every-channel/every.channel
1
0
Fork 0
Code Releases Activity Actions 2

nix: add runner images outputs

Browse source
This commit is contained in:
every.channel 2026-02-17 02:00:26 -08:00
parent 2e5fb0880f
commit 7719b0b763
No known key found for this signature in database
5 changed files with 232 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

45
evolution/proposals/ECP-0065-nixos-runner-images.md Normal file
View file

@ -0,0 +1,45 @@
# ECP-0065: NixOS Runner Images + Netboot Artifacts
Status: Draft
## Decision
Publish a first-party, reproducible NixOS "runner" system definition from this repo, and expose build outputs suitable for:
- local-disk installs (pave/reinstall),
- netboot (iPXE/PXE) bootstrap, and
- byte-identical runner OS images produced in CI.
The runner system:
- is defined in-repo as a `nixosConfiguration` in `flake.nix`,
- exports the repo source tree inside the OS at a stable path (read-only) so the node can self-build and verify from the same flake,
- uses `ec-node` as the primary long-running publisher binary, with orchestration via NixOS + systemd.
Initial implementation targets `aarch64-linux` builds first (local builds via OrbStack). `x86_64-linux` is defined in the flake but may not be built until an x86 builder is available.
## Motivation
- "Bootstrap path == update path": the same flake definition and CI-built artifacts should be usable to (re)install and to update.
- Fleet operability: remove per-node hand configuration; treat nodes as cattle.
- Verifiability: runners can rebuild and compare their OS closure against the CI artifacts using the embedded flake source.
## Scope
In scope:
- `nixosConfigurations.ec-runner-{aarch64,x86_64}` in `flake.nix`.
- `nixosConfigurations.ec-runner-*-netboot` and `nixosConfigurations.ec-runner-*-iso` for image artifacts.
- Minimal runner NixOS module for baseline host settings and stable in-OS flake source path.
- Docs/scripts for building netboot outputs locally in OrbStack.
Out of scope (defer):
- CI publishing pipeline (binary cache, attestation, release upload).
- Remote runtime provisioning (fetching per-node channel lists).
- Hardware-accelerated transcode changes (keep current CPU x264 baseline).
## Rollout / Reversibility
- Rollout begins with local builds and a single test machine.
- Reversible by removing the `nixosConfigurations` and runner module; existing nodes can continue to run via manual `tmux` or ad-hoc installs.