Files

autonomic-bot c21cce51b9 chore: bootstrap cc-ci loop state

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-26 21:07:31 +01:00

DECISIONS — cc-ci Builder

Architecture decisions and dead-ends. One line of rationale each. (§0, §8)

Settled

Wildcard TLS: operator pre-issues wildcard cert at /var/lib/ci-certs/live/; Traefik file provider serves it; no ACME for commoninternet.net. (Plan §4.0/§8 — fixed.)
Repo: git.autonomic.zone/recipe-maintainers/cc-ci, private. Bot is org admin. (Bootstrap.)
Git credentials: helper script in repo-local git config sources /srv/cc-ci/.testenv at call time — no secret values stored in .git/config or commits.

Deploy mechanism: TBD in M0. Leaning nixos-rebuild switch --flake run on cc-ci itself (repo cloned on host) rather than --target-host/deploy-rs from the sandbox, to avoid copying large Nix closures over the userspace-tailscaled SOCKS proxy. Atomic-rollback is preserved by Nix generations. Will record final choice + rationale when M0 lands.
Webhook scope: default per-repo via enroll script.
Drone runner type: default exec (must drive host abra).
Secret tool: default sops-nix.
D10 recipe set: lock six early. Candidates favouring already-mirrored: custom-html (simple), cryptpad (stateful no-DB), keycloak (SSO/DB), matrix-synapse (DB+media), lasuite-docs (multi+S3), bluesky-pds (TLS-passthrough) — covers all five categories. Confirm during M4–M6.5.

Disk: cc-ci has only ~3.8 GiB free on an 8.9 GiB root. Multiple recipe images + volumes may exhaust it during M6.5 breadth. Mitigation: aggressive teardown + image prune; if insufficient, request operator grow the VM disk (Incus, recreatable per the incus skill). Not yet blocking.