fix(2w): docker autoPrune drop --volumes (was failing daily + would wipe warm vols) [WC8]

The autoPrune flags passed '--volumes' WITH '--filter until=24h', which docker
rejects ('until filter not supported with --volumes') — so docker-prune.service
FAILED every day (system 'degraded') and never reclaimed anything (a cause of the
disk creeping to 96%). Worse, '--volumes' prunes volumes with no running
container — which would DELETE Phase-2w DATA-WARM canonical volumes (undeployed by
design). Removed '--volumes': now prunes images/containers/networks/build-cache
older than 24h only; warm volumes survive and are pruned deliberately by the warm
reconcilers (WC8).

Verified: nixos-rebuild switch -> docker-prune.service runs clean, system
'running' (0 failed units), warm keycloak still 200.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

nix/modules/swarm.nix

@@ -5,11 +5,17 @@
 {
   virtualisation.docker = {
     enable = true;
-    # Reclaim disk from churning per-run images/volumes (cc-ci root is ~28 GiB).
+    # Reclaim disk from churning per-run images (cc-ci root is ~28 GiB). Prune images/containers/
+    # networks/build-cache older than 24h — but NEVER volumes:
+    #  (1) `--volumes` is incompatible with `--filter until=` (docker errors → the unit failed daily,
+    #      degrading the system and never actually pruning — that's why disk crept to 96%); and
+    #  (2) Phase 2w keeps DATA-WARM canonical volumes that are UNDEPLOYED (no container), so
+    #      `prune --volumes` would DELETE the warm known-good data. Warm volumes are pruned
+    #      deliberately by the warm reconcilers (WC8), never by this blanket sweep.
     autoPrune = {
       enable = true;
       dates = "daily";
-      flags = [ "--all" "--volumes" "--filter" "until=24h" ];
+      flags = [ "--all" "--filter" "until=24h" ];
     };
   };