autonomic-bot
16d177e73a
Removes virtualisation.docker.autoPrune (daily `docker system prune --all` evicted in-use base images → cold re-pull → Hub rate-limit churn, JOURNAL-2). Adds modules/docker-prune.nix: daily timer + oneshot that prunes only dangling+until=24h, gated on disk pressure (>=80%) AND no run-app live AND no swarm service converging; never --all, never --volumes. Teardown unchanged (never removes images). Registry pull-through cache dropped per operator scope correction. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
23 lines
1.3 KiB
Markdown
23 lines
1.3 KiB
Markdown
# STATUS — Phase 2pc (sane image-prune policy)
|
|
|
|
**SSOT:** `/srv/cc-ci/cc-ci-plan/plan-phase2pc-image-cache.md`
|
|
**Scope (operator correction 2026-05-29):** PC1 conservative prune + PC2/PC3 confirm-and-verify
|
|
local-store retention/auth. **Registry pull-through cache DROPPED** (deferred to IDEAS / Phase 2b).
|
|
|
|
## Phase: PC1 implemented, deploy+verify in flight (NOT yet claimed)
|
|
|
|
In flight: build the new prune module onto cc-ci via `nixos-rebuild switch`, then run the
|
|
deploy→teardown→redeploy layer-reuse proof. Gate will be CLAIMED once verified on the real host.
|
|
|
|
## What changed (the diff)
|
|
|
|
- `nix/modules/swarm.nix` — removed `virtualisation.docker.autoPrune` (it ran
|
|
`docker system prune --force --all --filter until=24h` daily; `--all` evicts every image not used
|
|
by a *running* container → wiped cached recipe base images → cold re-pull → Hub rate-limit churn).
|
|
- `nix/modules/docker-prune.nix` (NEW) — daily `systemd.timer` + oneshot `systemd.service`
|
|
`docker-prune` running a surgical, triple-gated prune. Imported in `nix/hosts/cc-ci/configuration.nix`.
|
|
- Teardown (`runner/harness/lifecycle.py::teardown_app`) UNCHANGED — already removes only
|
|
services/volumes/secrets/.env, never images (PC1 teardown requirement already held).
|
|
|
|
(Verification context — WHAT/HOW/EXPECTED/WHERE — will be filled in here at gate-claim time.)
|