From ee58027c3eb8bae6ab9dcca7cd89c04b76f33d5e Mon Sep 17 00:00:00 2001
From: autonomic-bot <autonomic-bot@git.autonomic.zone>
Date: Mon, 1 Jun 2026 22:54:52 +0000
Subject: [PATCH] feat(nix): weekly /upgrade-all as a reboot-safe systemd timer
 (Sun 02:00 UTC)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Replace the boot-fragile busybox-crond-in-tmux (phase 5 §4) with a
systemd service+timer. Service is timer-triggered only (not wantedBy
multi-user.target) so it never runs on boot/activation; mirrors the
cc-ci-loops env fix (CLAUDE_BIN + /home/loops/.local/bin on PATH).
Timer fires Sundays 02:00 UTC, Persistent=true so a missed run (box
down) fires once on next boot. Runs launch-upgrader.py start ->
cc-ci-upgrader agent -> /upgrade-all DEFAULT (opens recipe PRs, never
merges). Activate via nixos-rebuild + retire the old Monday crond after
the phase-5 T0-fire verification completes.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
---
 .../configuration.nix                         | 30 +++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/nix/hosts/cc-ci-orchestrator-hetzner/configuration.nix b/nix/hosts/cc-ci-orchestrator-hetzner/configuration.nix
index 9972d2e..c06c00e 100644
--- a/nix/hosts/cc-ci-orchestrator-hetzner/configuration.nix
+++ b/nix/hosts/cc-ci-orchestrator-hetzner/configuration.nix
@@ -182,4 +182,34 @@ SSHCFG
         echo "workspace not staged yet — skipping loop start"
     '';
   };
+
+  # Weekly recipe upgrade — runs /upgrade-all over every enrolled recipe (opens recipe PRs
+  # verified by !testme, never merges). Replaces the boot-fragile busybox-crond-in-tmux from
+  # phase 5 §4 with a reboot-safe systemd timer. The service is timer-triggered only (NOT
+  # wantedBy multi-user.target) so it never runs on boot/activation — only on the schedule.
+  systemd.services.cc-ci-upgrade-all = {
+    description = "cc-ci weekly /upgrade-all run (recipe upgrade survey + PRs, never merges)";
+    after = [ "network-online.target" "tailscaled.service" "claude-install.service" ];
+    wants = [ "network-online.target" ];
+    serviceConfig = {
+      Type = "oneshot";  # launch-upgrader.py spawns the cc-ci-upgrader tmux session and returns
+      User = "loops"; Group = "users";
+      WorkingDirectory = "/srv/cc-ci";
+    };
+    environment = { HOME = "/home/loops"; CLAUDE_BIN = "/home/loops/.local/bin/claude"; };
+    path = [ pkgs.bash pkgs.tmux pkgs.git pkgs.python3 pkgs.openssh pkgs.nettools ];
+    script = ''
+      export PATH="/home/loops/.local/bin:$PATH"
+      python3 /srv/cc-ci/cc-ci-plan/launch-upgrader.py start >> /srv/cc-ci/.cc-ci-logs/upgrader-cron.log 2>&1
+    '';
+  };
+
+  systemd.timers.cc-ci-upgrade-all = {
+    description = "Weekly trigger for cc-ci-upgrade-all (Sundays 02:00 UTC)";
+    wantedBy = [ "timers.target" ];
+    timerConfig = {
+      OnCalendar = "Sun *-*-* 02:00:00 UTC";
+      Persistent = true;  # if the box was down at the scheduled time, run once on next boot
+    };
+  };
 }