depot/cluster/services/hercules-ci-multi-agent/default.nix

{ config, lib, ... }:

{
  services.hercules-ci-multi-agent = {
    nodes = {
      private-void = [ "VEGAS" "prophet" ];
      nixpak = [ "VEGAS" "prophet" ];
      max = [ "VEGAS" "prophet" ];
      hyprspace = [ "VEGAS" "prophet" ];
    };
    nixos = {
      private-void = [
        ./common.nix
        {
          services.hercules-ci-agents.private-void.settings = {
            secretsJsonPath = config.services.hercules-ci-multi-agent.secrets.effectsSecrets.path;
          };
        }
      ];
      nixpak = [
        ./common.nix
      ];
      max = [
        ./common.nix
      ];
      hyprspace = [
        ./common.nix
      ];
    };
    secrets = let
      inherit (config.services.hercules-ci-multi-agent) nodes;
      allNodes = lib.unique (lib.concatLists (lib.attrValues nodes));
    in {
      cacheConfig = {
        nodes = allNodes;
        mode = "0440";
        group = "hercules-ci-agent";
      };
      cacheCredentials = {
        nodes = allNodes;
        shared = false;
        mode = "0440";
        group = "hercules-ci-agent";
      };
      effectsSecrets = {
        nodes = nodes.private-void;
        owner = "hci-private-void";
      };
    } // lib.mapAttrs' (org: nodes: {
      name = "clusterJoinToken-${org}";
      value = {
        inherit nodes;
        shared = false;
        owner = "hci-${org}";
      };
    }) nodes;
  };
  garage = let
    hciAgentKeys = lib.pipe config.services.hercules-ci-multi-agent.nodes [
      (lib.collect lib.isList)
      lib.flatten
      lib.unique
      (map (x: "hci-agent-${x}"))
    ];
  in {
    keys = lib.genAttrs hciAgentKeys (lib.const {});
    buckets.nix-store = {
      allow = lib.genAttrs hciAgentKeys (lib.const [ "read" "write" ]);
      web.enable = true;
    };
  };
}
cluster/services/hercules-ci-multi-agent: refactor, use cluster secrets 2024-07-08 19:24:10 +03:00			`{ config, lib, ... }:`
cluster/services/hercules-ci-multi-agent: init obsoletes modules/hercules-ci-agent Hercules CI orgs: - private-void - nixpak 2022-11-23 17:24:04 +02:00
			`{`
			`services.hercules-ci-multi-agent = {`
			`nodes = {`
			`private-void = [ "VEGAS" "prophet" ];`
cluster/services/hercules-ci-multi-agent: add some more agents - nixpak: prophet - max: VEGAS, prophet 2022-11-23 18:05:40 +02:00			`nixpak = [ "VEGAS" "prophet" ];`
			`max = [ "VEGAS" "prophet" ];`
cluster/services/hercules-ci-multi-agent: add hyprspace org 2024-05-24 23:51:57 +03:00			`hyprspace = [ "VEGAS" "prophet" ];`
cluster/services/hercules-ci-multi-agent: init obsoletes modules/hercules-ci-agent Hercules CI orgs: - private-void - nixpak 2022-11-23 17:24:04 +02:00			`};`
			`nixos = {`
			`private-void = [`
			`./common.nix`
cluster/services/hercules-ci-multi-agent: refactor, use cluster secrets 2024-07-08 19:24:10 +03:00			`{`
			`services.hercules-ci-agents.private-void.settings = {`
			`secretsJsonPath = config.services.hercules-ci-multi-agent.secrets.effectsSecrets.path;`
			`};`
			`}`
cluster/services/hercules-ci-multi-agent: init obsoletes modules/hercules-ci-agent Hercules CI orgs: - private-void - nixpak 2022-11-23 17:24:04 +02:00			`];`
			`nixpak = [`
			`./common.nix`
			`];`
cluster/services/hercules-ci-multi-agent: add some more agents - nixpak: prophet - max: VEGAS, prophet 2022-11-23 18:05:40 +02:00			`max = [`
			`./common.nix`
			`];`
cluster/services/hercules-ci-multi-agent: add hyprspace org 2024-05-24 23:51:57 +03:00			`hyprspace = [`
			`./common.nix`
			`];`
cluster/services/hercules-ci-multi-agent: init obsoletes modules/hercules-ci-agent Hercules CI orgs: - private-void - nixpak 2022-11-23 17:24:04 +02:00			`};`
cluster/services/hercules-ci-multi-agent: refactor, use cluster secrets 2024-07-08 19:24:10 +03:00			`secrets = let`
			`inherit (config.services.hercules-ci-multi-agent) nodes;`
			`allNodes = lib.unique (lib.concatLists (lib.attrValues nodes));`
			`in {`
			`cacheConfig = {`
			`nodes = allNodes;`
			`mode = "0440";`
			`group = "hercules-ci-agent";`
			`};`
			`cacheCredentials = {`
			`nodes = allNodes;`
			`shared = false;`
			`mode = "0440";`
			`group = "hercules-ci-agent";`
			`};`
			`effectsSecrets = {`
			`nodes = nodes.private-void;`
			`owner = "hci-private-void";`
			`};`
			`} // lib.mapAttrs' (org: nodes: {`
			`name = "clusterJoinToken-${org}";`
			`value = {`
			`inherit nodes;`
			`shared = false;`
			`owner = "hci-${org}";`
			`};`
			`}) nodes;`
cluster/services/hercules-ci-multi-agent: init obsoletes modules/hercules-ci-agent Hercules CI orgs: - private-void - nixpak 2022-11-23 17:24:04 +02:00			`};`
cluster/services/hercules-ci-multi-agent: use garage 2024-04-19 19:00:58 +03:00			`garage = let`
			`hciAgentKeys = lib.pipe config.services.hercules-ci-multi-agent.nodes [`
			`(lib.collect lib.isList)`
			`lib.flatten`
			`lib.unique`
			`(map (x: "hci-agent-${x}"))`
			`];`
			`in {`
			`keys = lib.genAttrs hciAgentKeys (lib.const {});`
cluster/services/hercules-ci-multi-agent: enable bucket website access for nix-store 2024-07-04 23:07:09 +03:00			`buckets.nix-store = {`
			`allow = lib.genAttrs hciAgentKeys (lib.const [ "read" "write" ]);`
			`web.enable = true;`
			`};`
cluster/services/hercules-ci-multi-agent: use garage 2024-04-19 19:00:58 +03:00			`};`
cluster/services/hercules-ci-multi-agent: init obsoletes modules/hercules-ci-agent Hercules CI orgs: - private-void - nixpak 2022-11-23 17:24:04 +02:00			`}`