recipe-maintainers/cc-ci
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8e2357e5bf08c553ee1b60088d8b9329e7132e0c
cc-ci/STATUS-1c.md
autonomic-bot 8e2357e5bf
All checks were successful
continuous-integration/drone/push Build is passing
Details
1c: bootstrap Phase 1c loop state (STATUS/BACKLOG/JOURNAL-1c) + decisions (submodule linkage, recovery-key bootstrap) 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-27 16:06:26 +01:00

42 lines
2.5 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# STATUS — Phase 1c (full git reproducibility + genuine D8 live rebuild)
**Phase plan (SSOT):** `/srv/cc-ci/cc-ci-plan/plan-phase1c-full-reproducibility.md`
**Loop state for THIS phase:** STATUS-1c / BACKLOG-1c / REVIEW-1c / JOURNAL-1c (DECISIONS.md shared).
The repo's STATUS.md / BACKLOG.md / REVIEW.md are Phase-1 HISTORY — not this phase's state.
## Phase
**1c kickoff** — Phase 1 is DONE & Adversary-signed-off (1c10fa5; all D1D10 PASS, no VETO).
Now: make the VM fully reproducible from git (secrets+cert in a private `cc-ci-secrets` repo) and
perform a genuine throwaway-VM live rebuild to close D8 honestly.
## In flight
- **W2 (next):** create private `cc-ci-secrets` repo; move all secrets + the wildcard cert into sops
there; wire the base flake to consume it. (W1 resize deferred until just before W3 — its only
purpose is RAM headroom for the throwaway VM, and it briefly stops the live server.)
## Definition of Done (C1C7 — see phase plan §3)
- [ ] C1 — Secrets-repo split (private `cc-ci-secrets`, base stays one parameterized repo, byte-identical build)
- [ ] C2 — Cert in git (wildcard cert+key as sops secrets, decrypted at activation; no operator cert-drop step)
- [ ] C3 — All secrets in git, one exception = bootstrap age key (documented)
- [ ] C4 — Genuine throwaway-VM live rebuild (Incus terraform-ci, only age key provisioned)
- [ ] C5 — Honest D8 (static byte-identical + live rebuild; "infeasible by design" removed)
- [ ] C6 — Resource fit + cleanup (cc-nix-test 6→4 GB, throwaway 4 GB, destroyed after; final sizing decided)
- [ ] C7 — Docs (install.md/secrets.md/architecture.md + main plan refs updated to new model)
## Gate
None claimed yet. (Milestone gates W2/W4/W5 will be CLAIMED here per §6.1.)
## Blocked
(none)
## Notes
- Current secret layout: `secrets/secrets.yaml` (6 infra secrets), recipients = host age key
(ssh-to-age of cc-ci's ed25519 host key) + off-box master recovery key
(`/srv/cc-ci/.sops/master-age.txt`, sandbox-only). `.sops.yaml` at repo root.
- Wildcard cert currently out-of-band at `/var/lib/ci-certs/live/{fullchain.pem,privkey.pem}`
(operator-provided, LE, next renewal ~2026-08-24); proxy.nix reads it from there. 1c moves it
into sops-in-git, decrypted back to that path at activation.
- Sandbox host has NO sops/nix/age — sops ops run on cc-ci (has nix + host age key) or via the master
key with a sops binary fetched on cc-ci.
- cc-nix-test == the live cc-ci server (100.90.116.4); resizing it (W1) briefly stops it.
Reference in New Issue View Git Blame Copy Permalink