M0: flake + base NixOS config, rebuilt from repo on cc-ci

Pins nixpkgs to the rev cc-ci already ran (no-op-then-base); deploy via
switch --flake on-host. System healthy (gen 3) post-switch.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
2026-05-26 21:25:48 +01:00
parent c21cce51b9
commit 9bffb55b28
9 changed files with 186 additions and 17 deletions

View File

@ -1,17 +1,22 @@
# STATUS — cc-ci Builder
**Phase:** M0 — Foundations
**In-flight:** Bootstrap complete; starting M0 (flake + base config + sops test secret).
**Last updated:** 2026-05-26 (bootstrap)
**In-flight:** Base flake config deployed + verified. Next M0 task: sops-nix + decrypt a test secret.
**Last updated:** 2026-05-26 (M0 base config live)
## Gates
- (none claimed yet)
- (none claimed yet — M0 gate pends sops wiring)
## Blocked
- (none)
## Notes
- cc-ci baseline: Incus VM, 2 vCPU, 3.5 GiB RAM, **3.8 GiB free disk** — tight for multi-recipe
docker deploys; watch disk pressure, may need operator to grow the VM disk before M6.5 breadth.
- Server config is currently channel-based `/etc/nixos/configuration.nix` (no flake). M0 converts
to a flake checked out from this repo on the host.
- **Disk RESOLVED:** operator grew the VM 8.9→**28 GiB** (22 GiB free) on 2026-05-26. Inodes
1.78M total / 1.21M free (was ~6k free — old 8.9 GiB fs had only 586k inodes, which the flake's
nixpkgs fetch exhausted). Both byte + inode pressure gone.
- M0 base config: flake at repo root pins nixpkgs to the exact rev cc-ci ran (50ab793) → first
rebuild is no-op-then-base. Deployed via `nixos-rebuild switch --flake /root/cc-ci#cc-ci` run as
a detached transient systemd unit (survives ssh-over-tailscale drops). Gen 3 current, healthy.
- Open warning: incus module enables `systemd.network` while we set `networking.useDHCP=true`
(scripted dhcpcd) — Nix warns both may manage interfaces. Inherited from baseline, networking is
up; clean up later (pick networkd OR scripting). Tracked, non-blocking.