Partial revert of #76542's strict hostname checks

[grahamc]

Motivation for this change

See #94011 for context, but in general this check is a bit too strict.

Things done

• Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
• Built on platform(s)
  • NixOS
  • macOS
  • other Linux distributions
• Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
• Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
• Tested execution of all binary files (usually in ./result/bin/)
• Determined the impact on package closure size (by running nix path-info -S before and after)
• Ensured that relevant documentation is up to date
• Fits CONTRIBUTING.md.

[grahamc]

This file is named after the hostname, but later on this Python code uses the machine.name value as a Python variable name.

[andir]

I guess the problem doesn't just apply to .'s but all kinds of allowed characters? e.g. -?

[grahamc]

True, though I wasn't sure just how far I should go. I could add - too. Should I do more?

[andir]

IMHO this looks fine. I'd like to hear from @zimbatm (and other involved) parties what their thought on this is. As I outlined in the related issue I kinda gave up on the split of what a hostname is long ago for various reasons.

[primeos]

Before we merge this we also need to update the release notes in nixos/doc/manual/release-notes/rl-2009.xml.

Other than that I'm fine if we don't enforce the recommendations / best practices anymore (enforcing a recommended syntax was always critical and for that reason I guess I'd actually even prefer only documenting the recommendation in the option instead of enforcing it - but personally I'm fine with it either way and I'd prefer the current implementation if it where only enforced by Linux/systemd).

[primeos]

I think it would be best if we'd still limit the maximum length to 63 characters as that is actually a strict limit.

[primeos]

I would still keep that part or a similar version as a recommendation (or at least refer to hostname(5)).

[vcunat]

I don't really have an opinion on this. If it's not rare to break the previous strict check in practice, this PR's approach sounds right.

Docs in Linux and POSIX don't seem clear, with man hostname.5 just "recommending" it to be a single label. I agree with this PR still "enforcing" that

fqdn = hostName + (optionalString (domain != null) ".${domain}");

[flokli]

I still think most of the logic on why simply using the FQDN as hostname from systemd/systemd#15894 (comment) applies to us as well. Doing this is a bad idea, and works in some usecases "mostly by accident".

IMHO we should follow that logic, and keep the NixOS module code simple. Previously, we had some error-prone "if hostname is a fqdn, do this, else do that" logic in multiple places (and hadn't it in some others).
I was also guilty of using the FQDN as hostname, and it broke in other places (and required quirky workarounds).

Generally, I think people who still need to stick with the old behaviour, and can't switch, can maintain a revert of that functionality in a fork, as suggested by @primeos in #94011.

If that really is not an option, and for some reasons these "large corporate users" need some time to switch, I wouldn't object too much about adding a "footgun" with a heavy warning sign for one release to opt-out from the assertion failure (and without any additional logic inside the rest of the module system).

People should really fix their broken setups, instead of nixpkgs carrying workarounds.

[blitz]

I agree with @flokli. Having a warning for an extended period seems like a good middle ground between breaking users and having subtly b0rken setups.

[andir]

On Tue, Jul 28, 2020, 19:16 Florian Klink ***@***.***> wrote: IMHO we should follow that logic, and keep the NixOS module code simple. Previously, we had some error-prone "if hostname is a fqdn, do this, else do that" logic in multiple places (and hadn't it in some others). I was also using the FQDN as hostname, and it broke in other places (and required quirky workarounds).

What did break and what were those workarounds? Having read the linked systemd issue I am still not convinced of what you are arguing for.

…

[flokli]

Avahi for example fails to run with an error message if config.networking.hostName is a FQDN (and services.avahi.hostName and services.avahi.domainName need to be set to prevent this).

In general, supporting both things increases complexity, having the FQDN is discouraged, and I don't see much reason to just revert this.

[arianvp]

Another place where this might be a problem is in nixos-rebuild --flake

nixos-rebuild will use /proc/sys/kernel/hostname as the default flake attribute name; but that might be formatted as an FQDN .

However since recently nix-instantiate silently ignores attributes with dots in their name NixOS/nix#3798 (comment) this will lead to issues

[aanderse]

Depending on the outcome of this conversation nixops may need to be updated:

    deployment.targetHost = mkDefault config.networking.hostName;

This default value should be updated to include the domain now as well.

[arianvp]

This breaks at least digitalocean and Packet.net too by the way; which include . in hostnames by default

[flokli]

@arianvp can you elaborate how this breaks these machines? If we're just talking about hostnames being sent over DHCP, that should still work (hostnamectl set-hostname --transient foo.bar.baz)

[flokli]

Also note the packet hostnames are only suggested, and probably are not intended to be used as FQDNs anyways: fra2-x1.small.x86-01. I doubt small.x86-01 is meant as the domain part.

[primeos]

I'll go ahead and close this as we also have #94011 which seems more appropriate for the current discussion. We can of course re-open this PR if necessary.