refactor(1b): RL5 — consolidate Nix code under nix/ (modules->nix/modules, hosts->nix/hosts)
flake.nix/flake.lock STAY at root so the build ref #cc-ci is unchanged; only flake's internal configuration.nix path updated. Root-relative refs inside moved modules re-based ../X -> ../../X (secrets/bridge/dashboard); configuration.nix's ../../modules imports unchanged (both dirs under nix/). Living docs (README, architecture/install/secrets/enroll) + .drone.yml comment updated to nix/...; append-only history logs left as-is. DECISIONS.md records RL5 + the deferred-coordinated RL6. Verified on cc-ci: nixos-rebuild build 'path:#cc-ci' -> toplevel 8i3jcad9 (BYTE-IDENTICAL to the pre-move build — store derivations are content-addressed on file contents, module .nix not in the runtime closure); scripts/lint.sh -> lint: PASS. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
22
DECISIONS.md
22
DECISIONS.md
@ -241,3 +241,25 @@ Architecture decisions and dead-ends. One line of rationale each. (§0, §8)
|
||||
recipe CI uses polling as primary, but cc-ci's *own* self-test/lint relies on the push webhook.
|
||||
The lint stage is correctly wired and proven green via the identical `nix develop .#lint` command;
|
||||
reliably auto-firing it on every push is tracked as a (pre-existing) infra item, not a 1b lint gap.
|
||||
|
||||
## Phase 1b — repo layout (operator review items RL5/RL6, plan §7)
|
||||
- **RL5 — all Nix code under `nix/`.** Moved `modules/`→`nix/modules/` and `hosts/`→`nix/hosts/`.
|
||||
`flake.nix`/`flake.lock` STAY at the repo root (entry point) so the build ref `#cc-ci` and
|
||||
`nixos-rebuild --flake '…#cc-ci'` are unchanged — only `flake.nix`'s internal
|
||||
`./hosts/cc-ci/configuration.nix` → `./nix/hosts/cc-ci/configuration.nix` changed. Root-relative
|
||||
refs inside the moved modules were re-based `../X` → `../../X` (secrets.nix → `../../secrets/`,
|
||||
bridge.nix → `../../bridge/`, dashboard.nix → `../../dashboard/`); `configuration.nix`'s
|
||||
`../../modules/*` imports are unchanged (both dirs moved under `nix/`, so the relative path still
|
||||
resolves). **Toplevel is byte-identical (`8i3jcad9…`) before/after the move** — store derivations
|
||||
are content-addressed on the copied file *contents*, and the module `.nix` files aren't part of the
|
||||
runtime closure, so relocating folders doesn't change the build. (The operator anticipated a hash
|
||||
change; in practice it's stable, which is even stronger for reproducibility.) Living docs
|
||||
(README, architecture/install/secrets/enroll) + the `.drone.yml` comment updated to `nix/…`;
|
||||
append-only history logs left as the record of what was true then.
|
||||
- **RL6 — protocol files → `machine-docs/`: DEFERRED to the coordinated end of 1b.** Will `git mv`
|
||||
`STATUS*/REVIEW*/JOURNAL*/BACKLOG*/DECISIONS.md` into `machine-docs/` (README.md STAYS at root —
|
||||
operator decision, it's the human readme, not a protocol file). The live watchdog (`launch.sh`)
|
||||
reads `STATUS-<id>.md`/`REVIEW-<id>.md` at the repo root for handoffs/transition, so this is done
|
||||
LAST, in lockstep with the orchestrator updating `launch.sh` + restarting the watchdog — not
|
||||
unilaterally and not while a phase transition is pending. The Adversary likewise `git mv`s its own
|
||||
REVIEW files at the cutover (single-writer rule).
|
||||
|
||||
Reference in New Issue
Block a user