1c/W1 DONE: cc-nix-test resized 6->4GB, healthy after reboot (cert survives via sops, TLS ok)
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
@ -15,8 +15,8 @@ Method W1–W6 from the phase plan §5. Each milestone ends with an Adversary ga
|
||||
- [x] Verify byte-identical `build`==`/run/current-system` (`vh6vwxbl…`); git-clone `?submodules=1` matches too.
|
||||
- [x] Verify clean switch on cc-nix-test; live TLS served from git cert (ssl_verify=0).
|
||||
- [x] **Gate W2 CLAIMED** → Adversary verifies byte-identical + TLS-from-git-cert.
|
||||
- [ ] **W1 — Headroom (just before W3).** Resize `cc-nix-test` 6 GB→4 GB (stop→set→start). Accept:
|
||||
b1 has room; cc-nix-test healthy at 4 GB.
|
||||
- [x] **W1 — Headroom.** Resized `cc-nix-test` 6→4 GB (stop→PATCH→start via Incus API); healthy at 4 GB,
|
||||
0 failed units, all stacks 1/1, cert survived reboot via sops, TLS 200. Running RAM 8 GB.
|
||||
- [ ] **W3 — Throwaway VM.** Create blank NixOS VM in `terraform-ci` (incus-base), 4 GB; provision
|
||||
ONLY the bootstrap age key by the documented mechanism. Accept: VM reachable.
|
||||
- [ ] **W4 — Reproducible live rebuild.** On throwaway VM: clone base+secrets, `nixos-rebuild switch`,
|
||||
|
||||
Reference in New Issue
Block a user