recipe-maintainers/cc-ci-orchestrator
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
21e7a79f50fa890b2f5bdec0a2b939392e9d19a9
cc-ci-orchestrator/nix
History
autonomic-bot 21e7a79f50 orchestrator-hetzner: enable reboot-resilience + record migration 
Now the workspace is staged on the Hetzner cpx22 (server 134487234, public
91.98.47.73, tailnet cc-ci-orchestrator-1 @ 100.84.190.30):

- configuration.nix: enable cc-ci-loops.service (wantedBy multi-user.target) so the
  loops + watchdog auto-resume on boot; wire reboot-log.sh as ExecStartPre so reboots
  auto-log to REBOOTS.md (boot_id-gated).
- plan-orchestrator-hetzner-migration.md: full migration record.
- REBOOTS.md / AGENTS.md: point the orchestrator host at Hetzner; first auto-logged
  reboot line.
- launch-orchestrator.sh: default session id -> the Hetzner orchestrator session.
- flake.lock: pin inputs.

Verified: nixos-rebuild switch applied; systemctl is-enabled cc-ci-loops.service =
enabled; ExecStartPre logged this boot to REBOOTS.md; loops healthy on phase 2.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-05-31 03:54:17 +00:00
..
hosts/cc-ci-orchestrator-hetzner
orchestrator-hetzner: enable reboot-resilience + record migration
2026-05-31 03:54:17 +00:00
configuration.nix
absorb cc-ci-orchestrator NixOS config into nix/
2026-05-31 00:01:14 +00:00
README.md
absorb cc-ci-orchestrator NixOS config into nix/
2026-05-31 00:01:14 +00:00

README.md

cc-ci-orchestrator

NixOS config for the cc-ci-orchestrator Incus VM (b1, project terraform-ci, tailnet 100.116.55.106) — the reboot-resilient host for the cc-ci Builder/Adversary loops + watchdog + orchestrator session, moved off the unstable 905 MiB Pi.

See cc-ci-plan/plan-orchestrator-migration.md for the full migration.

Files

  • configuration.nix — the VM's NixOS config (channel-based, nixos-24.11). Deployed to /etc/nixos/configuration.nix on the VM. Provides: nix-ld (so the standalone Claude Code Bun binary runs), tmux/git/python/jq + tools, a 4 GB swapfile, direct ssh to cc-ci (the VM is a tailnet peer — no SOCKS proxy needed, unlike the Pi), an idempotent claude-install oneshot, and the cc-ci-loops supervisor service (defined, enabled in Phase D once the workspace is staged).

Deploy (until this is wired to a flake/auto-pull)

# copy configuration.nix to the VM, then:
ssh cc-ci-orchestrator 'nixos-rebuild switch'    # or run detached: see below

Over the (currently flaky) Pi→VM link, run the rebuild detached on the VM so an ssh/proxy drop doesn't abort it, e.g. systemd-run --unit=orch-rebuild --collect nixos-rebuild switch then poll journalctl -u orch-rebuild.

Status

  • Phase A: VM created (2 GB / 2 vCPU / 30 GB), on tailnet, ssh-able.
  • Phase B: this config (DRAFT) — nix-ld/claude validation pending on the VM.
  • Operator step pending (Phase C): claude auth login on the VM (device-code; can't be scripted).
  • Secrets to stage (Phase C, out-of-band): /srv/cc-ci/.testenv, ~/.ssh/cc-ci-root-ed25519, Incus mTLS certs, the sops master age key.