1c/W3 DONE: throwaway reachable (100.126.124.86); keyFile-missing-aborts finding -> W4 design locked
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
@ -17,8 +17,8 @@ Method W1–W6 from the phase plan §5. Each milestone ends with an Adversary ga
|
||||
- [x] **Gate W2 CLAIMED** → Adversary verifies byte-identical + TLS-from-git-cert.
|
||||
- [x] **W1 — Headroom.** Resized `cc-nix-test` 6→4 GB (stop→PATCH→start via Incus API); healthy at 4 GB,
|
||||
0 failed units, all stacks 1/1, cert survived reboot via sops, TLS 200. Running RAM 8 GB.
|
||||
- [ ] **W3 — Throwaway VM.** Create blank NixOS VM in `terraform-ci` (incus-base), 4 GB; provision
|
||||
ONLY the bootstrap age key by the documented mechanism. Accept: VM reachable.
|
||||
- [x] **W3 — Throwaway VM.** `ccci-throwaway` (incus-base, 4 GB/20 GB) reachable at 100.126.124.86
|
||||
(used live TS_AUTH_KEY; workspace key stale). Bootstrap age key provisioned in W4.
|
||||
- [ ] **W4 — Reproducible live rebuild.** On throwaway VM: clone base+secrets, `nixos-rebuild switch`,
|
||||
watch oneshots converge, secrets+cert decrypt. Accept: fully up, no step outside docs/install.md;
|
||||
capture evidence. **Gate W4 CLAIMED.**
|
||||
|
||||
Reference in New Issue
Block a user