depot/cluster/services/hercules-ci-multi-agent/common.nix

52 lines
1.3 KiB
Nix
Raw Normal View History

2023-03-07 02:26:07 +02:00
{ config, depot, lib, pkgs, ... }:
let
mapAgents = lib.flip lib.mapAttrs config.services.hercules-ci-agents;
mergeMap = f: let
outputs = mapAgents f;
in lib.pipe outputs [
(lib.mapAttrs (basename: basevalue:
lib.mapAttrs' (n: v:
lib.nameValuePair "${n}-${basename}" v
) basevalue
))
lib.attrValues
(lib.foldl' (a: b: a // b) {})
];
in
{
imports = [
./modules/multi-agent-refactored
];
age.secrets = mergeMap (name: _: {
hci-token = {
file = ./secrets + "/hci-token-${name}-${config.networking.hostName}.age";
owner = "hci-${name}";
group = "hci-${name}";
};
hci-cache-credentials = {
file = ./secrets + "/hci-cache-credentials-${config.networking.hostName}.age";
owner = "hci-${name}";
group = "hci-${name}";
};
hci-cache-config = {
file = ./secrets/hci-cache-config.age;
owner = "hci-${name}";
group = "hci-${name}";
};
});
systemd.services = mergeMap (name: _: {
hercules-ci-agent = {
# hercules-ci-agent-restarter should take care of this
restartIfChanged = false;
environment = {
AWS_SHARED_CREDENTIALS_FILE = config.age.secrets."hci-cache-credentials-${name}".path;
AWS_EC2_METADATA_DISABLED = "true";
};
serviceConfig.Slice = "builder.slice";
};
});
}