feat(2pc): PC1 conservative prune — drop autoPrune --all, add gated surgical docker-prune

Removes virtualisation.docker.autoPrune (daily `docker system prune --all` evicted in-use base
images → cold re-pull → Hub rate-limit churn, JOURNAL-2). Adds modules/docker-prune.nix: daily
timer + oneshot that prunes only dangling+until=24h, gated on disk pressure (>=80%) AND no run-app
live AND no swarm service converging; never --all, never --volumes. Teardown unchanged (never
removes images). Registry pull-through cache dropped per operator scope correction.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
2026-05-29 09:29:54 +01:00
parent e42753c17c
commit 16d177e73a
6 changed files with 179 additions and 12 deletions

View File

@ -8,6 +8,7 @@
../../modules/packages.nix
../../modules/secrets.nix
../../modules/swarm.nix
../../modules/docker-prune.nix
../../modules/abra.nix
../../modules/proxy.nix
../../modules/drone.nix