ci-infrastructure.cspec
1 # CI Infrastructure - Digital Ocean Setup 2 # phase: 1 3 # human_doc: devops/human/ALPHA-DELTA_CI_Setup_Guide_v2.md 4 # updated: 2026-01-22 5 # status: OPERATIONAL 6 7 # === ARCHITECTURE === 8 model: two_server 9 vpc: alpha-delta-vpc 10 ip_range: 10.106.0.0/20 11 region: lon1 12 13 # === DEPLOYED SERVERS === 14 servers: 15 forgejo_primary: 16 hostname: source.ac-dc.network 17 role: git_hosting, web_ui, actions_coordination 18 size: s-2vcpu-2gb 19 specs: 2vCPU, 2GB_RAM, 50GB_SSD 20 cost: ~$12/month 21 image: ubuntu-24.04-x64 22 vpc_ip: 10.106.0.2 23 status: OPERATIONAL 24 software: 25 forgejo: 13.0.3 26 caddy: 2.10.2 27 ssl: auto_letsencrypt 28 29 ci_runner: 30 hostname: ci.ac-dc.network 31 role: build, test, compilation 32 size: c-32-64gib 33 specs: 32vCPU, 64GB_RAM, 400GB_SSD 34 cost: ~$336/month 35 image: ubuntu-24.04-x64 36 status: OPERATIONAL 37 memory_config: 38 swap: 32GB # Prevents OOM killer during parallel compilation 39 swap_file: /swapfile 40 swappiness: 10 # Prefer RAM, use swap only under pressure 41 oom_protection: 42 - systemd_user: oom_score_adj=-1000 # Protect user sessions 43 - tmux_sessions: oom_score_adj=-800 # Protect development sessions 44 cpu_features: 45 architecture: x86_64 46 avx512: true # Has AVX-512 instructions 47 note: | 48 CI runner has AVX-512 CPU features. For release builds targeting 49 general servers (which may only have AVX2), use portable builds: 50 RUSTFLAGS="-C target-cpu=x86-64-v2" cargo build --release 51 See release-procedures.cspec for full documentation. 52 optimizations: 53 parallel_jobs: 8 54 cargo_build_jobs: 28 55 sccache: 56 status: ENABLED # Re-enabled 2026-01-23 57 version: 0.8.2 58 cache_dir: /opt/ci/sccache 59 cache_size: 40GB 60 speedup: 50-80%_on_subsequent_builds 61 configuration: 62 RUSTC_WRAPPER: sccache 63 SCCACHE_DIR: /opt/ci/sccache 64 SCCACHE_CACHE_SIZE: 40G 65 stats_display: enabled_in_ci_logs 66 note: | 67 First run populates cache (no speedup). 68 Subsequent runs see 50-80% faster compilation. 69 CI displays before/after stats for cache effectiveness tracking. 70 nextest: 71 status: ENABLED # Optimized 2026-01-23 72 version: 0.9.122 73 parallel_jobs: 32 # Full CPU utilization 74 failure_output: immediate # Faster feedback 75 speedup: 30-50%_faster_than_sequential 76 note: Explicitly configured for maximum parallelism on 32-core runner 77 tmpfs: 16GB 78 multi_workspace: alpha+delta_simultaneously 79 services: 80 forgejo_runner: 81 status: active 82 purpose: ci_job_execution 83 disk_cleanup_watch: 84 status: active 85 installed: 2026-01-22 86 purpose: auto_cleanup_at_85%_disk 87 script: /home/devops/scripts/disk-cleanup-watch.sh 88 log: /var/log/disk-cleanup-watch.log 89 90 # === STORAGE === 91 volumes: 92 ci_runner_storage: 93 device: /dev/sda 94 size: 500GB 95 mount: /opt/ci 96 fs: ext4 97 options: defaults,noatime 98 contents: 99 - /opt/ci/workspaces (build_dirs) 100 - /opt/ci/cache (runner_cache) 101 - /opt/ci/sccache (40GB_compilation_cache, enabled_2026-01-23) 102 - /opt/ci/artifacts (build_outputs) 103 - /opt/ci/ramdisk (16GB_tmpfs) 104 105 # === NETWORKING === 106 dns: 107 source.ac-dc.network: forgejo_primary 108 ci.ac-dc.network: ci_runner (internal_only) 109 110 firewall: 111 name: alpha-delta-fw 112 inbound: 113 - protocol:tcp, port:2584, address:<admin-ip>/32 114 - protocol:tcp, port:80, address:0.0.0.0/0 115 - protocol:tcp, port:443, address:0.0.0.0/0 116 - protocol:tcp, port:3000, address:10.106.0.0/20 (VPC_only) 117 outbound: 118 - protocol:tcp, ports:all, address:0.0.0.0/0 119 - protocol:udp, ports:all, address:0.0.0.0/0 120 - protocol:icmp, address:0.0.0.0/0 121 122 # === SSH ACCESS === 123 ssh: 124 port: 2584 125 user: devops 126 forgejo: ssh devops@source.ac-dc.network 127 runner: ssh devops@ci.ac-dc.network 128 129 # === DESIGN RATIONALE === 130 rationale: 131 security_isolation: runner_no_public_exposure, vpc_only 132 resource_dedication: forgejo_lightweight, runner_gets_budget 133 failure_isolation: runner_crash_doesnt_affect_git 134 cost_efficiency: minimal_forgejo, concentrated_build_power