring costs?
  • What about other standard security features such as selinux policies, secure boot, CIS compliance, fido2 authentication etc.?

Thank you

@keeganquigley keeganquigley added the changes requested The team needs to clarify a few things first. label Nov 6, 2024
@PieWol PieWol self-assigned this Nov 11, 2024
@PieWol
Copy link
Member

PieWol commented Nov 11, 2024

Hey @ajk-code , thanks for participating in the review process 🙏 .

@Ra33it0
Copy link
Contributor Author

Ra33it0 commented Nov 11, 2024

Hey @ajk-code , thank you for your questions. I am happy to clear things up a bit.

The idea behind Dotnix is to simplify the deployment and administration of secure Polkadot validators by including various helper services for monitoring, backupping, e.g. into a single Nix flake that can be deployed through simple means.
In this grant application, e.g. we are doing the groundwork to deploy monitoring for visualizing the collected metrics on a single machine.
Later stages of Dotnix will allow deploying the same configuration on a mesh of machines that will be connected to each other using VPN.

Copying and pasting from the Polkadot wiki won't implement Linux best practices like updating the operating system, setting up the firewall, running regular backups, etc.,
All these fall into the domain of Dotnix which either already does or will in future cover it by default, aiming to simplify running a secure Polkadot validator.

The system is scanned for CVEs using Vulnix; the public database is NVD
The operator can choose to be alerted via mail or Matrix

With Polkadot.js the frontend is meant.
The VPN is primarily used to connect Dotnix machines to each other enabling monitoring and allowing backups, e.g. to machines that are otherwise unreachable to the public Internet.

The actual deliverable is a Nix flake that exposes tooling to deploy Dotnix to generate images and deploy Dotnix to arbitrary targets like Docker or bare metal.
Docker is used only since it is the preferred way of testing for W3F.

All parts that make sense to be in Nixpkgs, will be upstreamed, the domain-specific parts will remain in Dotnix.
We have chosen a similar architecture to ethereum.nix or nix-bitcoin

Polkadot is built from source using andresilva's polkadot.nix flake

Secure validator mode is supported and active by default in the current release.

Session Key Management has been integrated as a part of our deliverables within our previous Grant.

We're going to maintain this project. A the very least we would need to follow the biannual release cycle of Nixpkgs stable in order to allow automatic updates of the system.
Within this scope, Sporyon will continue to cover the maintenance costs to ensure the security of Dotnix in the forceable future.

These items are planned for subsequent grants, although there is still work to be done upstream, particularly with SELINUX and CIS compliance.

In principle, SELinux and Secure boot are possible today and are planned for subsequent grants.
Regarding CIS compliance, as of today, a default Dotnix installation fails 46% of aquasecurity's linux-bench (which implements CIS Distribution Independent Linux Benchmark version 1.1.0).
As for FIDO2, we have not researched how it can be integrated best, it's not on the roadmap, yet.
If there are strong opinions about using FIDO2, we could consider prioritizing the implementation of this feature.

Hope this clarifies things a bit
I am happy to hear your thoughts

@PieWol PieWol added ready for review The project is ready to be reviewed by the committee members. changes requested The team needs to clarify a few things first. and removed changes requested The team needs to clarify a few things first. ready for review The project is ready to be reviewed by the committee members. labels Nov 15, 2024
@PieWol
Copy link
Member

PieWol commented Nov 15, 2024

Hey @Ra33it0 ,
before we start to discuss the application any further I would like to let you know that we only support one DOT address per application. Somehow your company would need to find a way to distribute the vested DOT internally. Otherwise the application looks good and I'll share it with the committee after this issue has been resolved. Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
admin-review This application requires a review from an admin. changes requested The team needs to clarify a few things first.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants