autonomic-bot
16d177e73a
Removes virtualisation.docker.autoPrune (daily `docker system prune --all` evicted in-use base images → cold re-pull → Hub rate-limit churn, JOURNAL-2). Adds modules/docker-prune.nix: daily timer + oneshot that prunes only dangling+until=24h, gated on disk pressure (>=80%) AND no run-app live AND no swarm service converging; never --all, never --volumes. Teardown unchanged (never removes images). Registry pull-through cache dropped per operator scope correction. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
1.3 KiB
1.3 KiB
STATUS — Phase 2pc (sane image-prune policy)
SSOT: /srv/cc-ci/cc-ci-plan/plan-phase2pc-image-cache.md
Scope (operator correction 2026-05-29): PC1 conservative prune + PC2/PC3 confirm-and-verify
local-store retention/auth. Registry pull-through cache DROPPED (deferred to IDEAS / Phase 2b).
Phase: PC1 implemented, deploy+verify in flight (NOT yet claimed)
In flight: build the new prune module onto cc-ci via nixos-rebuild switch, then run the
deploy→teardown→redeploy layer-reuse proof. Gate will be CLAIMED once verified on the real host.
What changed (the diff)
nix/modules/swarm.nix— removedvirtualisation.docker.autoPrune(it randocker system prune --force --all --filter until=24hdaily;--allevicts every image not used by a running container → wiped cached recipe base images → cold re-pull → Hub rate-limit churn).nix/modules/docker-prune.nix(NEW) — dailysystemd.timer+ oneshotsystemd.servicedocker-prunerunning a surgical, triple-gated prune. Imported innix/hosts/cc-ci/configuration.nix.- Teardown (
runner/harness/lifecycle.py::teardown_app) UNCHANGED — already removes only services/volumes/secrets/.env, never images (PC1 teardown requirement already held).
(Verification context — WHAT/HOW/EXPECTED/WHERE — will be filled in here at gate-claim time.)