a87d42f491
Adds LOOP_BACKEND=opencode|claude (+ LOOP_MODEL) to launch.sh and launch-upgrader.sh, enabling the loops/upgrader to run via opencode CLI against the tinfoil.sh API (deepseek-v4-pro etc.) instead of Claude. launch.sh: - LOOP_BACKEND (claude|opencode), LOOP_MODEL env vars - OPENCODE_BIN, OPENCODE_HOST (tailscale IP), OPENCODE_PORT (per-session) - start_agent: backend switch — claude path unchanged; opencode starts `opencode --hostname <ts-ip> --port <N> run <kickoff>` so the web UI is bound to the tailscale interface (tailnet-only observability) - preflight: validates the right binary per backend - heal_session / heal_orchestrator: extend active-work detection to opencode spinner chars + "Running tool" - help: shows both backend configs launch-upgrader.sh: - UPGRADER_BACKEND / UPGRADER_MODEL (LOOP_BACKEND/LOOP_MODEL override) - start: same backend switch as launch.sh - OPENCODE_PORT=4098 (separate from loops 4096/4097) configuration.nix: note opencode binary location + re-install command. Tinfoil config: ~/.config/opencode/opencode.jsonc — provider "tinfoil" with baseURL=https://api.tinfoil.sh/v1, apiKey=env:TINFOIL_API_KEY (key + TINFOIL_MODEL + TINFOIL_BASE_URL stored in .testenv). opencode v1.15.13 installed at /home/loops/.local/bin/opencode. Usage: LOOP_BACKEND=opencode LOOP_MODEL=tinfoil/deepseek-v4-pro \ RESUME_PHASE=1 cc-ci-plan/launch.sh start Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
cc-ci-orchestrator
NixOS config for the cc-ci-orchestrator Incus VM (b1, project terraform-ci, tailnet
100.116.55.106) — the reboot-resilient host for the cc-ci Builder/Adversary loops + watchdog +
orchestrator session, moved off the unstable 905 MiB Pi.
See cc-ci-plan/plan-orchestrator-migration.md for the full migration.
Files
configuration.nix— the VM's NixOS config (channel-based,nixos-24.11). Deployed to/etc/nixos/configuration.nixon the VM. Provides: nix-ld (so the standalone Claude Code Bun binary runs), tmux/git/python/jq + tools, a 4 GB swapfile, direct ssh to cc-ci (the VM is a tailnet peer — no SOCKS proxy needed, unlike the Pi), an idempotentclaude-installoneshot, and thecc-ci-loopssupervisor service (defined, enabled in Phase D once the workspace is staged).
Deploy (until this is wired to a flake/auto-pull)
# copy configuration.nix to the VM, then:
ssh cc-ci-orchestrator 'nixos-rebuild switch' # or run detached: see below
Over the (currently flaky) Pi→VM link, run the rebuild detached on the VM so an ssh/proxy drop
doesn't abort it, e.g. systemd-run --unit=orch-rebuild --collect nixos-rebuild switch then poll
journalctl -u orch-rebuild.
Status
- Phase A: VM created (2 GB / 2 vCPU / 30 GB), on tailnet, ssh-able. ✅
- Phase B: this config (DRAFT) — nix-ld/claude validation pending on the VM.
- Operator step pending (Phase C):
claude auth loginon the VM (device-code; can't be scripted). - Secrets to stage (Phase C, out-of-band):
/srv/cc-ci/.testenv,~/.ssh/cc-ci-root-ed25519, Incus mTLS certs, the sops master age key.